Failed (re-)authentification after some time...

Jan Zacharias janz at dfki.de
Mon Aug 16 16:04:43 CEST 2010


Something strange is going on: we do re-authentification every ten seconds with
one WinXP SP3 client

hooked up to a Cisco 3560G Switch. The reauth interval is small to stress-test
the setup.

 

It works w/a problems for 1-2 Days, then we get:

 

 

Sun Aug 15 10:00:51 2010 : Auth: Login OK: [jan/<via Auth-Type = EAP>] (from
client swba1-00-test port 0 via TLS tunnel)
Sun Aug 15 10:00:51 2010 : Auth: Login OK: [jan/<via Auth-Type = EAP>] (from
client swba1-00-test port 50043 cli 00-08-74-46-34-F7)
Sun Aug 15 10:01:05 2010 : Auth: Login OK: [jan/<via Auth-Type = EAP>] (from
client swba1-00-test port 0 via TLS tunnel)
Sun Aug 15 10:01:05 2010 : Auth: Login OK: [jan/<via Auth-Type = EAP>] (from
client swba1-00-test port 50043 cli 00-08-74-46-34-F7)
Sun Aug 15 10:01:20 2010 : Auth: Login OK: [jan/<via Auth-Type = EAP>] (from
client swba1-00-test port 0 via TLS tunnel)
Sun Aug 15 10:01:20 2010 : Auth: Login OK: [jan/<via Auth-Type = EAP>] (from
client swba1-00-test port 50043 cli 00-08-74-46-34-F7)
Sun Aug 15 10:01:39 2010 : Error: Discarding duplicate request from client
swba1-00-test port 1645 - ID: 157 due to unfinished request 125603
Sun Aug 15 10:01:44 2010 : Error: Child PID 30686 is taking too much time:
forcing failure and killing child.
Sun Aug 15 10:01:44 2010 : Auth: Login incorrect: [jan/<via Auth-Type = EAP>]
(from client swba1-00-test port 0 via TLS tunnel)
Sun Aug 15 10:01:44 2010 : Auth: Login incorrect: [jan/<via Auth-Type = EAP>]
(from client swba1-00-test port 50043 cli 00-08-74-46-34-F7)

 

The last two entries are due to the crappy windows client. If auth fails once,
it thinks, that the saved

auth info is wrong and deletes it, querying the user to enter mschap(PEAP)
login/pw again.

 

The entry Sun Aug 15 10:01:39 2010 is interesting as no client was connected to
port 1645 at that time

and the two days before, however it seems as if this triggers the timeout
initially.

 

My question: can I somehow extend the timeout or do anything else to prevent
this from happening?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100816/62948029/attachment.html>


More information about the Freeradius-Users mailing list