Freeradius-Users Digest, Vol 23, Issue 90
Alan DeKok
aland at deployingradius.com
Wed Mar 21 09:01:29 CET 2007
Arran Cudbard-Bell wrote:
> Am I right in thinking that for radius to be able to proxy eap
> successfully, the request_list module would have to be updated to hold
> information as to which home radius server the session
> was being handled by.
No. There has to be a separate in-memory table.
> With the sessions id being the unique acct id (which could be recorded
> at the same time as the eap start message),
Nope. The Acct-Session-Id attribute isn't in the Access-Request most
of the time.
> and then direct future
> packets to that server for an arbitrary length of time, say as long as
> the nas's authentication timeout and/or until it detected a
> accept/reject packet for that authentication session.
Nope. Just key off of (src ip/port, State), and map that to (dst
IP/port). That's all that's needed.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Users
mailing list