On 12/20/2010 05:25 PM, Patrick Renkens wrote: > PostAuthHook to replace the default Tunnel-Private-Group-ID in the > reply-packet with the generated ID now runs OK. > > I placed the PostAuthHook after the AuthBy clause in the handler for the > outer tunnel. A first glance learns that it works. > But we assume that a re-authentication - for whatever reason - will > possible place the wireless client in a different VLAN. > Is there a way to preserve this behaviour, or to keep the session intact > with a re-authentication?
If I understood correctly, you have the same requirement that was discussed on this list previously: http://www.open.com.au/pipermail/radiator/2010-November/016769.html Please check the thread and see if EAPTLS_SessionResumption 0 does the trick for you. Thanks! > Kind regards, > Patrick Renkens > Centre for Information Services (UCI) > Radboud University Nijmegen, Netherlands > > > > > Op 12-11-2010 17:31, Patrick Renkens schreef: >> >> Hi All, >> >> We would like to dynamically assign VLAN's to wireless clients. >> All of the authentication process (inner and outer tunnel etc.) runs OK, >> but the last step should be assigning a dynamic VLAN ID >> (Tunnel-Private-Group-ID) to the client in a short range of ID's. >> >> Can this be done, and if so, how? >> >> I already wrote a small PostAuthHook that can generate a random VLAN-ID >> within this short range of ID's. It replaces the default >> Tunnel-Private-Group-ID in the reply-packet with the generated ID, but >> it doesn't do the trick. It does replace the Tunnel-Private-Group-ID but >> is has no affect on the process (so it seems). >> >> The reason for this feature is that the current VLAN is too small and we >> prefer to have several VLAN's for the wireless clients instead of a much >> larger single VLAN. >> >> Any other ideas or workarounds are also appreciated. >> >> Kind regards, >> Patrick Renkens >> Centre for Information Services (UCI) >> Radboud University Nijmegen, Netherlands >> >> >> _______________________________________________ >> radiator mailing list >> [email protected] >> http://www.open.com.au/mailman/listinfo/radiator >> > _______________________________________________ > radiator mailing list > [email protected] > http://www.open.com.au/mailman/listinfo/radiator -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
