[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: -01 version of Chargeable User Identity
> FreeRADIUS ignores all attributes it doesn't understand. That is,
> it's policy is:
> - Try to authorize/authenticate the request by looking for, and using,
> known attributes in the Access-Request
> - If no known attributes are found, send Access-Reject
> - If the authentication using known attributes succeeds, send Access-Accept.
> - If not, send Access-Reject
> Any "extra" attributes in the Access-Request not used as part of the
> above process are ignored. It doesn't matter if they're
> Vendor-Specific or not, they're all treated identically.
> > The latter is more problematic, because the RADIUS server could send an
> > Access-Accept with no CUI attribute, and then wonder why the NAS never
> > sent an Accounting packet indicating that service started. Or is the
> > intent for a non-supporting RADIUS server to send an Access-Reject? If
> > so, then we need to verify that existing RADIUS servers that don't support
> > CUI actually behave this way.
> FreeRADIUS doesn't, but it can be configured to do so.
This is good to know - we're not running FreeRADIUS, but I do know a lot of
places that are; this will have some impact upon what is deployed out there.
to unsubscribe send a message to email@example.com with
the word 'unsubscribe' in a single line as the message text body.