Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vsa lookup failure #10

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Vsa lookup failure #10

wants to merge 5 commits into from

Conversation

bwlang
Copy link
Contributor

@bwlang bwlang commented Apr 24, 2012

Sorry about the poor git practice here...
didn't know i should have rebased instead of merging until now... and I'm out of time figure out how to fix things.
Hopefully this is still of some help to the project.

I was bitten by this bug in production code for some users authenticating against and MS AD radius server.

bwlang added 5 commits June 25, 2010 14:03
@bwlang
obviate the requirement to specify "my ip address"
91093c1 
we can figure this out with no network activity by 
using the UDPSocket addr property.
@bwlang
avoids deprecated .type method call
c3822dd
@bwlang
ignore nbproject dir
977d45f
@bwlang
merges changes from upstream
2e2168f
@bwlang
If a vendor lookup fails, use the normal dict lookup
afdfdcf 
if that fails, give up.
Maybe this project should consider adding some logging facility...
puts is pretty lame.
@dguerri
Copy link
Contributor

dguerri commented Apr 25, 2012

Hi bwlang, could you please articulate on this pull request?
Shouldn't the attribute be found only in the VS dictionary if its type is 26 (VSA)?

@bwlang
Copy link
Contributor Author

bwlang commented Apr 25, 2012

Hi David:

Sure...
The only relevant commit is afdfdcf

I observed for some users that a type 26 would come back from the server, but the vendor_id reported would not be found in @dict.
Then i found that the value could not be found by its id so a nil.name was attempted.

These changes allow authentication to proceed in my environment.

I'm not sure this is the cleanest solution, so maybe the vsa path should just check for 26 and look for a vendor,but return if it can't find it in the dict (and give up on the fallback which may never work)

Brad
On Apr 25, 2012, at 7:02 AM, Davide Guerri wrote:

Hi bwlang, could you please articulate on this pull request?
Shouldn't the attribute be found only in the VS dictionary if its type is 26 (VSA)?

Reply to this email directly or view it on GitHub:
#10 (comment)

@dguerri
Copy link
Contributor

dguerri commented Apr 25, 2012

Thanks for the explanation Brad,
personally I'd prefer the latter approach :-) However the last word is up to maintainer.

It could be interesting to see if this is another Microsoft "standard" interpretation ;)

@erik-megarad
Copy link

This is also a problem for us. If attribute resolution fails by Vendor ID it should fail altogether, and not attempt to resolve by attribute ID. Personally I would prefer to simply omit the code at https://github.com/pjdavis/radiustar/blob/master/lib/radiustar/packet.rb#L165 altogether.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bwlang @dguerri @erik-megarad