Force update of TLS cache
Alan DeKok
aland at deployingradius.com
Mon Feb 29 17:30:41 CET 2016
On Feb 29, 2016, at 11:26 AM, Jonathan Gazeley <Jonathan.Gazeley at bristol.ac.uk> wrote:
> The debug log shows that TLS-Session-Id is created in packet 4, in the outer authorize section.
OK, so it should be available in the request.
You may have to copy it to session-state, so it's available in later packets.
> And it does this:
>
> (6) update request {
> (6) TLS-Session-Id skipped: No values available
> (6) } # update request (noop)
>
> I don't understand why the attribute is not available later on in the same session.
Because it's not being added to the session-state attributes. Again, "request" is PER PACKET. "session-state" is for the SESSION.
Adding something to the request in packet 4 means ti's not available in the request in packet 6. That's what the session-state is for.
The default config should probably add TLS-Session-Id to session-state. I'll take a look. But for you, you'll have to do it manually.
Alan DeKok.
More information about the Freeradius-Users
mailing list