Bjørn Mork <bjorn@mork.no> wrote:
The 'No information to cache' means you do not have anything useful (for example 'User-Name') in the reply packet.
Makes sense.
In the post-auth of my inner-eap virtual server I have added: ---- post-auth { ... # needed for TTLS cache update reply { User-Name := "%{request:User-Name}" } ... } ----
That should fix your problem.
Thanks. Looks like something for the default config/documentation with that comment included.
To make things more interesting, depending on you situation[1] you might want to then strip the User-Name attribute from your reply traffic on the outer layer. We do this as in the 'eduroam' world when our lusers are roaming away from their home institution we want to protect the guilty and give them some degree of anonymity. This means the remote organisation the user is visiting only sees the username in the initial request packet...which for TTLS *should* be '@example.com' and *not* 'luser@example.com'. Of course when our users are onsite we pass on the User-Name in the Access-Accept so that the accounting packets from the NAS have the inner username present making grepping/SELECTing your accounting logs that much easier. Cheers -- Alexander Clouter .sigmonster says: You are so boring that when I see you my feet go to sleep.