Multi-packet session state will be in version 3.0.5
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Fri Oct 31 18:04:01 CET 2014
> On 31 Oct 2014, at 11:12, Alan DeKok <aland at deployingradius.com> wrote:
>
> The server has historically had problems dealing with authentication
> conversations that cross multiple packets. The existing
> "use_tunnel_reply" feature in TTLS and PEAP help, but aren't perfect.
> The behavior is not clear, and it's easy to get the configuration wrong.
>
It's also useful for rolling your own OTP systems, where the NAS does
multiple rounds to send over the password and OTP token.
> post-auth {
> ...
> update {
> reply += session-state
> }
> }
>
Hm, that syntax will likely generate warnings, I think this represents
current best practice.
post-auth {
...
update {
&reply: += &session-state:
}
}
The colons can be omitted, it just makes it clearer it's a list to list copy.
-Arran
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
More information about the Freeradius-Users
mailing list