[RADIATOR] AuthRADSEC and radsecproxy are incompatible!
Karl Gaissmaier
karl.gaissmaier at uni-ulm.de
Sun Jul 14 16:18:19 CDT 2013
Hi radiator team,
I looked over the radsecproxy sources and sorry to say it:
*Currently the radsecproxy and AuthRADSEC are incompatible!*
Whenever radsecproxy *generates* a reply message (Access-Reject or
Access-Accept on Satus-Server) it never copies the Proxy-State
Attribute from the request packet to the reply packet.
The only shortcoming solution as far as I see is, we need a
'UseExtendedIds' in Radiator not only for AuthRADIUS but also for
AuthRADSEC with a warning, never to use it when proxying to a
radsecproxy.
Sorry for the bad news.
Maybe someone can trigger the authors of radsecproxy too, to start
implementing Proxy-State RFC 2865 conform when *generating* responses.
Seems it makes everthing right on proxying but not on generating
packets.
Best Regards
Charly
--
Karl Gaissmaier
Universität Ulm / Germany
More information about the radiator
mailing list