On 1/17/2010 8:37 AM, Alexander Clouter wrote:
James J J Hooper<[email protected]> wrote:In order to also return e.g. VLAN IDs (that could be computed from the inner User-Name in a non-session-resumption enabled config), I can move the config that sets the VLAN to the outer tunnel post-auth&& ensure the inner tunnel sets: reply:outer User-Name to request:inner User-Name and then key my VLAN computation (in outer post-auth) from reply:User-Name.We have been doing authorisation depending on the outer layer since summer.
How did you get around the "my policy rejects you now, but i've already sent a tunneled success TLV in the TLS tunnel and you're now ignoring my EAP-Failure messages" issue... or are you just happily ignoring it/ encouraging adoption of TTLS-PAP like I was? :)
-Arran
smime.p7s
Description: S/MIME Cryptographic Signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
