FR 2.1.8 Issue - Unjustified(?) Access-Rejects.

Stefan Winter stefan.winter at
Tue Jan 12 15:04:31 CET 2010


>> Is this likely to be a configuration error (no changes were made to the
>> 2.1.7 config), or a bug?
>   Try increasing the size of the cache.  Try ensuring that there is
> always a User-Name in the inner tunnel.  This user name is cached, and
> is checked on session resumption.

How does this work together with anonymous outer ids? I.e. if outer
User-Name = anon at and the inner User-Name is stefan at, then
the cache contains a session for stefan at

On session resumption, there is no inner tunnel exchange, there's a
packet User-Name = anon at and an EAP-Message with SSL magic (but
no inner User-Name)... So how does FreeRADIUS know what to look up in
the cache? Or am I missing something here?



Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Freeradius-Users mailing list