[RADIATOR] random EAP authentication errors since 4.17
Heikki Vatiainen
hvn at open.com.au
Tue Dec 13 06:16:01 UTC 2016
On 12.12.2016 17.45, Hartmaier Alexander wrote:
> please respond how to:
Hello Alex, I'll reply to your previous messages about these, but I'll
add quick notes below. Sometimes time just flies, I'm sorry for the slow
response.
> - log auth vs. session resumption
>
> - handle session resumption in PostAuthHooks
For these, you can currently check
Net::SSLeay::session_reused($context->{ssl}); are you wrote before. I'll
have an alternative too I have thought for this.
> - if the last_reply_attrs don't include the attributes added by a
> PostAuthHook
More about this in its own message. These attributes are from tunnelled
EAP's inner authentication. If you need to add, for example, VLAN
attributes with a Hook, we can see how to do that.
> - usability of FarmSize with PEAP-TLS when enabling EAP_UseState
EAP_UseState does not change this. It's the TLS state that lives within
the SSL library that ties one TLS based EAP authentication session to
one instance making it problematic with FarmSize (multiple instances).
Thanks,
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list