25 Feb
2016
25 Feb
'16
8:51 a.m.
Yes, I introduced a new attribute Inner-User-Name and I am setting a value in the inner tunnel server. However, this does not get saved to the SSL/TLS cache so when there is an authentication for a resumed session, we can't access that attribute.
I'm trying to figure out how to cache other stuff with the TLS attributes that can be pulled back later on. Do you receive the inner User-Name in accounting packets (e. g. because you copied it with the "session-state" mechanism into the Access-Accept reply)? If so, you can do CoA without any caching because the NAS sends the correct username in accounting packets anyhow. You can work with those User-Names in the accounting section and hence to CoA there. Would that work for you?
Christian