[RADIATOR] AuthRADSEC and radsecproxy are incompatible!
Stefan Winter
stefan.winter at restena.lu
Mon Jul 15 02:27:40 CDT 2013
Hi,
> this may be true for Status-Server but not for the Access-Rejects
> generated by the radsecproxy. This has to be corrected by radsecproxy.
>
> And yes, Radiator AuthRADSEC has to fix the problem with Status-Server.
> Both together are incompatible but often used together in eduroam.
Yes, the lack of returning Proxy-State when radsecproxy crafts its own
Rejects is definitely a problem of radsecproxy; it violates RFC2865,
section 5.33:
" This Attribute is available to be sent by a proxy server to
another server when forwarding an Access-Request and MUST be
returned unmodified in the Access-Accept, Access-Reject or
Access-Challenge."
I've sent a notice to the radsecproxy mailing list, notifying them of
the problem. I'm hoping to see a next release with a proper fix.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
Url : http://www.open.com.au/pipermail/radiator/attachments/20130715/ad73f954/attachment-0001.bin
More information about the radiator
mailing list