Ramm-Ericson, Johannes wrote: >>From what I understand the current Freeradius code interprets the RFC > statement so that if the NAS-Port attribute is not sent then the access > request is not processed and subsequently denied (in rlm_radutmp.c - > line 404).
No. The *radutmp* module requires the NAS port for it's proper operation. The *server* does not. The request is *not* denied if there is no NAS-Port. > However; shouldn't the statement from the RFC be intertpreted such that > if *neither* the NAS-Port or the NAS-Port-Type is set then the access > request should not be processed and subsequently denied? No. I have no idea why you think the request is being denied. > I'm thinking > something along the lines of changing line 404 of rlm_radutmp.c to: > > if (!port_seen && !nas_port_type) { No. The radutmp module needs a NAS-Port to put into the radutmp data structure. The NAS-Port-Type attribute cannot be used for this purpose. > I'll apologise in advance if my all too rusty programming skills are > making me misunderstand the situation entirely... I think you're confusing "server" with "module". e.g. the PAP module requires a User-Password in the Access-Request. The *server* doesn't, because it can hand the request to another module, like CHAP, or MS-CHAP. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html