Correct way to deal with an 'incorrect' dictionary shipped by default

Alan DeKok aland at deployingradius.com
Thu Feb 20 21:43:16 UTC 2025 

On Feb 20, 2025, at 7:51 AM, Coy Hile (BLOOMBERG/ 919 3RD A) <chile1 at bloomberg.net> wrote:
> Recently (well, in the last year and a half or so) we got bit by FreeRADIUS shipping a 'dictinary.infinera' that's incorrect.

  Hmm... OK.  It would have been helpful to raise the issue then, so we could fix it.  And you wouldn't have to maintain private patches.

> Looking at the file, we see it's for vendor ID 8708 which according to IANA is  "Lumentis AB". https://github.com/FreeRADIUS/freeradius-server/blob/master/share/dictionary/radius/dictionary.infinera

  I'm not sure how that happened.  The git logs don't show where the wrong dictionary came from.

> The actual Infinera dictionary (as given to our network team by the vendor) contains this data by contrast:

  The vendor could also shared the dictionary with us.  But that rarely happens.  I don't know why.

  In any case, I've replaced the wrong one with the one you posted here.  It will be available in the next release.

> That vendor ID according to IANA is actually "Infinera". I've managed to work-around this by putting a hack in our RADIUS dictionary installation workflow to  remove the shipped dictionary.infinera file from the shipped dictionary file, but that seems like a hack at bes. It means that someone from my team has to remember to run that workflow every time a box gets touched by patching automation since an updated FreeRADIUS RPM showing up from RedHat--or soon from your official packages--will overwrite our working copy.
> 
> Is there a better way we should handle this?

  Report bugs when you see them, and they will generally be fixed quickly.  We're happy to fix issues, but we can't fix issues if no one reports the issue.

  Vendors are encouraged to send us their updated dictionaries.  But over 25+ years of doing this, I think that's happened three times.  Most vendors are happy to put documentation up on their web site which says "use this dictionary.  And by the way, you'll have to re-install it every time you update the server."

  Contributing the dictionaries back to FreeRADIUS avoids all of that work.

  Alan DeKok.

More information about the Freeradius-Users mailing list