Interesting EAP-TLS condition, any insights?
Alan DeKok
aland at ox.org
Fri Dec 23 18:32:32 CET 2005
"Timothy J. Miller" <tmiller at mitre.org> wrote:
> However, the AP holds the authentication pending but *leaves the
> client fully connected*. This means that as long as an incomplete
> reauthentication is pending, a previously-authenticated client
> remains online. Not the effect I was looking for.
That would appear to be a bug in the AP. I'd be curious to know how
many AP's have that bug. If so, it would be a very, very, serious
problem.
I'm not sure how to fix that, to be honest. There's little you can
do on the RADIUS server to make the AP work.
My only suggestion is to try another AP. If that works, mail Cisco,
and tell them about the bug.
Alan DeKok.
More information about the Freeradius-Users
mailing list