On Wed 27 Jun 2007, liran tal wrote: > Hey everyone, > > I attempted at first to post this issue in openser's mailing list but have > failed > to get a reply and thus I am trying in freeradius's as I hope there are > people here with similar experience.
Hi Liran Basically the way both SER and openSER do RADIUS is broken. We are aware of the patches to FreeRADIUS and will not be applying them. We are working with the openSER people to clean up their RADIUS module. To that end we have forked radiusclient-ng and called in freeradius-client. The latest version of openSER works with freeradius-client as a drop-in replacement for radiusclient-ng (I wrote the patch to do so, and a slightly modified version was applied to openSER cvs). The currently released version of freeradius-client however is basically a slightly patched version of radiusclient-ng (it works on 64bit etc) We will be releasing a new version of freeradius-client in the next few days/weeks which has significant code cleanups and features an embedded mode which means you no longer need a separate config file for the radius client. The openSER radius module should to be updated to use this new embedded mode. openSER has also recently registered an Enterprise Number and it needs to be updated to use this number to send VSAs instead of non-RFC compliant RADIUS attributes. Once this work is done by openSER, it should work perfectly with FreeRADIUS Server (or any other RFC compliant RADIUS Server) without patches... Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html