Project

General

Profile

Actions

Todo #13419

closed

Note FreeRADIUS request/response limitation

Added by Marcos M about 1 month ago. Updated about 1 month ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Troubleshooting
Target version:
-
Start date:
Due date:
% Done:

100%

Estimated time:

Description

Add the following note to:
https://docs.netgate.com/pfsense/en/latest/packages/freeradius.html#troubleshooting-radius-authentication

The radius client library used in pfSense software doesn't support RFC7499 (https://www.rfc-editor.org/rfc/rfc7499.html) hence RADIUS request/response payloads have an upper limit of 4096 bytes. Thus, there is a limit to the maximum number of attributes one can receive.

See:
https://redmine.pfsense.org/issues/12982#note-25

Actions #1

Updated by Jim Pingle about 1 month ago

  • Status changed from New to Feedback
  • Assignee set to Jim Pingle
  • % Done changed from 0 to 100

I added the note to the authentication troubleshooting page and not the FreeRADIUS page. The limit is in pfSense software, not in FreeRADIUS.

https://docs.netgate.com/pfsense/en/latest/troubleshooting/authentication.html

https://gitlab.netgate.com/docs/pfSense-docs/-/commit/6cb39035c16b77748d932c378c6612fd0c171ee3

Actions #2

Updated by Marcos M about 1 month ago

This:

response payloads to upper limit of 4096 bytes

should be this:

response payloads to the upper limit of 4096 bytes

Looks good otherwise. Thanks!

Actions #4

Updated by Marcos M about 1 month ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF