freeradius retransmit of EAP-TTLS start packet with incorrect packet id
Alan DeKok
aland at deployingradius.com
Tue Nov 20 16:42:19 CET 2012
Phil Mayers wrote:
> Ooh, really? What solution did you hit on?
Cache reply by "State".
authorize {
cached_reply
...
}
post-auth {
...
cached_reply
}
It returns "handled" in the "authorize" section if it finds a matching
State.
On authorize it does:
if (cache[request State]) {
send cached reply attrs
handled
}
On post-auth it does:
cache[request State] = 0
cache[reply State] = reply attrs
It should work, I think. So if you have an intermediate proxy fail,
the RADIUS re-transmit won't hit. But this will catch the retransmitted
packet, which has the same State as a previous reply.
Alan DeKok.
More information about the Freeradius-Users
mailing list