Add VSA in pre-proxy stage
Bjørn Mork
bjorn at mork.no
Fri Sep 11 20:41:21 CEST 2020
Alan DeKok <aland at deployingradius.com> writes:
> On Sep 11, 2020, at 10:06 AM, Arnaud LAURIOU <arnaud.lauriou at renater.fr> wrote:
>>
>> Hello,
>>
>> I'm trying to add a VSA in an Access-Request before proxing it to an authentification RADIUS server.
>>
>> I use this attribute definition :
>> BEGIN-VENDOR FreeRADIUS format=Extended-Vendor-Specific-1
>> ATTRIBUTE FreeRADIUS-Eduroam-Prevent-Loop 1 integer
>> END-VENDOR FreeRADIUS
>
> Please don't use VSAs you don't control. We will likely add our own
> definitions which conflict with this one.
>
> If you do need custom VSAs, just use a custom vendor number, and
> create your own dictionary. i.e. use a vendor number like 32000.
> Which is used by someone, but 99.99% not for RADIUS. So it's mostly
> OK.
Note that a vendor number is cheap. Actually, free. As in free beer
Just fill in the form at https://pen.iana.org/pen/app
Then you can create as many RADIUS VSAs as you like without worrying
about dictionary collisions. Or at least a couple of hundred :-)
32000 belongs to Ekstrem Bir Bilgisayar, BTW.
Bjørn
More information about the Freeradius-Users
mailing list