search

netfishers-onl / Netshot

Network Configuration and Compliance Management
http://www.netfishers.onl/netshot
249 stars 60 forks source link

fix(radius): RFC Compliance Radius #235

Closed SeeMyPing closed 2 years ago

SeeMyPing commented 2 years ago

Hello,

Here is our fix for Radius authentication errors and RFC compliance.

SCadilhac commented 2 years ago

Can you give more context please? Why are you changing this attribute?

wpaumier commented 2 years ago

Hello 👋

The RFC states the following regarding the NAS-Port-Type attribute:

The Value field is four octets. "Virtual" refers to a connection to the NAS via some transport protocol, instead of through a physical port. For example, if a user telnetted into a NAS to authenticate himself as an Outbound-User, the Access-Request might include NAS-Port-Type = Virtual as a hint to the RADIUS server that the user was not on a physical port.

So from my understanding and from what I saw, for instance when a switches authenticates a user connected to a physical port via 802.1X, it will be Ethernet. But if it authenticates a user who tries to ssh into the switch itself, it will be Virtual.

Thank you

SCadilhac commented 2 years ago

Thanks!