Cached attributes

Christian Strauf strauf at rz.tu-clausthal.de
Thu Feb 25 14:51:03 CET 2016


>Yes, I introduced a new attribute Inner-User-Name and I am setting a 
>value in the inner tunnel server. However, this does not get saved to 
>the SSL/TLS cache so when there is an authentication for a resumed 
>session, we can't access that attribute.
>
>I'm trying to figure out how to cache other stuff with the TLS 
>attributes that can be pulled back later on.
Do you receive the inner User-Name in accounting packets (e. g. because you copied it with the "session-state" mechanism into the Access-Accept reply)? If so, you can do CoA without any caching because the NAS sends the correct username in accounting packets anyhow. You can work with those User-Names in the accounting section and hence to CoA there. Would that work for you?

Christian
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2172 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160225/92c5eb5b/attachment.bin>


More information about the Freeradius-Users mailing list