(RADIATOR) Problems with TTLS session resume

[Roy Badami]

>>>>> "Terry" == Terry Simons <galimore at mac.com> writes:

    Terry> It's a shared media, so everybody is connected to the same
    Terry> "port".  It doesn't make much sense to use the NAS-Port
    Terry> attribute otherwise, and seems like it would be better to
    Terry> simply send only the NAS-Port-Type specifying wireless
    Terry> connectivity.

Who knows why Cisco do it this way.  It's useful to allow you to tie
up accounting requests with autehntication requests, but then that's
only necessary because Cisco don't include an Acct-Session-Id
attribute in their authentication requests.

    Terry> So this should work assuming Radiator sends back an
    Terry> MS-MPPE-KEY message to the newly-associated AP, otherwise
    Terry> the AP can't key you correctly.  So it sounds like this
    Terry> *could* be made to work with Radiator.

Indeed.  I'm pretty sure this is possible.  It's particularly useful
if you're using token cards, and you don't want the users to have to
reauthenticate with their token every time they roam between APs on
your network.

     -roy


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.