[RADIATOR] AuthRADSEC and radsecproxy are incompatible!
Karl Gaissmaier
karl.gaissmaier at uni-ulm.de
Mon Jul 15 02:35:35 CDT 2013
Hello,
Am 15.07.2013 09:27, schrieb Stefan Winter:
> Hi,
>
>> this may be true for Status-Server but not for the Access-Rejects
>> generated by the radsecproxy. This has to be corrected by radsecproxy.
>>
>> And yes, Radiator AuthRADSEC has to fix the problem with Status-Server.
>> Both together are incompatible but often used together in eduroam.
>
> Yes, the lack of returning Proxy-State when radsecproxy crafts its own
> Rejects is definitely a problem of radsecproxy; it violates RFC2865,
> section 5.33:
>
> " This Attribute is available to be sent by a proxy server to
> another server when forwarding an Access-Request and MUST be
> returned unmodified in the Access-Accept, Access-Reject or
> Access-Challenge."
>
> I've sent a notice to the radsecproxy mailing list, notifying them of
> the problem. I'm hoping to see a next release with a proper fix.
Thanks, you got the point and saved my day!
Best Regards
Charly
--
Karl Gaissmaier
Universität Ulm / Germany
More information about the radiator
mailing list