FR 2.1.8 Issue - Unjustified(?) Access-Rejects.

Bjørn Mork bjorn at mork.no
Tue Jan 12 16:00:56 CET 2010 

Alan DeKok <aland at deployingradius.com> writes:
> Palmer J.D.F. wrote:
>> We migrated to 2.1.8 (from 2.1.7) last week while things were quiet, as
>> the users have re-appeared after the holiday we've started to receive a
>> few reports from users stating that they have been getting lots of
>> prompts for credentials.
>
>   The log says:
>
>  ... WARNING: No information in cached session!
>
>   This means that the session wasn't cached, and they are trying to
> resume a session that never was started.  The change in 2.1.8 is there
> to work around a bug in OpenSSL.
>
>   The only other alternative is that they *are* resuming a valid
> session, but (a) after the session has timed out, or (b) where no
> User-Name was cached from the inner tunnel session.


Don't know if it's relevant, but I briefly tried to enable caching on my
home network after installing 2.1.8 and could not make it work.  It
wasn't important to me, so I just disabled it.  Haven't reported it
earlier as I suspected (and still does...) that I was doing something
wrong.  But here are the log messages anyway, in the event that they
are symptoms of a real problem:

I got this after a sucessful first authentication:

Tue Jan  5 19:00:21 2010 : Info: [ttls] Got tunneled Access-Accept
Tue Jan  5 19:00:21 2010 : Info: [ttls] Saving response in the cache
Tue Jan  5 19:00:21 2010 : Info: [ttls] WARNING: No information to cache: session caching will be disabled for this session.

Then, as I guess is expected based on the above, on reauth (please
ignore the timestamps - these are not matched samples):

Tue Jan  5 18:18:15 2010 : Info: [eap] Request found, released from the list
Tue Jan  5 18:18:15 2010 : Info: [eap] EAP/ttls
Tue Jan  5 18:18:15 2010 : Info: [eap] processing type ttls
Tue Jan  5 18:18:15 2010 : Info: [ttls] Authenticate
Tue Jan  5 18:18:15 2010 : Info: [ttls] processing EAP-TLS
Tue Jan  5 18:18:15 2010 : Info: [ttls] eaptls_verify returned 7 
Tue Jan  5 18:18:15 2010 : Info: [ttls] Done initial handshake
Tue Jan  5 18:18:15 2010 : Info: [ttls]     TLS_accept: SSLv3 read finished A 
Tue Jan  5 18:18:15 2010 : Info: [ttls]     (other): SSL negotiation finished successfully 
Tue Jan  5 18:18:15 2010 : Info: [ttls] eaptls_process returned 3 
Tue Jan  5 18:18:15 2010 : Info: [ttls] Skipping Phase2 due to session resumption
Tue Jan  5 18:18:15 2010 : Info: [ttls] WARNING: No information in cached session!
Tue Jan  5 18:18:15 2010 : Info: [eap] Freeing handler
Tue Jan  5 18:18:15 2010 : Info: ++[eap] returns reject


Bjørn

More information about the Freeradius-Users mailing list