FR 2.1.8 Issue - Unjustified(?) Access-Rejects.
Arran Cudbard-Bell
arran.cudbard-bell at hp.com
Tue Jan 12 19:27:59 CET 2010
> Random info: PEAP/SoH in fact *does* send traffic inside the tunnel on
> session resumption - the spec has the SoH exchanged even when resumed,
> adding a round trip, but it doesn't re-run the inner mschap auth. Weird.
>
The authentication state hasn't changed if the session can be
re-established. The authorisation state however, may have, which is why
the SoH is sent on every authentication attempt.
If you didn't send the SoH on resumption, the neat 'spot check' and
periodic re-checking that you can do using various triggers for
re-authentication would go away.
-Arran
More information about the Freeradius-Users
mailing list