Using Session State

Sam Hartman hartmans at mit.edu
Tue Mar 17 21:21:48 CET 2015


Hi.

So, as we've discussed previously, setting use_tunneled_reply is really
kind of undesirable with methods like mschapv2 that generate their own
keys.
Also, it tends to do undesirable things and expose the channel binding
messages to the outer reply.

based on the documentation it sounds like I ought to be able to use the
session-state list to move attributes between the inner tunnel and outer
tunnel.

however, in inner-tunnel's post auth section

update session-state {
session-state:User-Name = &Request:User-Name
}
returns noop.

First, should session-state work for this purpose?
If so, what am I doing wrong?


More information about the Freeradius-Devel mailing list