Reply-message and supplicant
alex at digriz.org.uk
Sun Jun 7 16:26:58 CEST 2009
Arran Cudbard-Bell <a.cudbard-bell at sussex.ac.uk> wrote:
>>> ... hmm that's pretty standard behaviour. We don't require FQUNs
>>> either. Though I have no idea why you still insist on using user files
>>> for policies. There's this new fangled policy language you know :P
>> We *demand* it as otherwise the helpdesk get lazy and users start
>> complaining that 'eduroam' does not work.
> Hmm that's a good point. I guess the difference is that we were doing
> 802.1X before eduroam and didn't want to effect legacy behaviour. Looks
> like were going down the everything under one SSID route now, so 'It
> just works' when users roam. Maybe we'll have to look at getting rid of
> none qualified usernames.
As us folks down here in London get (probably) more roaming than
non-high university density areas it's a problem that's regular seen.
It's a simple and effective way to avoid this problem and it seems to be
behind about 80% of the reasons when users cannot roam.
>> Do you know of an *alternative* way to send human readable messages to
>> sysadmin's at other sites?
> Eduroam VSAs.
> The EAP/Reply message combination is disallowed for a good reason, and
> i've seen it break things in real world scenarios.
> [snipped RFC grumblings]
Okay, okay, during my summer RADIUS refresh work I'll fix this.
.sigmonster says: Life is a series of rude awakenings.
-- R. V. Winkle
More information about the Freeradius-Users