On 02/24/2012 07:38 AM, Alan DeKok wrote:
TTLS doesn't generate it. My guess is that Cisco has invented something themselves which defines EAP-Key-Name. Find out what that is, and we can implement it in FreeRADIUS.
FWIW, a bit more digging shows section 1.4.1 of RFC 5247 is relevant, saying that: EAP-Key-Name = <eap type> || <eap session id> ...and appendix A lists Peer-Id, Server-Id and Session-Id values for existing methods. Sadly, since neither PEAP nor TTLS were ever standardised, it skips those :o( RFC 5216 suggests that EAP-TLS, and possibly all TLS-based methods in the absence of an alternative, might define EAP-Key-Name as: <eap type> || 0x0d || <tls client random> || <tls server random> But it's all very unclear, and I'm struggling to see what the point is; what is all this crud for?