Arran Cudbard-Bell wrote: > Am I right in thinking that for radius to be able to proxy eap > successfully, the request_list module would have to be updated to hold > information as to which home radius server the session > was being handled by.
No. There has to be a separate in-memory table. > With the sessions id being the unique acct id (which could be recorded > at the same time as the eap start message), Nope. The Acct-Session-Id attribute isn't in the Access-Request most of the time. > and then direct future > packets to that server for an arbitrary length of time, say as long as > the nas's authentication timeout and/or until it detected a > accept/reject packet for that authentication session. Nope. Just key off of (src ip/port, State), and map that to (dst IP/port). That's all that's needed. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html