On 24.1.2017 13.39, Hartmaier Alexander wrote:

Could you move the storage of reply attributes into the resume context
to a point after PostAuthHook is called so this isn't required?

I think we'll need to think about an interface for this. This discussion has been useful to understanding the custom use cases, so rather than moving it, I' say it's better to provide a documented call or similar to do this.

The latter is EAP-TTLS and the problem is PEAP/EAP-TLS?
We don't use EAP-TTLS, only PEAP-TLS and EAP-TLS. EAP-TLS works, also
resumption, PEAP-TLS doesn't.

Ah, sorry, I read EAP-TLS twice.

What kind of logs do you need? I could mail you the packet capture as a
starting point, but we haven't had debugging enabled at that time, just
log level 3 where no sign of the mentioned request with id 57 can be seen.

I trace 4 log would be best. If you create one, just send it to me directly since the list does now allow large attachments.

That's a possibility since the adjustment is 40 which seems to be too
little since you need 50. We probably need to update this value.
I see, please document this value in ref.pdf.
Which formula can be used to calculate this value?

It's not calculated but an estimate that was based on watching how it worked with different certificate chains. It's a good idea to get this documented.


Heikki Vatiainen <h...@open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
radiator mailing list

Reply via email to