That is how it is usually handled, there is some default state. For login
(shell) users there is usually a default protocol (telnet/rlogin) and a
default host. For framed (PPP/SLIP) users there is a default protocol,
netmask, and some way to dynamically assign IP or a fixed IP for the port.
>Question #2:
>If the Access-Accept packet does contain one or more such
>attributes, how are they to be interpreted by the NAS?
>One possibility would be to restrict the user to only having
>access to the indicated service-type.
>Another possibility would be to provide access to both the
>indicated service-type and any other service types allowed
>by the default set of privileges mentioned in Question #1.
>What is the preferred behavior in this case?
Normal behavior is that if an attribute is returned, it overrides any
defaults and the defaults are *not* offered. This is the only useful
setup to my mind, after all, most of the time the users in RADIUS are set
so that they do have specific parameters and if you can't count on your
RADIUS settings to be the ones used, what good is it?
-MZ
-- Although I work for Livingston Enterprises Technical Support, I alone am responsible for everything contained herein. So don't waste my managers' time bitching to them if you don't like something I've said. Flame me. Phone: 800-458-9966 support@livingston.com <http://www.livingston.com/> FAX: 510-426-8951 6920 Koll Center Parkway #220, Pleasanton, CA 94566