I've decided to take a crack at unpacking this- for what it's worth.
Before I do that I should probably just say, "Thank you all for the
freeradius project".
Post by StephenI don't know what to say to this. There's not really much room left for
a discussion, frankly.
https://tools.ietf.org/html/rfc2865#section-5.6
Post by Alan DeKokPost by StephenI have no idea what you're talking about.
It helps to understand how RADIUS works. And to assume that you can learn from the people who are trying to help you.
Post by StephenThis is my own environment
with no vendor support. I'm using dd-wrt with freeradius as well as
strongswan with freeradius, so the "calling station" is just dd-wrt/WPA2
Enterprise, or alternatively strongswan/eap-tls with MacOS, Linux and
Windows clients.
Then read the documentation for that product to see what it takes.
While these projects are also open source, I wasn't able to find much in
the way of documentation helping describe what you're assuming they should:
https://wiki.strongswan.org/projects/1/wiki/EapTls
https://wiki.openwrt.org/doku.php?id=oldwiki:wpa2enterprise
https://wiki.openwrt.org/doc/howto/wireless.security.8021x
In fact, you have to dig into the source code to see what they can
really handle, so I don't really consider that so implicit as suggested:
https://github.com/strongswan/strongswan/blob/57447015db828832e0e141dcdab7fbf61f828851/src/libradius/radius_message.c#L100
It's certainly fair for these projects to include more documentation on
how various RADIUS attributes are used. Unfortunately, I didn't find
that in a cursory search.
Post by StephenPost by Alan DeKokPost by StephenI would love to
know where the documentation for the acceptable radreply entries is.
This question shows a fundamental misconception on how RADIUS works. The short answer is that for FreeRADIUS, *all* attributes can go into the radreply table. We don't care. The documentation makes this fairly clear.
i.e. the documentation describes how to use the SQL module and how it works. The documentation does *not* contain every possible configuration for every possible situation.
Post by StephenAside from the limited and anecdotal references found there to fields
like `Framed-IP-Address`, where can I find a comprehensive accounting of
the attributes and values I can leverage in my radreply table?
No such table exists. It's up to *you* to read the documentation for the NAS to see what attributes it takes. Asking for such "comprehensive" documentation again shows a misunderstanding of how things work.
And, a snide comment of "limited and anecdotal references found" is just not appropriate. We don't document what Framed-IP-Address is, or what it does. That documentation lies elsewhere.
Similarly, we don't document every possible use of every possible attribute. Would you ask a car manufacturer for detailed specifications of every possible tire that goes on the car? Along with tire-specific instructions for mounting, care, etc.? No?
Then by the same logic, it's not appropriate to ask us for documentation on every possible attribute.
Clearly I should have come to the discussion as an expert on RADIUS,
preferably as a co-author of multiple RFCs concerning it. Here is
information I was actually looking for:
https://tools.ietf.org/html/rfc2865#section-5.8,
https://tools.ietf.org/html/rfc2865#section-5
As part of the actual RFC describing what a RADIUS server is supposed to
be, I simply disagree with your assessments above. Not everyone using
your product has read all the pertinent RFCs, and it's an extraordinary
burden for those of us not specializing in your area of expertise.
To extend your own analogy, should I *really* need to read 4+
international regulatory standards to change my tire?
Post by StephenPost by Alan DeKokAlan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www