Hi, > this may be true for Status-Server but not for the Access-Rejects > generated by the radsecproxy. This has to be corrected by radsecproxy. > > And yes, Radiator AuthRADSEC has to fix the problem with Status-Server. > Both together are incompatible but often used together in eduroam.
Yes, the lack of returning Proxy-State when radsecproxy crafts its own
Rejects is definitely a problem of radsecproxy; it violates RFC2865,
section 5.33:
" This Attribute is available to be sent by a proxy server to
another server when forwarding an Access-Request and MUST be
returned unmodified in the Access-Accept, Access-Reject or
Access-Challenge."
I've sent a notice to the radsecproxy mailing list, notifying them of
the problem. I'm hoping to see a next release with a proper fix.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
signature.asc
Description: OpenPGP digital signature
_______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
