Hi, * Panagiotis Georgopoulos <panos@comp.lancs.ac.uk> [2010-09-24 16:09:18+0100]:
I am resending this to the list as the debugging output was more than 100KB and the message was rejected.
Alexander who was copied in my email, kindly provided feedback already. In short, "use_tunneled_reply = yes" should be able to solve the problem with session resumption in FR 2.1.10, although I understand that break the end client's privacy as it reveals its identity to the NAS.
Trivially solved with some unlang. You actually need the User-Name in the outer layer, otherwise you would be unable to do any user-based authorisation (if that sort of thing is important).
When I test it I'll get back to you as I am guessing this interests more people.
In your 'post-auth' section add (and have some CUI action too): ---- post-auth { .... if ((request:Chargeable-User-Identity)) { update reply { # md5(cui_hash_key + user@realm) Chargeable-User-Identity := "%{md5:%{config:local.MY.cui_hash_key}%{reply:User-Name}}" } if (request:Chargeable-User-Identity != "\\000") { if (request:Chargeable-User-Identity != reply:Chargeable-User-Identity) { update reply { Reply-Message := "CUI Mismatch" } reject } } } # protect the guilty update reply { User-Name !* ANY } .... } ---- Cheers -- Alexander Clouter .sigmonster says: I brought my BOWLING BALL -- and some DRUGS!!