I was writing to check if support for VSA Id's higher than 255 has
been added in freeRadius 1.0.5. I will appreciate any feedback you guys
might have.
Regards,
Swaran Sethi
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alan
DeKok
Sent: Tuesday, August 02, 2005 2:09 PM
To: FreeRadius users mailing list
Subject: Re: VSA id's higer than 255
Michael Lecuyer [EMAIL PROTECTED] wrote:
The format for the long tag VSA is the same as the standard
Vendor-Specific attribute (8 bit tag, 8 bit length) but the
sub-attribute tag field has been expanded to 16 bits. The
sub-attribute
length field remains 8 bits.
That doesn't sound too bad.
All vendor specific attributes are coded using 16-bit attribute type
in
network byte order and Lucent-Vendor-Id (4846) as Vendor-Id.
That makes it easier.
I believe the support for long Vendor-Specific tags was discussed here
in the past with limited interest in support.
It's about 40 lines of code to support. The weirdness that I recall
was Nortel, which mixed normal VSA's, and USR-style VSA's in the same
vendor space.
192.168.1.1 ... VendorLongTags=Ascend
- indicating that Ascend VSA's use long tags and all other VSA's like
Cisco) would be short. Ascend / Lucent VSA's do not always use long
tag
VSAs.
If it's always that the Lucent attributes use 16-bit id's, it's OK.
This introduction of long tags is a real wart for every RADIUS server.
There are probably other ways to have avoided 16 bit tags. Naturally
the
offender is too big to ignore and arbitrarily forced the issue.
Remember
that in the past Ascend (pre-Lucent) grabbed unassigned RADIUS
attributes (from 119 to 255) without thinking there might be a problem
with that either.
Yup.
I'll add something to the CVS head. Grab a snapshot in a few days,
and see if it works.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html