[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: Can FreeRADIUS send non-standard VSAs?
From:       Ian Pilcher <arequipeno () gmail ! com>
Date:       2019-04-26 23:52:21
Message-ID: ddf17418-23e0-c08a-5122-3ce5ed596eb7 () gmail ! com
[Download RAW message or body]

On 4/26/19 4:23 PM, Alan DeKok wrote:
> But if they have ignored the RFC suggestions, it's stupid.  That 
> makes it harder for everyone to use their product.

So I heard back from Dell:

> The ID the Cx is referencing [in windows NPS this would be the
> 'Vendor-Assigned attribute number' under 'Configure VSA (RFC
> Compliant)'] is not listed in the documentation because it genuinely
> does not matter what number is used, I've tried random #s from 0 to
> 5000 [in capture packets show  "VSA: l=19 t=Unknown-Attribute(255):
> 7368656c6c3a707269762d6c766c3d3135" where the t=string(#), that # is
> the OID/Vendor-Assigned attribute number. Any value configured
> greater than 255 just shows as 255. It really doesn't matter what
> number you pick.] and any will work so long as the string is present
> and the line configuration on the switch includes both authENTICATION
> and authorization

(My root problem was that I had configured the switch for RADIUS
authentication, but not RADIUS authorization.  Sigh.)

I have pointed out to them that they might want to document this wee
factoid, since every RADIUS server under the sun is going to want *some*
value entered for the vendor type, whether it matters or not.

So their VSAs are at least properly formatted ...

-- 
========================================================================
Ian Pilcher                                         arequipeno@gmail.com
-------- "I grew up before Mark Zuckerberg invented friendship" --------
========================================================================
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]