Re: RADIUS auth questions.

"J.F" <cv@redwire.co.za> wrote:
> 1) I notice that my server is responding to the client with the Cisco-AVPair
> attributes even if the user's authentication fails due to an incorrect
> password. Is this normal behaviour?

It's a minor bug.

> 2) In a situation where the password supplied by the client is correct, but
> the attribute values associated with the request are incorrect, I notice
> that the server responds with an Access-Accept, but updates the attribute
> values.

No. The server sends back the attributes you configured. If you
didn't configure it to look for, and reject, "incorrect" attributes in
the request, then it won't do that.

> As you can see, the Access-Request was for "Outbound-User" access, which was
> incorrect for this user's profile. Instead of rejecting it, the RADIUS
> server accepted and just updated the Service-Type in the Access-Accept
> packet. Again, is this normal behaviour? If not, how do I go about changing
> it?

Edit the configuration files you're using, so that it rejects
requests that you want to be rejected.

Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html