Generic selectors
Exact matches only
Search in title
Search in content
Search in posts
Search in pages

Reply To: Radius – Authenticator field

#30433
Teodor Georgiev
Guest

Hi Mike,

right on your question:

1. regarding the attributes – no they should be not the same.
In Access-Request the NAS is sending to the Radius-server a set of attributes (like Username, Password, NAS-port, port-type, Service-Type, Calling-Station-ID and etc), by which
The Radius server should decide wether or not to allow access to the customer. In example, it will allow only customers with valid user&pass, who are asking for Service-Type = Login, or who are logging in only to NAS = x.x.x.x.

On Access-Accept, the Radius server is sending to the NAS (along with the instruction to let this user in) a set of instructions and rules against that user, like:

Session-Timeout = how many seconds this customer is allowed to stay;
What kind of MTU to set on the customer’s interface, wether or not to apply some kind of filter/access-list against the customer (set in the “Filter-ID” attribute).

The “Identifier” field at “Access-Accept” must match with the one sent with “Access-Request” (this is how NAS knows that this reply “Accept” is related to the same “Access-Request”).

Length is the calculated length of the message.

You should send this:

MD5(
Code=2 (Access Accept)
Identifier (It remains the same as in Access-Request)
… ..
Attributes – the attributes in Access-Accept
….
..
)

that is