RADIUS Attribute Issues regarding RFC5580 (Operator-Name and others) with several RADIUS servers (including Microsoft IAS and NPS)

The advisory is based on the JANET Roaming Service Advisory (Operator-Name RADIUS Attribute Issues with MS IAS and NPS) issued in November 2010.

Background

A growing number of eduroam® Service Providers are including the Operator-Name RADIUS attribute when sending Access-Request authentication packets to their federation-level RADIUS servers (FLR) for forwarding to the user’s responsible eduroam Identity Provider.

Operator-Name is a standard RFC5580 RADIUS attribute and can uniquely identify the owner of an access network (e.g. the Service Provider realm name). Including it in the Access-Request is encouraged because this greatly assists in user support given by the eduroam Identity Provider. Being able to identify entries in the RADIUS logs relating to the Service Provider where the user is located helps when inspecting logs during routine problem identification analysis or for real-time troubleshooting a specific problem for a user.

Download the fully advisory as PDF