Cool.... Thanks a lot for the quick response and info... :-) Thanks, -Sanal
On Mon, Dec 12, 2011 at 6:36 PM, Alan Buxey <a.l.m.bu...@lboro.ac.uk> wrote: > Hi, > > > Would like to know why Free Radius is putting the user configuration > data > > in Access Challenge ? > > as per attrs.access_challenge > > > # This configuration file is used to remove almost all of the > # attributes From an Access-Challenge message. The RFC's say > # that an Access-Challenge packet can contain only a few > # attributes. We enforce that here. > # > DEFAULT > EAP-Message =* ANY, > State =* ANY, > Message-Authenticator =* ANY, > Reply-Message =* ANY, > Proxy-State =* ANY, > Session-Timeout =* ANY, > Idle-Timeout =* ANY > > this would suggest strongly that you arent actually USING this filter to > follow the RFCs that you are so strongly advocating in your post - this > filter file is define in modules/attrs > > attr_filter attr_filter.access_challenge { > key = %{User-Name} > attrsfile = ${confdir}/attrs.access_challenge > } > > > > now....read the sites-enabled/default as provided with the server, scroll > down to the 'eap' authentication and then you'll see the next 12 lines have > the bit that will enable this filter. its commented out by default because > its an RFC that not many people care about (having seen junk from IAS/NPS > and > ACS, FreeRADIUS is already *quite* RFC compliant without tis extra bit of > OCD ;-) > > alan > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html