Reply-message and supplicant

Alexander Clouter alex at
Sun Jun 7 16:26:58 CEST 2009

Arran Cudbard-Bell <a.cudbard-bell at> wrote:
>>> ... hmm that's pretty standard behaviour. We don't require FQUNs
>>> either.  Though I have no idea why you still insist on using user files
>>> for policies. There's this new fangled policy language you know :P
>> We *demand* it as otherwise the helpdesk get lazy and users start 
>> complaining that 'eduroam' does not work.
> Hmm that's a good point. I guess the difference is that we were doing
> 802.1X before eduroam and didn't want to effect legacy behaviour. Looks
> like were going down the everything under one SSID route now, so 'It
> just works' when users roam. Maybe we'll have to look at getting rid of
> none qualified usernames.
As us folks down here in London get (probably) more roaming than 
non-high university density areas it's a problem that's regular seen.  
It's a simple and effective way to avoid this problem and it seems to be 
behind about 80% of the reasons when users cannot roam.

>> Do you know of an *alternative* way to send human readable messages to 
>> sysadmin's at other sites?
> Eduroam VSAs.
> The EAP/Reply message combination is disallowed for a good reason, and
> i've seen it break things in real world scenarios.
> [snipped RFC grumblings]
Okay, okay, during my summer RADIUS refresh work I'll fix this.


Alexander Clouter
.sigmonster says: Life is a series of rude awakenings.
                  		-- R. V. Winkle

More information about the Freeradius-Users mailing list