FR 2.1.8 Issue - Unjustified(?) Access-Rejects.
Alan DeKok
aland at deployingradius.com
Tue Jan 12 15:11:45 CET 2010
Stefan Winter wrote:
> How does this work together with anonymous outer ids? I.e. if outer
> User-Name = anon at foo.bar and the inner User-Name is stefan at foo.bar, then
> the cache contains a session for stefan at foo.bar
Yes.
> On session resumption, there is no inner tunnel exchange, there's a
> packet User-Name = anon at foo.bar and an EAP-Message with SSL magic (but
> no inner User-Name)... So how does FreeRADIUS know what to look up in
> the cache? Or am I missing something here?
There's an SSL identifier associated with the session:
supplicant: I have SSL id 0x282674736733673
server: OK, it's in my cache.
(Modulo various crypto operations to keep it secure)
The server uses the Id to find the cache entry, and the cached User-Name.
Alan DeKok.
More information about the Freeradius-Users
mailing list