Arran Cudbard-Bell wrote: > Hmm RFC 5080 expounds a bit more on Clients and attribute processing: > > In general, it is best for a RADIUS client to err on the side of > caution. On receiving an Access-Accept including an attribute of > known Type for an unimplemented service, a RADIUS client MUST treat > it as an Access-Reject, as directed in [RFC2865] Section 1.1. On > receiving an Access-Accept including an attribute of unknown Type, a > RADIUS client SHOULD assume that it is a potential service > definition, and treat it as an Access-Reject. Unknown VSAs SHOULD be > ignored by RADIUS clients. > > I'll have a word with Alan tomorrow, seeing as I know he helped author > this one. Unknown VSAs with your vendor ID fine, but VSAs with a > different vendor ID? Seems really stupid to me.
Yes, I wrote that text. And getting excited over a DIFFERENT vendors VSAs? Stupid. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html