FR 2.1.8 Issue - Unjustified(?) Access-Rejects.
Stefan Winter
stefan.winter at restena.lu
Tue Jan 12 15:04:31 CET 2010
Hi,
>> Is this likely to be a configuration error (no changes were made to the
>> 2.1.7 config), or a bug?
>>
> Try increasing the size of the cache. Try ensuring that there is
> always a User-Name in the inner tunnel. This user name is cached, and
> is checked on session resumption.
>
How does this work together with anonymous outer ids? I.e. if outer
User-Name = anon at foo.bar and the inner User-Name is stefan at foo.bar, then
the cache contains a session for stefan at foo.bar
On session resumption, there is no inner tunnel exchange, there's a
packet User-Name = anon at foo.bar and an EAP-Message with SSL magic (but
no inner User-Name)... So how does FreeRADIUS know what to look up in
the cache? Or am I missing something here?
Greetings,
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100112/a3bc69ac/attachment.pgp>
More information about the Freeradius-Users
mailing list