[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: Can FreeRADIUS send non-standard VSAs?
From: Ian Pilcher <arequipeno () gmail ! com>
Date: 2019-04-26 23:52:21
Message-ID: ddf17418-23e0-c08a-5122-3ce5ed596eb7 () gmail ! com
[Download RAW message or body]
On 4/26/19 4:23 PM, Alan DeKok wrote:
> But if they have ignored the RFC suggestions, it's stupid. That
> makes it harder for everyone to use their product.
So I heard back from Dell:
> The ID the Cx is referencing [in windows NPS this would be the
> 'Vendor-Assigned attribute number' under 'Configure VSA (RFC
> Compliant)'] is not listed in the documentation because it genuinely
> does not matter what number is used, I've tried random #s from 0 to
> 5000 [in capture packets show "VSA: l=19 t=Unknown-Attribute(255):
> 7368656c6c3a707269762d6c766c3d3135" where the t=string(#), that # is
> the OID/Vendor-Assigned attribute number. Any value configured
> greater than 255 just shows as 255. It really doesn't matter what
> number you pick.] and any will work so long as the string is present
> and the line configuration on the switch includes both authENTICATION
> and authorization
(My root problem was that I had configured the switch for RADIUS
authentication, but not RADIUS authorization. Sigh.)
I have pointed out to them that they might want to document this wee
factoid, since every RADIUS server under the sun is going to want *some*
value entered for the vendor type, whether it matters or not.
So their VSAs are at least properly formatted ...
--
========================================================================
Ian Pilcher arequipeno@gmail.com
-------- "I grew up before Mark Zuckerberg invented friendship" --------
========================================================================
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic