On 10/04/2013 12:31 AM, a.l.m.bu...@lboro.ac.uk wrote: > ATTRIBUTE NAS-IPv6-Address 95 ipaddrv6 > > however, it appears that this attribute type (ipaddrv6) has > some interplay problem with the server. ie If you have a RADIUS packet > going through RADIATOR on a host that isnt doing IPv6 - ie it doesnt have > PERL Socket6 library installed, then the 18byte attribute is mangled > to 2 bytes. the result of that?
Indeed, this will happen when Socket6 is not installed. There is a WARNING logged each time when this Socket6 call is needed, but apparently this is not enough to make sure the problem is noticed quickly enough. We thought about the options and the plan is to examine the IPv6 capabilities of the system at radiusd start and then select: native Socket > Socket6 > handle as binary dictionary type. This allows those who have Perl 5.12.0 or later to not worry about Socket6 anymore while still allowing older systems with no Socket6 to function without mangling messages. The above will also apply to other related uses where socket binding etc. is done and socket related calls are needed to hand addresses. > other servers such as NPS will just silently > drop the packet (well, it logs malformed RADIUS packet but remote servers > think server is dead). in a highly federated environment (eg eduroam) > this leads to quite elongated/obtuse issues. Not good, I agree. > May I ask that this > handling of the packet be seperated from IPv6 functionality (standard > IPv4 servers should just pass known packets through as is....) - > perhaps as simple as changing the type of that attribute? Unknowns can now pass Radiator, see the recent patch, but this was a bit of special case where it was thought the type could be handled when this was not true. There will be patches soon that update this and remove the mandatory Socket6 dependency if the system has Socket that is current enough. Thanks for pointing this out. Heikki -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
