Argument can be made both ways, but technically NAS is not a proxy. A NAS defers to the server on almost every aspect starting from authentication to changing of username in accounting packets to a lot of things.
A NAS is asked to grant access to the user by the server according to the terms and conditions specified by the server in form of attributes. So unless there is a very concrete case for a NAS overriding the value of an attribute specified by the server, it should adhere and use the values of attributes specified by the server.
Thanks
-Bik
------------------------------------
Nomadix
Bikramjit Singh
Technical Project Manager
tel: 818-575-2518
fax: 818-597-1502
mobile: 818-613-6998
www.nomadix.com
------------------------------------
-----Original Message-----
From: owner-radiusext@ops.ietf.org [mailto:owner-radiusext@ops.ietf.org] On Behalf Of Barney Wolff
Sent: Thursday, July 14, 2005 10:35 AM
To: Bernard Aboba
Cc: radiusext@ops.ietf.org
Subject: Re: Fixes Issue: Interim-Accounting-Interval and Local Configuration
On Thu, Jul 14, 2005 at 10:05:32AM -0700, Bernard Aboba wrote:
>
> The Interim Accounting Interval is often set in order to ensure against
> loss of income by billing systems. So I can understand why there is
> concern if an Interim-Accounting-Interval attribute sent by a RADIUS
> server would be ignored by the NAS.
>
> Although I do not recall the conversations that lead to this paragraph
> being inserted, I think the concern may relate to inappropriately small
> values being sent by a RADIUS server. For example, if the implementation
> has a setting for "minimum Interim-Accounting-Interval" then I would say
> that this should not be overridden by a smaller value, but could be
> overridden by a larger one.
I think the issue is whose policy shall apply, when the RADIUS server
and NAS are under different administrative control. Setting the value
in the NAS is the equivalent of overriding whatever value is set by
the server in the proxy that (presumably) should exist between the NAS
and the server in this case.
> However, if the nature of the implementation setting is "use value X by
> default, but allow the RADIUS server to override it" I don't understand
> why that should be prohibited.
One can always speculate on why values would be configured directly in
the NAS if the proxy is under the same administration. Perhaps the
thinking was that some NASes may be intelligent enough to pick the right
server based on NAI or other info without an intervening proxy. In that
case configuration of values on the NAS is the equivalent of doing so
in a virtual proxy, and, since a proxy can always override attribute
values, the NAS settings win.
A definite choice, even if "wrong", is probably better than uncertainty
in cases like this.
Regards,
Barney
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>