[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Issue 196: User-Name Attribute

To: radiusext@ops.ietf.org
Subject: RE: Issue 196: User-Name Attribute
From: "Bernard Aboba" <bernard_aboba@hotmail.com>
Date: Sun, 04 Jun 2006 07:27:55 -0700
Bcc:
In-reply-to: <4C0FAAC489C8B74F96BEAD85EAEB2625021C96F0@xmb-sjc-215.amer.cisco.com>

Who cares? I'm not being facetious: if the value is unknown by the client& unused by the >server, why does it matter what the value is?

The lack of a User-Name attribute may prevent proxies from forwarding theAccess-Request. Also, some RADIUS servers will not be able to handle anAccess-Request without a User-Name attribute.

Note that this problem has been encountered before. For example, in RFC3579 there are situations in which the User-Name is not known, such as whenthe NAS does not send an EAP-Reuqest/Identity to initiate the EAP exchange(e.g. NAS could start off with an EAP-Request for a method, or could send anEAP-Start to the RADIUS server). Despite this, RFC 3579 always fills in theUser-Name attribute.

RFC 3579 Section 2.1 recommends:

"  If the NAS initially sends an EAP-Request for an
  authentication method, and the peer identity cannot be determined
  from the EAP-Response, then the User-Name attribute SHOULD be
  determined by another means.  As noted in [RFC2865] Section 5.6, it
  is recommended that Access-Requests use the value of the
  Calling-Station-Id as the value of the User-Name attribute."



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

References:
- RE: Issue 196: User-Name Attribute
  - From: "Glen Zorn \(gwz\)" <gwz@cisco.com>

Prev by Date: RE: Issue 196: User-Name Attribute
Next by Date: RE: Issue 196: User-Name Attribute
Previous by thread: RE: Issue 196: User-Name Attribute
Next by thread: RE: Issue 196: User-Name Attribute
Index(es):
- Date
- Thread