Chris Parker <[EMAIL PROTECTED]> wrote: > This assumes we are sending to a NAS, which we can't. Consider a two > stage proxy:
The proxy state returned to the client MUST be exactly the same as what client sent to the server. You CANNOT trust the Proxy-State attributes in the reply from the home server, as they may be running a brain-dead server like Merit, which mangles Proxy-State. Look at rad_respond(). When it's responding to a request, it copies the PW_PROXY_STATE from the request to the reply. Since FreeRADIUS isn't completely brain-damaged, these attributes are unmodified. Any crap Proxy-State attributes it receives in request->proxy_reply->vps are discarded as nonsense. > The reply going back to ISP1 should be: > > Blah = "blah", > Proxy-State = "foo" > Blah = "blah" > > I'm working on a patch to do this, unless you want to take a stab > at it. :) It does that already. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
