'RE: Radclient receives response messages from different source port than destination port of request'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    RE: Radclient receives response messages from different source port than destination port of request
From:       <rosario.mattera () accenture ! com>
Date:       2013-05-30 12:54:10
Message-ID: 8106E5671B820B40BE04BC8A5483F8ECE5F975 () 048-CH1MPN1-132 ! 048d ! mgd ! msft ! net
[Download RAW message or body]

Thanks for your answer, Arran.

Regards,
Rosario

-----Original Message-----
From: freeradius-users-bounces+rosario.mattera=accenture.com@lists.freeradius.org \
[mailto:freeradius-users-bounces+rosario.mattera=accenture.com@lists.freeradius.org] \
                On Behalf Of Arran Cudbard-Bell
Sent: giovedė 30 maggio 2013 14:27
To: FreeRadius users mailing list
Subject: Re: Radclient receives response messages from different source port than \
destination port of request messages


On 30 May 2013, at 05:23, rosario.mattera@accenture.com wrote:

> Hi Alan,
> 
> I would like to specify that I'm using radclient as a RADIUS proxy.

Um. Why?

> I reach the RADIUS server through a load balancer. The server uses ports other than \
> 1812 and 1813 in its responses because the matching between requests and responses \
> is done through the Proxy-State attribute. This behavior is implemented in a very \
> famous European Telco operator.

This behaviour is wrong and not standards compliant. No where in RFC 2865 or any more \
recent RADIUS RFCs does it describe a method of tying requests and responses using \
Proxy-State.

> In radclient is not implemented any mechanism to support this behavior?

No.

> Can you confirm that the current implementation of radclient, realizes the matching \
> between requests and responses using also the source port of the responses?

Yes.

Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


This message is for the designated recipient only and may contain privileged, \
proprietary, or otherwise confidential information. If you have received it in error, \
please notify the sender immediately and delete the original. Any other use of the \
e-mail by you is prohibited.

Where allowed by local law, electronic communications with Accenture and its \
affiliates, including e-mail and instant messaging (including content), may be \
scanned by our systems for the purposes of information security and assessment of \
internal compliance with Accenture policy.

______________________________________________________________________________________


www.accenture.com

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic