(RADIATOR) Re: Radiator Evaluation Request

[Joanne Davis]

Hello -

See comments below.

At 1:46 AM -0500 16/2/06, Wenbin Zhang wrote:
>Joanne,
>
>Thanks for the explaination.
>
>>>
>>>>  >selection: 1. RFC 3576 - Dynamic Authorization Extensions to RADIUS
>>>>  >I want to test Disconnect-Request message and Disconnect-Response message
>>>>
>>>>  Supported - providing your NAS equipment supports this feature. You
>>>>  would use the radpwtst utility to generate the disconnect request
>>>>  packets.
>>>>
>>>Q1: regarding Disconnect-Request
>>>
>>>>From RFC 3576
>>>
>>>(http://www.rfcsearch.org/rfcview/RFC/3576.html?query=radius),
>>>
>>>    +----------+   Disconnect-Request     +----------+
>>>    |          |   <--------------------  |          |
>>>    |    NAS   |                          |  RADIUS  |
>>>    |          |   Disconnect-Response    |  Server  |
>>>    |          |   ---------------------> |          |
>>>    +----------+                          +----------+
>>>
>>>My understanding is that the Disconnect-Request message should be sent
>>>out from Radius server to NAS. In other normal case, such as
>>>Access-Request, the message is initiated from NAS.
>>>However, you are using the same utility(radpwtst, I guess it is a NAS
>>>simulator) to generate all the messages, including Access-Request and
>>>Disconnect-Request. Why? I read
>>>http://www.open.com.au/radiator/faq.html#97
>>>carefully, but still cannot understand the reason.
>>
>>
>>Radius is a client - server protocol in which radius clients send 
>>requests to radius servers. There is no mechanism for a server to 
>>send a request to a client. The NAS must implement a limited radius 
>>server for the purposes of processing a Disconnect-Request,
>
>That's right.
>
>which is generated and sent by a radius client such as radpwtst.
>
>My understanding is the Disconnect-Request should be generated and 
>sent by server('radiator' program), correct?

No - the Disconnect-Request must be generated by a Radius Client such 
as radpwtst. The Radiator server  (or any Radius server) has no 
mechanism to generate a Disconnect-Request.

The RFC is somewhat misleading in its description - what we describe 
is how the "real" world works.

Regards

Joanne

>>This is why we state that your NAS equipment must support the 
>>Disconnect-Request.
>
>
>Thanks again,
>Wenbin


-- 

Joanne Davis
Open System Consultants Pty Ltd
Email: joanne at open.com.au
Web: www.open.com.au

RADIATOR radius server, NETS network inventory management,
RADMIN user admininstration, RADAR, Radiator monitoring,
CATool, Certificate Authority

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.