EAP Session resumption && reply attributes

James J J Hooper jjj.hooper at bristol.ac.uk
Sun Jan 17 22:49:38 CET 2010


On 17/01/2010 20:22, Alan Buxey wrote:
> Hi,
>
>> One thing to remember, is for *your* users roaming at other universities
>> to remember to remove the reply:User-Name attribute to protect the
>> guilty. :)
>
> the best thing to do for this is to create a new virtual server - eg 'eduroam' -
> which is identical to your normal stuff EXCEPT that it doesnt return VLANs etc.
> just ensure that this virtual server is only called when a request comes from
> the national proxies (or perhaps, just not one of your own NAS - eg properly
> assign your own NAS to their own internal virtual server) - et voila...you
> cannot accidentally mess up remote connections etc

yep - that's what we are already doing for eduroam ;-)

-James



More information about the Freeradius-Users mailing list