reauth-problem with WPA2-tls

Andreas Hartmann andihartmann at 01019freenet.de
Thu Jun 3 07:36:12 CEST 2010


Andreas Hartmann schrieb:
> David Mitchell schrieb:
>> Alan DeKok wrote:
>>> Andreas Hartmann wrote:
>>>> In eap.conf, the option eap -> tls -> cache -> enable is switched off
>>>> and fast_reauth in wpa_supplicant is enabled.
>>>
>>>   Uh... that makes no sense.
>>>
>>>   You've disabled caching (i.e fast re-auth) on the server, and enabled
>>> it on the client.  Why are you surprised that fast re-auth isn't working?
>>
>> I've seen similar problems between FreeRadius and wpa_supplicant both
>> with and without the cache enabled. Getting wpa_supplicant to restart
>> seems to clear it temporarily.
> 
> Well, I took your realization to implement the following workaround:
> 
> Caching is enabled in freeradius, fast_reauth is switched on in
> wpa_supplicant.
> 
> I set the reauth-timeout of the AP to 2 hours. On the supplicant, I
> started a cronjob, which HUP's the supplicant each 59 minutes. That's
> the way how the supplicant is prevented to do a fast reauth (which
> doesn't really work). A full reauth isn't necessary too, because of the
> sig hup all 59 minutes, which is done like this:
> 
> rad_recv: Accounting-Request packet from host 192.168.1.9 port 2049,
> id=112, length=177
>         Acct-Session-Id = "0000001B-00000007"
>         Acct-Status-Type = Stop
>         Acct-Authentic = RADIUS
>         User-Name = "myuser at mydom"
>         NAS-Port = 0
>         Called-Station-Id = "00-25-...:mylan"
>         Calling-Station-Id = "00-13-..."
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         Acct-Session-Time = 358
>         Event-Timestamp = "Jan  1 1970 02:26:18 CET"
			     ^^^^^^^^^^^^^^^^^^^^^^^^

Hmmm, where does this funny Event-Timestamp comes from? All my times of
client and server are ok. Otherwise, I can't find any way to set the
time at the AP (linksys WAP610N)? Is there any way?

clueless ...


Kind regards,
Andreas



More information about the Freeradius-Users mailing list