[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Issue: Compatibility with RFC 2866 and RFC 3576



Issue:  Compatibility with RFC 2866 and RFC 3576
Submitter names: Bernard Aboba
Submitter email address: aboba@internaut.com
Date first submitted: January 30, 2006
Reference:
Document: IEEE 802-01
Comment type: Technical
Priority: S
Section: 1.4
Rationale/Explanation of issue:

Section 1.4 states:

  1.4 Attribute Interpretation

     Unless otherwise noted in the individual description of an
     attribute contained herein, a NAS that conforms to this
     specification and receives an Access-Accept message that contains
     an attribute from this document that it cannot apply MUST
     interpret this though an Access-Reject had been sent and MUST
     terminate the session.  If accounting is enabled on the NAS, it
     MUST generate an Accounting-Request(Stop) message upon session
     termination.

     Similarly, if a NAS conforming to this specification and also
     conforming to RFC 3576 [RFC3576] receives a CoA message that
     contains an attribute from this document that it cannot apply, it
     MUST NOT terminate the session and MUST generate a CoA-NAK packet
     with ERROR-CAUSE(101) set to "Unsupported Attribute"(401).  If
     accounting is enabled on the NAS, it MUST NOT generate an
     Accounting-Request(Stop) message in such instances.

RFC 2866 does not specify the generation of Accounting Stop messages resulting
from Access-Reject packets.  This document is therefore requiring RADIUS
accounting clients to generate accounting records in circumstances where
they would not otherwise do so.  This raises the question of why
this particular set of attributes would cause a special case modification
to RFC 2866.

Here is what RFC 3576 has to say about receipt of attributes in a CoA-Request:

  If one or more authorization changes specified in a CoA-Request
  cannot be carried out, or if one or more attributes or attribute-
  values is unsupported, a CoA-NAK MUST be sent.

On inclusion of Error-Cause attributes:

     It is possible that the NAS cannot honor Disconnect-Request or
     CoA-Request messages for some reason.  The Error-Cause Attribute
     provides more detail on the cause of the problem.  It MAY be
     included within Disconnect-ACK, Disconnect-NAK and CoA-NAK
     messages.

Since inclusion of an Error-Cause attribute is generally optional, the
second paragraph mandates behavior not required by RFC 3576.



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>