new eap method: eap-ikev2
Alan DeKok
aland at ox.org
Sat Jan 14 23:06:41 CET 2006
"sdfsdv sdfdsf" <dr_ojboli at wp.pl> wrote:
> First, we can't find any kind of fast rekeying code in reeradius.
> Is freeradius supporting anyhow such thing? Any other eap method
> is using fast rekeying?
It's not implemented in the server.
> eap-ikev2 is using it's own id data to identify supplicant and
> sever, it can be different than eap id.
Please be specific. There EAP protocol Id's, which are 8-bit
numbers. Then there is the EAP-Identity. Which one do you mean?
> And we have a problem with users authorization, in a situation when
> eap id is different than internal ikev2 id, freeradius is giving
> access to user data (gathered in users.conf) only for users
> described by an eap id. Can eap method somehow access other users
> data?
I *think* what you mean is that the EAP-Identity is not the same as
the User-Name. Since FreeRADIUS is first a RADIUS server, it presumes
that the users identity is in the User-Name attribute.
You can change that in your module, if you want.
Alan DeKok.
More information about the Freeradius-Devel
mailing list