confusion about radius.log entries

[Winders, Timothy A]

There is no session timeout setting.  The idle timeout was set to 5 minutes.  I have changed that to 10 hours.  This should help clients, especially phones and tablets, not have to reauth everytime the device goes to sleep.

I am still seeing some clients with the same continuous reauthentication pattern.  Most seem to be OK after upgrading from FR 3.0.7 to 3.0.9.  I know that makes no sense.  I put it out there for information only.

We do have the Cisco settings for "Client Load Balancing" and "Client Band Select" enabled.

I do see my account with multiple repeated auth attempts (all show Login OK) in short periods of time.  This appears to be when I was moving across campus or within earshot of multiple Aps.  I’m not sure why multiple auths would be showing up in radius.log in that situation, though.

Still seems like a bad controller setting.  I may try disabling the cisco options mentioned above tonight and see what happens tomorrow…

-- 
Tim Winders
Associate Dean of Information Technology
South Plains College
(806) 716-2369

From:  Alan Buxey
Date:  Wednesday, August 26, 2015 at 4:29 AM
To:  FreeRadius users mailing list, Timothy Winders
Subject:  Re: confusion about radius.log entries

They shouldn't be reauthenticating when bouncing from AP to AP. Check your mobility settings on the controller and any eg load balancing methods you have on. Also, what's your session timeout? 

Alan 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5765 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150826/09fd7337/attachment-0001.bin>