Re: How a RADIUS server should handle a request which does not have user-name attribute

Wed, 26 Mar 2003 06:58:44 -0800

At 11:56 AM 3/26/2003 +0530, Y Sreenivasulu wrote:
Hi,
I am using FreeRADIUS Server Version 0.7.1. The Server is cofigured for
authentication types local and EAP. When I send an Access_Request
with only user-password and NAS-Identifier, the Server is sending Access_Reject
to the client. What authentication method is used by the Server for this request?

What does the server say in the debug output?

In general what happens if none of the user-name, EAP-message are
present in a request? The RFC 2865 is not describing much about this situation.

RFC 2865 is pretty clear:


4.1. Access-Request

Description

      Access-Request packets are sent to a RADIUS server, and convey
      information used to determine whether a user is allowed access to
      a specific NAS, and any special services requested for that user.
      An implementation wishing to authenticate a user MUST transmit a
      RADIUS packet with the Code field set to 1 (Access-Request).

      Upon receipt of an Access-Request from a valid client, an
      appropriate reply MUST be transmitted.

      An Access-Request SHOULD contain a User-Name attribute.  It MUST
      contain either a NAS-IP-Address attribute or a NAS-Identifier
      attribute (or both).

It doesn't say that the server has to do anything other than give a
valid reply.  Access-Reject is indeed a valid reply ( though it may
not be the one you want ).

Has anyone tried this situation? 

All of the currently implemented modules with FreeRADIUS rely on a
User-Name to lookup the valid password.  If you want the server to
do password lookups based on other attributes, you'll need to either
modify an existing module, write a new module, or use the functinality
of 'rlm_perl' to authorize the request.

Also note that it doesn't matter if the server is configured for EAP
if you aren't sending an EAP request to it.

-Chris
--
   \\\|||///  \          StarNet Inc.      \         Chris Parker
   \ ~   ~ /   \       WX *is* Wireless!    \   Director, Engineering
   | @   @ |    \   http://www.starnetwx.net \      (847) 963-0116
oOo---(_)---oOo--\------------------------------------------------------
                  \ Wholesale Internet Services - http://www.megapop.net



- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to