On 12/17/2012 04:53 PM, Jethro R Binks wrote: > Are there any reasons why I might chose not to enable fast connect/session > resumption? Other broken clients etc?
I do not know of any broken clients. The windows client was fine too, it was just more strict than the others. For the reasons of choosing to enable it or not, you would need to think the implications of fast reconnect not doing PEAP inner authentication. As an example, consider a case where a university campus has eduroam coverage across all campus buildings. However, the wireless networks for each campus building have a unique IP subnet. When a user authenticates for the first time in building A, Radiator assigns VLAN 123 for the user. The user then roams to another building where full authentication authorizes VLAN 124 but fast reconnect would return attributes from the previous full authentication still authorizing VLAN 123. This would be incorrect and probably shows as a connectivity problem for the user. In other words, if the inner authentication does some sort of policy or authorization decision that needs to be done for each network attachment (calculate remaining time, assign VLANs, etc.) then fast reconnect may not be useful. Thanks, Heikki -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
