Freeradius-Users Digest, Vol 23, Issue 90

Alan DeKok aland at deployingradius.com
Wed Mar 21 09:01:29 CET 2007


Arran Cudbard-Bell wrote:
> Am I right in thinking that for radius to be able to proxy eap 
> successfully, the request_list module would have to be updated to hold 
> information as to which home radius server the session
> was being handled by.

  No.  There has to be a separate in-memory table.

> With the sessions id being the unique acct id (which could be recorded 
> at the same time as the eap start message),

  Nope.  The Acct-Session-Id attribute isn't in the Access-Request most
of the time.

> and then direct future 
> packets to that server for an arbitrary length of time, say as long as 
> the nas's authentication timeout and/or until it detected a 
> accept/reject packet for that authentication session.

  Nope.  Just key off of (src ip/port, State), and map that to (dst
IP/port).  That's all that's needed.

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog



More information about the Freeradius-Users mailing list