Session Resumption fails

Alexander Clouter alex at digriz.org.uk
Tue Oct 5 11:23:14 CEST 2010


Panagiotis Georgopoulos <panos at comp.lancs.ac.uk> wrote:
> 
> #Debug:   SSL: adding session
> 5705534d65ddd08de3b8649528274c1bc4e3d648bef7b643ffaf0f647afcac73 to cache
> 
> ... what I never ever see though is to try and do session resumption (i.e.
> see "Skipping Phase2 due to session resumption"). How can I fix/debug that?
> 
> Is anyone using session resumption successfully in 2.1.10?
>        
Sorry for the late reply, just tested it now and it works fine for me in 
2.1.10.

----
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/lanwarden
+- entering group EAP {...}
[EAP] Request found, released from the list
[EAP] EAP/ttls
[EAP] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7 
[ttls] Done initial handshake
[ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001]  
[ttls] <<< TLS 1.0 Handshake [length 0010], Finished  
[ttls]     TLS_accept: SSLv3 read finished A
[ttls]     (other): SSL negotiation finished successfully
SSL Connection Established 
SSL Application Data
[ttls] eaptls_process returned 3 
[ttls] Skipping Phase2 due to session resumption
[ttls] Adding cached attributes to the reply:
        User-Name = "ac56 at soas.ac.uk"
        Stripped-User-Name = ""
[EAP] Freeing handler
++[EAP] returns ok

[snipped]

[detail.lanwarden]      expand: 
/var/log/freeradius/radacct/detail.lanwarden.%Y%m%d -> 
/var/log/freeradius/radacct/detail.lanwarden.20101005
[detail.lanwarden] /var/log/freeradius/radacct/detail.lanwarden.%Y%m%d 
expands to /var/log/freeradius/radacct/detail.lanwarden.20101005
[detail.lanwarden]      expand: %t (%{Packet-Src-IP-Address}:%{Packet-Src-Port} -> %{Packet-Dst-IP-Address}:%{Packet-Dst-Port}) -> Tue Oct  5 10:19:28 2010 (172.16.3.124:32768 -> 212.219.238.4:1812)
++[detail.lanwarden] returns ok
} # server lanwarden
Sending Access-Accept of id 23 to 172.16.3.124 port 32768
        Session-Timeout = 30
        Termination-Action = RADIUS-Request
        MS-MPPE-Send-Key = <trim>
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Type:0 = VLAN
        Operator-Name = "1soas.ac.uk"
        Message-Authenticator = 0x00000000000000000000000000000000
        Acct-Interim-Interval = 600
        User-Name = "ac56 at soas.ac.uk"
        MS-MPPE-Recv-Key = <trim>
        EAP-Message = 0x03030004
        Tunnel-Private-Group-Id:0 = ""
Finished request 11.
----

Cheers

-- 
Alexander Clouter
.sigmonster says: Robustness, adj.:
                  	Never having to say you're sorry.




More information about the Freeradius-Users mailing list