Arran Cudbard-Bell wrote:
Am I right in thinking that for radius to be able to proxy eap successfully, the request_list module would have to be updated to hold information as to which home radius server the session was being handled by.
No. There has to be a separate in-memory table.
With the sessions id being the unique acct id (which could be recorded at the same time as the eap start message),
Nope. The Acct-Session-Id attribute isn't in the Access-Request most of the time.
and then direct future packets to that server for an arbitrary length of time, say as long as the nas's authentication timeout and/or until it detected a accept/reject packet for that authentication session.
Nope. Just key off of (src ip/port, State), and map that to (dst IP/port). That's all that's needed. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog