(RADIATOR) Vendor specific attributes and sub-attributes.

Hugh Irvine hugh at open.com.au
Thu Jul 29 19:12:27 CDT 2004 

Hello Kiran -

You are quite correct in your understanding - the OSC-AVPAIR (and other 
similar vendor-specifics) is simply defined as a string. The string 
itself can contain anything at all. If the string is to contain 
multiple attribute= value pairs then it can be parsed as you describe. 
There are no "rules" or standards specified by the RFC's.

BTW - Cisco uses this construct extensively with their "cisco-avpair" 
VSA- see the Cisco web site for more information.

regards

Hugh


On 30 Jul 2004, at 02:24, Chandrashekar, Kiran wrote:

> Hello Hugh,
> Thanks for the reply. A follow-up question - Kindly help.
>
>> From your example, how will the remote side know what xxx, yyy and 
>> zzz are? By virtue of these values being Vendor-specific, can the 
>> Vendor describe the format according to his wishes? Are there any 
>> rules that govern how this data(OSC-AVPAIR = "xxx=1, yyy=2, zzz=3, 
>> .....") needs to be represented?
>
> Currently, I am stuck in trying to explain to the developer that as 
> far as the values within the string are comma separated and AV pairs, 
> he can always parse and split them as tokens based on the comma and 
> "=" parameters. I am not convinced that this is prescribed in the RFC 
> and the way to do it.
>
> The developer sticking to the RFC is demanding that values(of 
> OSC-AVPAIR) a.k.a sub-attributes should be in the TLV format. If the 
> attribute OSC-AVPAIR is a string, how can I enforce everything in the 
> string to be in the TLV format, this just doesn't seem possible. I am 
> totally confused.
>
> Thanks in advance,
>
>
>
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: Tuesday, July 27, 2004 7:26 PM
> To: Chandrashekar, Kiran
> Cc: radiator at open.com.au
> Subject: Re: (RADIATOR) Vendor specific attributes and sub-attributes.
>
>
> Hello Kiran -
>
> The usual way to do this is with an avpair.
>
> For example we have defined a number of vendor-specifics for OSC,
> including this one:
>
> VENDORATTR 9048 OSC-AVPAIR 0 string
>
> which can then contain anything you like
>
> Ie:
>
> 	AddToReply OSC-AVPAIR = "xxx=1, yyy=2, zzz=3, ....."
>
> most vendors use something similar.
>
> Note that you should not use the "standard" attribute numbers as you
> have shown below.
>
> regards
>
> Hugh
>
>
> On 28 Jul 2004, at 08:14, Chandrashekar, Kiran wrote:
>
>>
>>
>> Hello,
>>
>> I have a question regarding vendor-specific attributes - Can I define
>> ONE attribute which can contain sub-attributes?
>>
>> Currently, I have defined 7 attributes in the following order.
>>
>> ATTRIBUTE        XXX_ATTR1                28 string XXX
>>  ATTRIBUTE        XXX_ATTR2          29 string XXX
>>  ATTRIBUTE        XXX_ATTR3              30  integer XXX
>>  ATTRIBUTE        XXX_ATTR4            31 integer XXX
>>  ATTRIBUTE        XXX_ATTR5              32 integer XXX
>>  ATTRIBUTE        XXX_ATTR6                33 integer XXX
>>  ATTRIBUTE        XXX_ATTR7           34 integer XXX
>>
>> But, Can I define one VSA which will include all the above?
>>
>> How will the dictionary file look like then?
>>  What changes do I need to make to users logging into the file?
>>
>> Any help is appreciated.
>>  Thanks,
>>  Kiran Chandrashekar
>>  ThinkEngine Networks, Inc.
>>  100 Nickerson Road
>>  Marlboro, MA  01752
>>  Direct:  508-597-0461
>>
>>
>
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> -- 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list