18 Sep
2015
18 Sep
'15
8:26 a.m.
On Sep 18, 2015, at 8:15 AM, Nick Lowe <nick.lowe@gmail.com> wrote:
I didn't think we could reliably know at the RADIUS sever if it's a new authentication or a re-authentication taking place?
You can tell if the EAP session is being resumed. You can tell if the EAP session is coming from the same MAC, AP, etc.
Definitely an area where we could do with clarification in the spec. Hmm :(
The IETF operates at a speed which sometimes outruns glaciers. I've been talking with a few people about just writing our own "best practice" documents and putting them on the FreeRADIUS web site. If we can get multiple vendors to buy into the idea, we can create our own de facto standards. Alan DeKok.