Ramm-Ericson, Johannes wrote: > OK. However, access requests from that particular NAS are in effect not > processed the way I expect because of the lacking NAS-Port which still > leaves me with a problem I need to understand and fix.
There is likely nothing that you can do. This is the reality of working with different RADIUS implementations and administrators. > OK. But what I was trying to say was that I think the if statement in > rlm_radutmp is not correctly interpreting the RFC. From my understanding > the RFC says that "either NAS-Port or NAS-Port-Type or both" must be > present. However: Again, the radutmp module needs a NAS-Port for it's own internal purposes. This has *nothing* to do with the RFC requirements. Did you understand my analogy with the PAP module? > Just to clarify; I may very well be wrong about all this but I have a > workaround that I think is just that: a workaround, rather than a > correct solution. My hope is that either someone on the mailinglist can > explain why I'm getting it all wrong or that I actually have found a bug > and that it in that case hopefully can be squashed. It is not a bug. It is perfectly valid for different modules in the server to do different things with a RADIUS packet. Does that make sense to you? If you would have it your way, *every* module in the server would enforce *all* of the RFC requirements. This is nonsense. You would not require the PAP module to accept CHAP, MS-CHAP, etc. So why make the radutmp module understand NAS-Port-Type? If you think that you need to run the "radutmp" module *always* for *every* accounting request, then you need to come to a realization: the server doesn't work that way. The "radutmp" module runs for *certain* requests that match *certain* criteria. Some requests which meet RFC requirements cause the radutmp module to run. Other requests which *also* meet the RFC requirements cause the radutmp module to *not* run. Just like the PAP module. Just like the CHAP module. Just like the MS-CHAP, EAP, Digest, or many other modules. The radutmp module needs NAS-Port to operate. It cannot use NAS-Port-Type. If you do not see a NAS-Port in the request, then the radutmp module will do nothing. Making the radutmp module look for NAS-Port-Type is wrong. I also note that in all of this you haven't made it clear what your requirements are. If you want a "radumtp" entry for all users, then your requirements are wrong. Those requirements CANNOT be met using standard, RFC-compliant, RADIUS packets. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html