new eap method: eap-ikev2

Alan DeKok aland at ox.org
Sat Jan 14 23:06:41 CET 2006


"sdfsdv sdfdsf" <dr_ojboli at wp.pl> wrote:
> First, we can't find any kind of fast rekeying code in reeradius. 
> Is freeradius supporting anyhow such thing? Any other eap method 
> is using fast rekeying?

  It's not implemented in the server.

> eap-ikev2 is using it's own id data to identify supplicant and 
> sever, it can be different than eap id.

  Please be specific.  There EAP protocol Id's, which are 8-bit
numbers. Then there is the EAP-Identity.  Which one do you mean?

> And we have a problem with users authorization, in a situation when
> eap id is different than internal ikev2 id, freeradius is giving
> access to user data (gathered in users.conf) only for users
> described by an eap id.  Can eap method somehow access other users
> data?

  I *think* what you mean is that the EAP-Identity is not the same as
the User-Name.  Since FreeRADIUS is first a RADIUS server, it presumes
that the users identity is in the User-Name attribute.

  You can change that in your module, if you want.

  Alan DeKok.




More information about the Freeradius-Devel mailing list