ons 2007-06-13 klockan 13:28 +0500 skrev Masood Ahmad Shah:
> Well, we finally finished with success. The problem was that there was
> a parameter Nas_Port_Type need to send from squid authenticator helper
> to radius server.
Well well.. both are optional in this context. Specs says:
An Access-Request SHOULD contain a NAS-Port or NAS-Port-Type
attribute or both unless the type of access being requested does
not involve a port or the NAS does not distinguish among its
ports.
and
NAS-Port
This Attribute indicates the physical port number of the NAS which
is authenticating the user. It is only used in Access-Request
packets. Note that this is using "port" in its sense of a
physical connection on the NAS, not in the sense of a TCP or UDP
port number. Either NAS-Port or NAS-Port-Type (61) or both SHOULD
be present in an Access-Request packet, if the NAS differentiates
among its ports.
But I understand that there might be RADIUS servers which don't grok
that there might be access servers without any concept of physical
ports.
> We finally made it; we have added Nas-Port-Type support to the
> squid_rad_auth authentication helper allowing sending Nas-Port-Type
> via the authentication request packet to radius; The Nas_Port_Type
> patch is available as an attachment.
Thanks. Applied and will be included in the next squid_radius_auth
release.
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Sun Jul 01 2007 - 12:00:04 MDT