EAP Session resumption && reply attributes
Arran Cudbard-Bell
arran.cudbard-bell at hp.com
Thu Jan 21 00:36:06 CET 2010
On 1/17/2010 8:37 AM, Alexander Clouter wrote:
> James J J Hooper<jjj.hooper at bristol.ac.uk> wrote:
>
>> In order to also return e.g. VLAN IDs (that could be computed from the
>> inner User-Name in a non-session-resumption enabled config), I can move
>> the config that sets the VLAN to the outer tunnel post-auth&& ensure the
>> inner tunnel sets:
>> reply:outer User-Name to request:inner User-Name
>> and then key my VLAN computation (in outer post-auth) from reply:User-Name.
>>
>>
> We have been doing authorisation depending on the outer layer since
> summer.
>
How did you get around the "my policy rejects you now, but i've already
sent a tunneled success TLV in the TLS tunnel and you're now ignoring my
EAP-Failure messages" issue... or are you just happily ignoring it/
encouraging adoption of TTLS-PAP like I was? :)
-Arran
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6146 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100120/e4497f79/attachment.bin>
More information about the Freeradius-Users
mailing list