Cannot lookup EAP user on reauthentication (PEAP/TTLS)
aland at deployingradius.com
Mon May 30 06:06:34 PDT 2022
On May 27, 2022, at 9:09 PM, James Prestwood <prestwoj at gmail.com> wrote:
> I believe its looking it up directly from the reauth command:
OK, so that's the piece which was missing.
The reauth command could just re-authenticate a particular port. In which case (IIRC) t only needs to know the MAC which was authenticated.
> And you're right, I'm not sure why it needs to look up the identity at
> this point. It could just send an identity request to the station, wait
> for whatever identity is sent back, and use that for the lookup. This
> would put the burden on the station to send the correct identity. But
> in any case, this is what it does.
That seems correct. If the supplicant sends the same identity, the previously cached one will be found. If the supplicant sends a different identity, then they have to do a full re-authentication.
More information about the Hostap