EAP-TTLS first connection works, other won't
Giovanni Lovato
giovanni.lovato at aldu.net
Fri Oct 3 14:51:49 CEST 2008
Alan DeKok wrote:
> Giovanni Lovato wrote:
>> I set up freeradius 2.1.1 for EAP-TTLS, on Debian Lenny. As client I'm
>> using Ubuntu. When I try to connect, first user, (on the logs, "heruan")
>> connect successfully, but subsequent users (e.g. "jamila") won't. If I
>> restart freeradius, and try to connect first with "jamila" and then with
>> "heruan", "jamila" connects and "heruan" doesn't. The only error I'm
>> able to see on the log is:
>>
>> 798:[ttls] FAIL: Forcibly stopping session resumption as it is not allowed.
>
> ? Session resumption is done on a per-user basis. Session resumption
> for one user does NOT affect other users.
>
> The only way that this can happen is if you use one user name for the
> first session, and then using the *same* SSL data, try to authenticate
> using a different User-Name.
>
> All I can say is I can't reproduce this on my system.
Mmmm... After a little more investigation, I think it's the AP that
cause the problem: it receive an Access-Accept but ignores it, sends
another Access-Request and FR correctly generates an Access-Reject
because of the duplicate request. So it's not a FR issue, but if someone
has an advice on how to debug this, any help will be appreciated!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3436 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20081003/972871fb/attachment.bin>
More information about the Freeradius-Users
mailing list