Hi, > this may be true for Status-Server but not for the Access-Rejects > generated by the radsecproxy. This has to be corrected by radsecproxy. > > And yes, Radiator AuthRADSEC has to fix the problem with Status-Server. > Both together are incompatible but often used together in eduroam.
Yes, the lack of returning Proxy-State when radsecproxy crafts its own Rejects is definitely a problem of radsecproxy; it violates RFC2865, section 5.33: " This Attribute is available to be sent by a proxy server to another server when forwarding an Access-Request and MUST be returned unmodified in the Access-Accept, Access-Reject or Access-Challenge." I've sent a notice to the radsecproxy mailing list, notifying them of the problem. I'm hoping to see a next release with a proper fix. Greetings, Stefan Winter -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473
signature.asc
Description: OpenPGP digital signature
_______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator