[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
The default comparison method may fail to recognize duplicate requests. if the originating NAS has modified the request authenticator or request identifier before retransmitting the request. If you happen to use such NASes, you will have to enable extended request comparison to compensate for their deficiencies.
The extended request comparison consists in comparing the
contents of both requests. However, blindly comparing
each A/V pair from both requests won't work, since many attributes do
change their values between successive retransmits. Therefore,
radiusd
uses only comparable attribute, i.e. a
user-defined subset of such attributes that can safely be used in
comparison. Thus, extended request comparison works as follows:
Password
and
CHAP-Password
are decoded prior to comparison.
To use the extended comparison, follow the procedure below:
The syntax of dictionary file allows for nine user-defined properties,
denoted by characters `1' through `9'. You should select one of
them to mark comparable attributes for authentication and another one to
mark those for accounting. It is strongly suggested that you use
PROPERTY
statement in your main dictionary file
(see section 5.2.7 PROPERTY statement), instead of modifying ATTRIBUTE
statements
in the underlying dictionary files.
See section 5.2.4 ATTRIBUTE statement, for detailed description of attribute property flags.
To enable the extended comparison for authentication requests,
add to your auth
block the statement
compare-attribute-flag flag; |
The flag is the same symbol you used in the dictionary to mark comparable attributes for authentication.
To enable the extended comparison for accounting requests, insert
compare-attribute-flag
statement into the acct
block.
Add the following statement to the declaration of those NASes, that require using the extended comparison (in flags column):
compare-auth-flag=flag,compare-acct-flag=flag |
See section 5.4 NAS List -- `raddb/naslist', for a description of naslist file syntax.
6.1.1 An example of extended comparison configuration 6.1.2 List of attributes that can be declared comparable.
[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |