Hello Freeradius-users, >From what I see in the mailing list archives several freeradius users have historically run into trouble with Access-Request information sent by NASes and particularly the lack of the NAS-Port attribute. I've run into it quite often recently and was wondering if I may have found a way to solve it. The workaround I currently employ is to configure acct_users to let the access request from the NAS in question through anyway but it's a workaround. If possible I'd like to find the *correct* solution.... :-)
The RFC 2865 http://www.freeradius.org/rfc/rfc2865.html#NAS-Port states that: "Either NAS-Port or NAS-Port-Type (61) or both SHOULD be present in an Access-Request <http://www.freeradius.org/rfc/rfc2865.html#Access-Request> packet, if the NAS differentiates among its ports." >From what I understand the current Freeradius code interprets the RFC statement so that if the NAS-Port attribute is not sent then the access request is not processed and subsequently denied (in rlm_radutmp.c - line 404). if (!port_seen) { However; shouldn't the statement from the RFC be intertpreted such that if *neither* the NAS-Port or the NAS-Port-Type is set then the access request should not be processed and subsequently denied? I'm thinking something along the lines of changing line 404 of rlm_radutmp.c to: if (!port_seen && !nas_port_type) { I'll apologise in advance if my all too rusty programming skills are making me misunderstand the situation entirely... Best Regards, Johannes Ramm-Ericson ----------------------------------------------------------- The information in this e-mail, and attachment(s) thereto, is strictly confidential and may be legally privileged. It is intended solely for the named recipient(s), and access to this e-mail, or any attachment(s) thereto, by anyone else is unauthorized. Violations hereof may result in legal actions. Any attachment(s) to this e-mail has been checked for viruses, but please rely on your own virus-checker and procedures. If you contact us by e-mail, we will store your name and address to facilitate communications in the matter concerned. If you do not consent to us storing your name and address for above stated purpose, please notify the sender promptly. Also, if you are not the intended recipient please inform the sender by replying to this transmission, and delete the e-mail, its attachment(s), and any copies of it without, disclosing it. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html