Hi radiator team,
I looked over the radsecproxy sources and sorry to say it:
*Currently the radsecproxy and AuthRADSEC are incompatible!*
Whenever radsecproxy *generates* a reply message (Access-Reject or
Access-Accept on Satus-Server) it never copies the Proxy-State
Attribute from the request packet to the reply packet.
The only shortcoming solution as far as I see is, we need a
'UseExtendedIds' in Radiator not only for AuthRADIUS but also for
AuthRADSEC with a warning, never to use it when proxying to a
radsecproxy.
Sorry for the bad news.
Maybe someone can trigger the authors of radsecproxy too, to start
implementing Proxy-State RFC 2865 conform when *generating* responses.
Seems it makes everthing right on proxying but not on generating
packets.
Best Regards
Charly
--
Karl Gaissmaier
Universität Ulm / Germany
_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator
