Hello, is that implemented in FR, be it 1.1 or 2.0? According to http://wiki.freeradius.org/RFC it shouldn't be.
From my reading of the RFC, defining it "by hand" in radreply is not considered good enough, because it has a specific logic behind it: (2.1) If a home RADIUS server that supports the CUI attribute receives an Access-Request packet containing a CUI (set to nul or otherwise), it MUST include the CUI attribute in the Access-Accept packet. Otherwise, if the Access-Request packet does not contain a CUI, the home RADIUS server SHOULD NOT include the CUI attribute in the Access-Accept packet. The Access-Request may be sent either in the initial authentication or during re-authentication. So, always sending it via radreply would ignore the SHOULD NOT. Not defining it at all though makes it difficult for the server to maintain a persistent yet anonymous handle. So something like defining it by hand but only including it if it was asked for would be needed. Is that logic present in FR? Greetings, Stefan Winter -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung & Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473
signature.asc
Description: This is a digitally signed message part.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html