[RADIATOR] EAPContext inner_identity

Heikki Vatiainen hvn at open.com.au
Fri Oct 11 08:50:57 CDT 2013


On 10/10/2013 12:06 AM, David Zych wrote:

> That makes sense to me, and I'd be more than happy to test it on my dev
> radius server (which has a dev wireless SSID pointed to it).

Great, I'll get back to you when we have something to test.

> Full disclosure, though: as of this moment I would have no idea how to
> specifically test the effect on PEAP Fast Reconnect.  (specifically, I
> don't know how to make a client attempt to do a PEAP Fast Reconnect, or
> to confirm afterward that it was successful -- since I assume if a PEAP
> Fast Reconnect fails it will seamlessly fall back and do a regular full
> authentication instead)

When the client does successful fast reconnect, recent (4.11+) Radiators
log this 'EAP PEAP Session resumed' when Trace is set to 4.

The Windodws client offers a checkbox to turn this off, but it's very
automatic and if it fails or the server is configured not to support it,
the fallback is full authentication. There is no requirement it is
supported by either side.

Thanks,
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list