[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: -01 version of Chargeable User Identity

To: "'Adrangi, Farid'" <farid.adrangi@intel.com>, "'Bernard Aboba'" <aboba@internaut.com>
Subject: RE: -01 version of Chargeable User Identity
From: "Glen Zorn \(gwz\)" <gwz@cisco.com>
Date: Tue, 19 Oct 2004 17:46:49 -0700
Cc: "'Barney Wolff'" <barney@databus.com>, <radiusext@ops.ietf.org>
In-reply-to: <F3DAEAD1F408F44FA1AF0BFAC11FEF9501B04355@orsmsx408>
Reply-to: <gwz@cisco.com>

owner-radiusext@ops.ietf.org <mailto:owner-radiusext@ops.ietf.org>
writes:

>> A bigger question is the expected behavior by NAS and RADIUS
server.
>> 
>> What is the purpose of the "null CUI" attribute in the
>> Access-Request?  Is this to inform the RADIUS server that the NAS
>> supports CUI, in case the RADIUS server supports it and wants to
use
>> it? 
> 
> Yes, this is the reason, at least IMO.  If so, I propose the
following
> text:
> 
> "
> The NAS SHOULD include the CUI attribute with a nul value in the
> Access-Request message to advertise its support for this attribute
to
> the RADIUS server.  In cases where the CUI is required for the
proper
> billing and the home RADIUS server cannot determine the NAS
support
> for the CUI attribute, the home RADIUS server MAY reject the
request
> by sending an Access-Reject message containing a Reply-Message(18)
> attribute indicating the failure text: "CUI is missing". "   

Given that the Reply-message attribute is meant to be displayed to
the user, don't you think that "CUI is missing" is a little cryptic?
Not to mention that, even if the user is one of us (and thus might
recognize it), what is (s)he to do about the problem?

> 
> Your comment?
> 
>> Or is it a
>> statement from
>> the NAS that "the RADIUS server MUST support CUI or I won't
provide
>> service." 
>> 
>> The latter is more problematic, because the RADIUS server could
send
>> an Access-Accept with no CUI attribute, and then wonder why the
NAS
>> never sent an Accounting packet indicating that service started.
Or
>> is the intent for a non-supporting RADIUS server to send an
>> Access-Reject?  If so, then we need to verify that existing
RADIUS
>> servers that don't support CUI actually behave this way.

Hope this helps,

~gwz

Why is it that most of the world's problems can't be solved by
simply
listening to John Coltrane? 
  -- Henry Gabriel


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

References:
- RE: -01 version of Chargeable User Identity
  - From: "Adrangi, Farid" <farid.adrangi@intel.com>

Prev by Date: RE: -01 version of Chargeable User Identity
Next by Date: Re: -01 version of Chargeable User Identity
Previous by thread: RE: -01 version of Chargeable User Identity
Next by thread: RE: -01 version of Chargeable User Identity
Index(es):
- Date
- Thread