EAP-TTLS session resumption does not work.

hashimotoku at nttdata.co.jp hashimotoku at nttdata.co.jp
Mon May 12 12:58:06 CEST 2014 

Hello FreeRadius mailing list users.

I am using FreeRadius on our WiFi system.
I enabled EAP-TTLS session resumption,
but it seems the functionality does not work well.

- Our system.
(a)WiFi supplicant -- (b)WiFi access point
 -- (c)WiFi Controler -- (d)FreeRadius 
  -- (e)RADIUS server

(d) listen on 10.180.4.19:18120.
(e) listen on 127.0.0.1:18150.
(d) and (e) are installed on the same server.

- Authentication Method.
Outer authentication: EAP-TTLS
Inner authentication: PAP

We are using one-time-password on RADIUS server(e) for authentication.

- Symptom.
(1)[Near the access point A]
 I input my username and password (authenticate)
 on supplicant installed in my laptop PC,
 then I can connect our WiFi network.

(2)[Move from the access point A to the access point B]
 I move my laptop PC.
 Access point hands over from A to B.

(3)[Near the access point B]
 I lost WiFi connectivity.
 To connect WiFi again, I have to re-enter username and password.

- Wish.
I want to resume WiFi connectivity automatically
without one-time-password authentication,
when I move between WiFi access point.

- FreeRadius version.
3.0.1

- Below is our configuration <radiusd.conf>.

etcdir = /usr/local/freeradius/etc
confdir = ${etcdir}/raddb
pidfile = /var/run/radius/freeradius.pid
max_requests = 1024

listen {
 ipaddr = 10.180.4.19
 port = 18120
 type = auth
}

authorize {
 eap
}
authenticate {
 eap
}
post-proxy {
 eap
}

server inner-tunnel {
 authorize {
  update control {
   Proxy-To-Realm := "tinyradius"
  }
 }
 authenticate {
  eap
 }
}

modules {
 eap {
  default_eap_type = ttls
  max_sessions = 16384
  timer_expire = 120

  tls-config tls-common {
   certsdir = ${confdir}/certs
   private_key_file = ${certsdir}/our.key
   certificate_file = ${certsdir}/our.cer
   dh_file = ${certsdir}/dh
   cache {
    enable = yes
    lifetime = 12
    max_entries = 1024
   }
  }
  ttls {
   tls = tls-common
   virtual_server = inner-tunnel
  }
 }
}

client 10.0.0.0/8 {
 secret = xxxx
}

realm tinyradius {
 authhost = 127.0.0.1:18150
 secret = xxxx
 nostrip
}

log {
 destination = syslog
 facility = local1
}

Regards.

---
Kouki Hashimoto
hashimotoku at nttdata.co.jp

More information about the Freeradius-Users mailing list