radsecproxy March 2021

radsecproxy@lists.nordu.net

3 participants
2 discussions

Adding support for dynamic authorisation messages (CoA/Disconnect)
by Harshit Jain 29 Apr '21

29 Apr '21

Hello, I was looking to add support for Dynamic Authorization Messages - Change of Authority (CoA) and Disconnect messages - to radsecproxy. RFC for this can be found here - https://tools.ietf.org/html/rfc5176 . Before diving headfirst, I wanted to ask if it is already on the roadmap or if there has been a design discussion that I can read up on. Thanks and regards, Harshit Jain

2 18

dynamic lookups are not blocking, causes first auth to fail with fallback
by Paul Dekkers 25 Mar '21

25 Mar '21

Hi, If you have this realm block: realm /@.+\..+$/ { server dynamic server fallback.server.here accountingResponse on } radsecproxy will start to send the request to fallback.server.here because the dynamic part didn't resolve yet: it's not blocking. Only as soon as the config for the dynamic realm is in place, when the dynamicLookupCommand had a result, it will continue with that host. This results in part of the conversation going via one path, part of it via another. This breaks "the first" authentication for a realm. Unless there is no fallback of course: or if the fallback is done in the lookup script (else at the end, which is what I'm using now). So, while this not being problematic for me ;-) I was wondering if someone else stumbled upon this, and whether we can have the dynamic lookup blocking for the request? That would allow fallback "as documented". Regards, Paul

3 10

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

radsecproxy March 2021