Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 17 Jun 1999 16:50:02 -0700 (PDT)
From:      Brian Somers <brian@Awfulhak.org>
To:        freebsd-bugs@FreeBSD.org
Subject:   Re: bin/12225: Incompletness of radius request in ppp 
Message-ID:  <199906172350.QAA07780@freefall.freebsd.org>
index | next in thread | raw e-mail 

The following reply was made to PR bin/12225; it has been noted by GNATS.

From: Brian Somers <brian@Awfulhak.org>
To: bamby@marka.net.ua
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: bin/12225: Incompletness of radius request in ppp 
Date: Fri, 18 Jun 1999 00:30:27 +0100

 > 
 > >Number:         12225
 > >Category:       bin
 > >Synopsis:       incompletness of radius request in /usr/sbin/ppp
 [.....]
 > Current implementation of /usr/sbin/ppp creates malformed radius request 
 > with NAS identifier missing. Merit AAA Radius Server refuses to process
 > such a request. 
 
 The Merit AAA Radius Server is broken.  Ppps requests are not 
 malformed.
 
 From the rfc:
 
       An Access-Request MUST contain a User-Name attribute.  It SHOULD
       contain either a NAS-IP-Address attribute or NAS-Identifier
       attribute (or both, although that is not recommended).  It MUST
       contain either a User-Password attribute or CHAP-Password
       attribute.  It SHOULD contain a NAS-Port or NAS-Port-Type
       attribute or both unless the type of access being requested does
       not involve a port or the NAS does not distinguish among its
       ports.
 
 While I have no problem supplying the id or address, the port is a 
 bit more of a problem.  I don't really think ttyslot() is always 
 appropriate.  Ppp may not be in -direct mode, or it may have been 
 passed a link and dropped the original one (see bundle_setsid()).
 
 Maybe the best way is to add a field to ``struct device'' and have 
 tty_Create() assign that field (if p->fd == 0) while other devices 
 leave it at -1.  When it's time to send a request, ppp can pass this 
 field as the NAS-Port only if there's only one link and the field 
 != -1.
 
 Of course the ``Merit AAA Radius Server'' should be fixed, or 
 alternatively, you could use the Cistron server ;^P
 -- 
 Brian <brian@Awfulhak.org>                        <brian@FreeBSD.org>
       <http://www.Awfulhak.org>;                   <brian@OpenBSD.org>
 Don't _EVER_ lose your sense of humour !          <brian@FreeBSD.org.uk>
 
 
 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906172350.QAA07780>