7357 – Pass-through radius auth. with RFC2865

Issue 7357 - Pass-through radius auth. with RFC2865

Summary: Pass-through radius auth. with RFC2865

Status:	VERIFIED FIXED

Alias:	None

Product:	OpenLDAP
Classification:	Unclassified
Component:	contrib (show other issues)
Version:	2.4.32
Hardware:	All All

Importance:	--- normal
Target Milestone:	---
Assignee:	OpenLDAP project

URL:
Keywords:

Depends on:
Blocks:

Reported:	2012-08-19 17:57 UTC by jet@transniaga.co.th
Modified:	2014-08-01 21:03 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.

Description jet@transniaga.co.th 2012-08-19 17:57:50 UTC

Full_Name: Jetasik Anantakunupakorn
Version: 2.4.32
OS: FreeBSD 9.0-RELEASE amd64
URL: http://www.openldap.org/lists/openldap-technical/201208/msg00172.html
Submission from: (NULL) (58.11.65.20)


Pass-through radius authentication in contrib's passwd module(radius.c) does not
include either a NAS-IP or a NAS-Identifier, according to radius RFC 2865 one of
these attributes is mandatory in the access request.

The thing is that the previous version of Radius RFC standard(RFC 2138)
specified that the access request "SHOULD" contain either a NAS-IP or a
NAS-Identifier but the current version use "MUST" instead.

Comment 1 Howard Chu 2012-08-21 20:30:54 UTC

jet@transniaga.co.th wrote:
> Full_Name: Jetasik Anantakunupakorn
> Version: 2.4.32
> OS: FreeBSD 9.0-RELEASE amd64
> URL: http://www.openldap.org/lists/openldap-technical/201208/msg00172.html
> Submission from: (NULL) (58.11.65.20)
> 
> 
> Pass-through radius authentication in contrib's passwd module(radius.c) does not
> include either a NAS-IP or a NAS-Identifier, according to radius RFC 2865 one of
> these attributes is mandatory in the access request.
> 
> The thing is that the previous version of Radius RFC standard(RFC 2138)
> specified that the access request "SHOULD" contain either a NAS-IP or a
> NAS-Identifier but the current version use "MUST" instead.
> 
A patch for this is now in git master, please test.


-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Comment 2 Howard Chu 2012-08-21 20:31:07 UTC

changed notes
changed state Open to Test
moved from Incoming to Contrib

Comment 3 jet@transniaga.co.th 2012-08-22 05:39:16 UTC

Howard Chu wrote:
> 
> jet@transniaga.co.th wrote:
> > Full_Name: Jetasik Anantakunupakorn
> > Version: 2.4.32
> > OS: FreeBSD 9.0-RELEASE amd64
> > URL:
> > http://www.openldap.org/lists/openldap-technical/201208/msg00172.html
> > Submission from: (NULL) (58.11.65.20)
> >
> >
> > Pass-through radius authentication in contrib's passwd
> > module(radius.c) does not include either a NAS-IP or a NAS-Identifier,
> > according to radius RFC 2865 one of these attributes is mandatory in the
> access request.
> >
> > The thing is that the previous version of Radius RFC standard(RFC
> > 2138) specified that the access request "SHOULD" contain either a
> > NAS-IP or a NAS-Identifier but the current version use "MUST" instead.
> >
> A patch for this is now in git master, please test.
> 

Awesome!Thanks a lot.
Properly tested with no error.

--
JET JETASIK

Comment 4 Quanah Gibson-Mount 2013-02-26 20:21:12 UTC

changed notes
changed state Test to Closed

Comment 5 OpenLDAP project 2014-08-01 21:03:30 UTC

fixed in master
fixed in RE24