[RADIATOR] Attributes not Defined Vendor 24757
hvn at open.com.au
Wed Nov 15 11:37:23 UTC 2017
On 14.11.2017 14.56, Robert Blayzor wrote:
> Is the default behavior to ignore requests where attributes do not
> appear in the dictionary?
No, these requests are not ignored. They are made available with an
autogenerated name and binary value. For example, debug level logging
would show something like this:
'Unknown-24747-146 = ...' where ellipsis is the attribute value in the
format Radiator uses when showing binary values. That is, even if the
value is a simple integer, it's still shown as 4 octets.
One thing to note about unknown attributes is that they are not proxied
by default. If you set the global flag ProxyUnknownAttributes, then they
will be proxied.
> If so, can that behavior be changed not to warn?
It warns when the attribute is first seen to inform that there's a
missing attribute but it won't litter the logs with repeated warnings.
> Case in point, if we have a NAS sending NAS-Port-Type’s not defined
> in the dictionary, we just want the integer value to use in a custom
> sub? Will Radiator still process the request without passing it, and
> populate the NAS-Port-Type attribute with the non-defined dictionary
> value? (therefore containing the integer value only) ?
Yes, NAS-Port-Type will be populated with the integer. Integers are
tried to map to names, but if there's no name in the dictionary, then
plain integer is used.
For example, running radpwtst like this:
perl radpwtst -trace 4 -noacct NAS-Port-Type=98
When debug logging is enabled, the message is logged like this by
Radiator. The extra NAS-Port-Type value 98 does not have a name in the
dictionary so it's shown as an integer. For value 0, 'Async' is used.
User-Name = "mikem"
Service-Type = Framed-User
NAS-IP-Address = 18.104.22.168
NAS-Identifier = "22.214.171.124"
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password = 1<242><146>~<15>*[-<172><148><186><140><246><186>?<127>
NAS-Port-Type = 98
>> On Oct 20, 2017, at 7:32 AM, Bryce Foley <bryce at truespeed.ca>
>> WARNING: Attribute number 146 (vendor 24757) from
>> xxx.xxx.xxx.xxx:1812 is not defined in your dictionary NOTICE:
>> Request from unknown client xxx.xxx.xxx.xxx: ignored
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.
More information about the radiator