Ascend Equipment
Traditionally, the attributes specific to Ascend terminal server gear are sent by FreeRADIUS as vendor-specific attributes, as per the RADIUS RFC. However, the Ascend NAS equipment itself sends its own attributes (those that are specific to the Ascend equipment) as regular, global space attributes, which, of course, causes problems with other attributes as specified in the RFC. If you suffer from a problem related to Ascend’s non-standard way of dealing with its specific attributes, you will see invalid Message-Authenticator messages in your log files.
There are two options to fix this problem. The first is to enable support for vendor-specific attributes on the Ascend equipment. There are different steps to follow depending on which model of terminal server you have. If your model is the Max6000 or Max4000 series with the menu-style TAOS interface, follow these instructions:
Go to Ethernet, select Mod Config, and then choose Auth.
Find the Auth-Compat option at the bottom of the menu. Change this from its current setting, OLD, to VSA.
Save the change to make it active.
If you have the Max TNT model or the Apex 8000 series with the command-line-driven TAOS system, execute the following commands from a shell prompt.
nas> read external-auth nas> set rad-auth-client auth-radius-compat = vendor-specific nas> set rad-acct-client acct-radius-compat = vendor-specific nas> write
The other option is to perform the opposite change: enable the old attributes on the FreeRADIUS machine. ...