On 31 Oct 2014, at 11:12, Alan DeKok <aland@deployingradius.com> wrote:
The server has historically had problems dealing with authentication conversations that cross multiple packets. The existing "use_tunnel_reply" feature in TTLS and PEAP help, but aren't perfect. The behavior is not clear, and it's easy to get the configuration wrong.
It's also useful for rolling your own OTP systems, where the NAS does multiple rounds to send over the password and OTP token.
post-auth { ... update { reply += session-state } }
Hm, that syntax will likely generate warnings, I think this represents current best practice. post-auth { ... update { &reply: += &session-state: } } The colons can be omitted, it just makes it clearer it's a list to list copy. -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2