Freeradius 2 , TTLS/PAP, multiples questions
Jérôme BERTHIER
jerome.berthier at inria.fr
Fri Apr 17 16:28:29 CEST 2009
Alan DeKok a écrit :
> Jérôme BERTHIER wrote:
>
>> Sorry. It means that when the NAS asks for reauthentification (after
>> reauth-period timeout has expired), clients won't stop trying to
>> re-connect using session resumption option again and again....
>> Here, an extract from freeradius debug :
>> [ttls] eaptls_process returned 3
>> [ttls] Skipping Phase2 due to session resumption
>> [ttls] FAIL: Forcibly stopping session resumption as it is not allowed.
>>
>
> What's "reauth-period"?
>
> If the session cache is enabled, then the entries should be deleted
> after "lifetime" hours. Once the entries are deleted, they will not be
> in the cache, and attempts to re-used the cached session should cause a
> re-negotiation.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
reauth-period is a NAS parameter. It specifies period after
reauthentification is needed.
When no cache is enabled on radius (eap.conf / cache / enable=no),
clients using NetworkManager are not able to re-negociate
authentification because they are always trying to resume their session.
I can't find any option to fix that on the client.
--
Jérôme BERTHIER
INRIA Bordeaux - Sud-Ouest
Service des Moyens Informatiques
05 24 57 40 50
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4304 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090417/923efefa/attachment.bin>
More information about the Freeradius-Users
mailing list