Normalising the User-Name AVP in an Access-Accept
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Thu Apr 18 18:48:44 CEST 2013
Hi,
in latest 2.x and 3.x code check out the canonicalisation policy - this
sorts out the MAC format. you could do the same for the User-Name. note that
there are data protection issues in play - for example, if a user has chosen
(and is allowed) to use anonymous outerid, then why are you suddenly releasing
their ID to the remote site after the 'soft innards' of the innerID are known
to you? might the user have an issue with that?
also note that the main issue that has been at play here is accounting
packets - the innerID is not realmed so accounting becomes local. well, thats
okay too as accounting traffic in eduroam is going bye bye in the not too distant
future so you wont be proxying accounting through the national proxies
anyway...so either take it locally or drop it.
alan
More information about the Freeradius-Users
mailing list