Can FreeRADIUS send non-standard VSAs?
Alan DeKok
aland at deployingradius.com
Fri Apr 26 22:16:13 CEST 2019
On Apr 26, 2019, at 2:54 PM, Ian Pilcher <arequipeno at gmail.com> wrote:
>
> I'm beating my head against the RBAC VSAs used by a couple of Dell /
> Force 10 switches. Specifically, I am trying to figure out the binary
> format of the "Force10-avpair" VSA that is documented here:
>
> https://www.dell.com/support/manuals/us/en/04/force10-s3048-on/s3048-on-9.10.0.0-config-pub/configuring-tacacs-and-radius-vsa-attributes-for-rbac?guid=guid-db9c9836-cbcd-4b74-a917-657607ca3863&lang=en-us
>
> You'll note that the documentation makes no mention of a vendor-specific
> ID for the Force10-avpair attribute. Neither does anything else that
> Google can find, and Dell support is completely flummoxed.
Given that they're copying the Cisco-AVPair functionality, the best guess is that it's ID 1.
https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/share/dictionary.force10
> I'm starting to think that it's possible that there is no ID. Maybe
> Force 10 ignored the latter part of section 5.26 of RFC 2865 and just
> defined their VSA(s) as a simple string (without any vendor type or
> vendor length fields).
>
> Is it possible to get FreeRADIUS to send a VSA like this?
Sure.
Vendor-Specific := 0x010203040506070809 ...
Alan DeKok.
More information about the Freeradius-Users
mailing list