(RADIATOR) Proxy Authentication and Attribute 33

Sam Nilsson sam at enabledsites.com
Fri Mar 22 16:02:19 CST 2002 

Hi Mike -

We've dealt with the same network and the same error messages.
I never got a response on whether we fixed it or not, but basically
you are sending back duplicate Proxy-State. This happens when going
through a proxy.

The proxy-state should be the same as recieved when sent back. In the
radiator
docs they mention this attribute as an example of how/why to use the
StripFromRequest
directive.

ie. StripFromRequest Proxy-State

Check out StripFromRequest in the radiator manual.

- Sam

Mike Walker wrote:
 > We have recently been asked by one of our networks to change the way we
 > handle Attribute 33, and can't seem to be able to get a straight answer
 > from them about what exactly I need to do.
 >
 > The following is what I was given by them, and don't understand what
 > they are asking for.  I checked the dictionary file and 33 is in there,
 > so do I have to take it out?
 >
 > When I run Radiator in debug mode, I see lots of Attribute 33 flying by.
 >
 > ------------------------
 >
 > We're experiencing provisioning problems with regard to attribute 33.
 > The summary report information is included below.
 >
 > Here's what we're looking for:
 >
 > 		  Proxy-State [33] -- a RADIUS attribute sent by a proxy
 > server with a RADIUS request (access and/or accounting) which must be
 > returned unmodified in the RADIUS response (access accept, access reject
 > and/or accounting response).    Please resolve as soon as possible and
 > we
 > can retest.
 >
 > Attribute 33 Information:
 >
 > Auth: realm=@something.com, ip=10.0.0.1, port=1645, secret
 > DUPLICATE
 >
 > Details of what is being sent back to us...
 >
 > Auth: realm=@something.com, ip=10.0.0.1, port=1645, secret
 > Received response ID 138, code 3, length = 202
 >         Proxy-State = 0xab00ef
 >         Proxy-State = 0xab00ef
 >
 > (ip's, realms, and secrets changed to protect the guilty)
 > -------------------------------
 >
 > Any ideas?  Do they want me to yank the attribute?  I just don't get
 > what they want, and I cant get a straight answer from them - something
 > like: "we're sorry, but we are not in the business of configuring your
 > radius server, please contact your radius vendor for support."
 >
 > Thanks in advance...
 >
 >
 > -Mike Walker
 >
 > ===
 > Archive at http://www.open.com.au/archives/radiator/
 > Announcements on radiator-announce at open.com.au
 > To unsubscribe, email 'majordomo at open.com.au' with
 > 'unsubscribe radiator' in the body of the message.
 >
 >



===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list