Thanks for your prompt response Alan. >> " .....An Access-Request SHOULD contain a User-Name attribute. It >> MUST contain either a NAS-IP-Address attribute or a NAS-Identifier >> attribute (or both)." >> >> Can someone clarify this please? > > It is a requirement on *client* implementations. It has no meaning > for a RADIUS server. > > What do you suggest that a RADIUS server do if it receives a > "non-compliant" packet? Discard it? Reject it? ...
Yes, i came across a different vendor that Rejects requests without either of those mandatory attributes. > FreeRADIUS enforces security requirements. Nearly all of the other > "MUST" statements are meant as "this is good practice". They can > therefore be ignored. And they often *need* to be ignored for > inter-operability with horrible vendor equipment. > I understand your point here; however in my opinion some vendors don't seem to be that flexible even when it comes to such client side requirements. Cheers, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html