Cache errors(?) - single device

Marcin Marszałkowski m.marszal at wp.pl
Wed Sep 11 11:28:03 CEST 2019 

> Alan DeKok <aland at deployingradius.com> w dniu 09.09.2019, o godz. 15:43:
>  It *does* show you what the server is doing, and *why* it added attributes to Access-Accept.


So, I've run a couple of tests (roaming between clients) with cache disabled and enabled.

Cache disabled debug:

(11) eap: Expiring EAP session with state 0x8afdaa7a8369b374
(11) eap: Finished EAP session with state 0x8afdaa7a8369b374
(11) eap: Previous EAP request found for state 0x8afdaa7a8369b374, released from the list
(11) eap: Peer sent packet with method EAP PEAP (25)
(11) eap: Calling submodule eap_peap to process data
(11) eap_peap: Continuing EAP-TLS
(11) eap_peap: [eaptls verify] = ok
(11) eap_peap: Done initial handshake
(11) eap_peap: [eaptls process] = ok
(11) eap_peap: Session established.  Decoding tunneled attributes
(11) eap_peap: PEAP state send tlv success
(11) eap_peap: Received EAP-TLV response
(11) eap_peap: Success
(11) eap_peap: Using saved attributes from the original Access-Accept
(11) eap_peap:   Session-Timeout = 86400
(11) eap_peap:   Termination-Action = RADIUS-Request
(11) eap_peap:   Fall-Through = Yes
(11) eap_peap:   Acct-Interim-Interval = 300
(11) eap_peap:   Tunnel-Type = VLAN
(11) eap_peap:   Tunnel-Medium-Type = IEEE-802
(11) eap_peap:   Tunnel-Private-Group-Id = "14"
(11) eap_peap:   User-Name = "Martin"
(11) eap: Sending EAP Success (code 3) ID 148 length 4
(11) eap: Freeing handler
(11)     [eap] = ok
(11)   } # authenticate = ok

Cache enabled debug:

(18) eap: Expiring EAP session with state 0x9049ed0d92dcf470
(18) eap: Finished EAP session with state 0x9049ed0d92dcf470
(18) eap: Previous EAP request found for state 0x9049ed0d92dcf470, released from the list
(18) eap: Peer sent packet with method EAP PEAP (25)
(18) eap: Calling submodule eap_peap to process data
(18) eap_peap: Continuing EAP-TLS
(18) eap_peap: [eaptls verify] = ok
(18) eap_peap: Done initial handshake
(18) eap_peap: [eaptls process] = ok
(18) eap_peap: Session established.  Decoding tunneled attributes
(18) eap_peap: PEAP state send tlv success
(18) eap_peap: Received EAP-TLV response
(18) eap_peap: Success
(18) eap_peap: No saved attributes in the original Access-Accept
(18) eap_peap:   &request:EAP-Session-Resumed := 1
(18) eap: Sending EAP Success (code 3) ID 149 length 4
(18) eap: Freeing handler
(18)     [eap] = ok
(18)   } # authenticate = ok


Without cache, all AVP are retrieved from sql; with cache that step is skipped and cache doesn’t save AVP.
If it’s required, I can post full debug or attached it as file ;-)
Any ideas what might be going wrong with saving AVP in cache?

More information about the Freeradius-Users mailing list