When running Policy Server as Radius Server, does the Policy Server
expect a specific value for Service-Type attribute ?
The Radius server should not send the attribute
for which the value is unknown. Following the RFC 2865,
if the Radius Server receives an attribute for which
the value is unknown, it should replies with Access-Reject
as for example in a network traces :
The Policy Server receives attributes :
AVP: l=6 t=Service-Type(6): Unknown(134217728)
AVP: l=6 t=NAS-Port(5): 0
AVP: l=6 t=NAS-IP-Address(4): 10.1.1.10
and it should send back :
Code: Access-Reject (3)
AVP: l=14 t=Reply-Message(18): Packet Error
From https://tools.ietf.org/html/rfc2865
A NAS that does not implement a given service MUST
NOT implement the RADIUS attributes for that service.
For example, a NAS that is unable to offer ARAP
service MUST NOT implement the RADIUS attributes
for ARAP. A NAS MUST treat a RADIUS access-accept
authorizing an unavailable service as an
access-reject instead.
[...]
1.2. Terminology
service The NAS provides a service to the dial-in user,
such as PPP or Telnet.
[...]
5.6. Service-Type
Description
This Attribute indicates the type of service the
user has requested, or the type of service to be
provided. It MAY be used in both Access-Request
and Access-Accept packets. A NAS is not required
to implement all of these service types, and MUST
treat unknown or unsupported Service-Types as
though an Access-Reject had been received instead.
[...]
6 Administrative
Usually, the Service-Type value is defined in the Agent Type for
the Agent. It might also be set by a response. You might check both
in the configuration of the Agent and Policy.