[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: -01 version of Chargeable User Identity

To: <aland@ox.org>, <radiusext@ops.ietf.org>
Subject: RE: -01 version of Chargeable User Identity
From: <john.loughney@nokia.com>
Date: Thu, 21 Oct 2004 09:29:53 +0300

Hi Alan,

>   FreeRADIUS ignores all attributes it doesn't understand.  That is,
> it's policy is:
> 
>   - Try to authorize/authenticate the request by looking for, and using,
>     known attributes in the Access-Request
>   - If no known attributes are found, send Access-Reject
>   - If the authentication using known attributes succeeds, send Access-Accept.
>   - If not, send Access-Reject
> 
>   Any "extra" attributes in the Access-Request not used as part of the
> above process are ignored.  It doesn't matter if they're
> Vendor-Specific or not, they're all treated identically.
> 
> > The latter is more problematic, because the RADIUS server could send an
> > Access-Accept with no CUI attribute, and then wonder why the NAS never
> > sent an Accounting packet indicating that service started.  Or is the
> > intent for a non-supporting RADIUS server to send an Access-Reject?  If
> > so, then we need to verify that existing RADIUS servers that don't support
> > CUI actually behave this way.
> 
>   FreeRADIUS doesn't, but it can be configured to do so.

This is good to know - we're not running FreeRADIUS, but I do know a lot of
places that are; this will have some impact upon what is deployed out there.

John

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Prev by Date: Re: AW: -01 version of Chargeable User Identity
Next by Date: Re: AW: -01 version of Chargeable User Identity
Previous by thread: RE: -01 version of Chargeable User Identity
Next by thread: REMINDER: Posting Issues to the RADEXT Issues List
Index(es):
- Date
- Thread