"Paolo Rotela" <[EMAIL PROTECTED]> wrote: > With this one, Access-* packets go OK, but when the NAS (Cisco AS5300) sends > an Accounting-Request to that realm and I proxy it to the home server, it > sends me an Accounting-Response with an (I think) irregular attribute: > Message-Authenticator (Ext. Attr. 80), wich I think is not permitted in the > RFC for accounting packets.
The IETF RADIUS extensions working group has a document which proposes fixes to a number of issues like this. > 1) Am I reading OK the RFC? I mean ¿Is it right that Attribute 80 is NOT > permitted in Accounting-* packets? I don't think it's specifically permitted, but it shouldn't be a problem. > 2) Each time the NAS re-sends packets, FR handles it as it were a new > packet, for a new call/connection. The RFC's say that's what the NAS is supposed to do. So for FreeRADIUS, it looks like a new connection. > 3) Is there any known bug or propietary feature from Cisco wich causes this > incompatibility thing? I've searched about it and didn't find anything. No. It's a bug in FreeRADIUS. I'll put a patch into 1.0.5 that should fix it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html