Cached attributes

Christian Strauf strauf at
Thu Feb 25 14:51:03 CET 2016

>Yes, I introduced a new attribute Inner-User-Name and I am setting a 
>value in the inner tunnel server. However, this does not get saved to 
>the SSL/TLS cache so when there is an authentication for a resumed 
>session, we can't access that attribute.
>I'm trying to figure out how to cache other stuff with the TLS 
>attributes that can be pulled back later on.
Do you receive the inner User-Name in accounting packets (e. g. because you copied it with the "session-state" mechanism into the Access-Accept reply)? If so, you can do CoA without any caching because the NAS sends the correct username in accounting packets anyhow. You can work with those User-Names in the accounting section and hence to CoA there. Would that work for you?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2172 bytes
Desc: not available
URL: <>

More information about the Freeradius-Users mailing list