[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-gnu-radius] Proxy doesn't always forward VSAs on access-accept
|
From: |
Sergey Poznyakoff |
|
Subject: |
Re: [Bug-gnu-radius] Proxy doesn't always forward VSAs on access-accept |
|
Date: |
Thu, 26 Aug 2004 10:59:28 +0300 |
Duane Pauls <address@hidden> wrote:
> I've found that when the proxy doesn't contain the user information in its
> own users file, the VSA is dropped.
Proxy radius server sends back to the NAS only a subset of the
A/V pairs it receives from the remote server. This regards any
attributes, not only VSAs. The reason for this behavior is that
some of the attributes sent by the remote radius may be (and usually
are) irrelevant to the NAS if a proxy lies in between them (an
example of such an attribute is Framed-IP-Address). The exact subset
of the attributes to be propagated through the proxy server is
configurable by the server administrator. The process
is described in detail in the documentation. Please, refer to
the following chapters:
1. Detailed description of Proxy mode:
http://www.gnu.org/software/radius/manual/html_node/radius_12.html#SEC15
2. Description of which attributes are propagated through the proxy chain:
http://www.gnu.org/software/radius/manual/html_node/radius_13.html#SEC16
3. Description of the attribute properties. Pay attention
to 'propagation property':
http://www.gnu.org/software/radius/manual/html_node/radius_5.html#SEC8
Regards,
Sergey