[RADIATOR] EAPContext inner_identity

David Zych dmrz at illinois.edu
Wed Oct 9 16:06:23 CDT 2013


On Wed, 02 Oct 2013 18:21:47, Heikki Vatiainen wrote:
> It appears existence of {inner_identity} is considered also when
> deciding if the client should be allowed to do PEAP fast reconnect.
...
> I think the plan could be to introduce {inner_auth_success} and leave
> {inner_identity} just for logging and other such purposes.
> 
> Would you be interested in testing this?

That makes sense to me, and I'd be more than happy to test it on my dev
radius server (which has a dev wireless SSID pointed to it).

Full disclosure, though: as of this moment I would have no idea how to
specifically test the effect on PEAP Fast Reconnect.  (specifically, I
don't know how to make a client attempt to do a PEAP Fast Reconnect, or
to confirm afterward that it was successful -- since I assume if a PEAP
Fast Reconnect fails it will seamlessly fall back and do a regular full
authentication instead)

Thanks,
David


More information about the radiator mailing list