EAP Session resumption && reply attributes
James J J Hooper
jjj.hooper at bristol.ac.uk
Sun Jan 17 16:52:32 CET 2010
Hi All,
When a client does session resumption:
cache { enable = yes} in eap.conf
The session User-Name (from previous access-accept) is restored from the
cache e.g:
[ttls] Skipping Phase2 due to session resumption
[ttls] Adding cached attributes to the reply:
User-Name = "ab1234"
In order to also return e.g. VLAN IDs (that could be computed from the
inner User-Name in a non-session-resumption enabled config), I can move
the config that sets the VLAN to the outer tunnel post-auth && ensure the
inner tunnel sets:
reply:outer User-Name to request:inner User-Name
and then key my VLAN computation (in outer post-auth) from reply:User-Name.
I can see other possibilities to do this (e.g. cache
Tunnel-Private-Group-Id in the TLS session cache), but the above seems ok
to me. Can anyone on the list spot any problems, something that I've
missed / gotchas with the above?
Many thanks,
James
More information about the Freeradius-Users
mailing list