Arran Cudbard-Bell wrote:
> Am I right in thinking that for radius to be able to proxy eap 
> successfully, the request_list module would have to be updated to hold 
> information as to which home radius server the session
> was being handled by.

  No.  There has to be a separate in-memory table.

> With the sessions id being the unique acct id (which could be recorded 
> at the same time as the eap start message),

  Nope.  The Acct-Session-Id attribute isn't in the Access-Request most
of the time.

> and then direct future 
> packets to that server for an arbitrary length of time, say as long as 
> the nas's authentication timeout and/or until it detected a 
> accept/reject packet for that authentication session.

  Nope.  Just key off of (src ip/port, State), and map that to (dst
IP/port).  That's all that's needed.

  Alan DeKok.
--       - The web site of the book - The blog
List info/subscribe/unsubscribe? See

Reply via email to