Cache errors(?) - single device

Alan DeKok aland at deployingradius.com
Wed Sep 11 13:19:15 CEST 2019


On Sep 11, 2019, at 5:28 AM, Marcin Marszałkowski <m.marszal at wp.pl> wrote:
> 
> So, I've run a couple of tests (roaming between clients) with cache disabled and enabled.
> ...
> Cache enabled debug:
> 
> (18) eap: Expiring EAP session with state 0x9049ed0d92dcf470
> (18) eap: Finished EAP session with state 0x9049ed0d92dcf470
> (18) eap: Previous EAP request found for state 0x9049ed0d92dcf470, released from the list
> (18) eap: Peer sent packet with method EAP PEAP (25)
> (18) eap: Calling submodule eap_peap to process data
> (18) eap_peap: Continuing EAP-TLS
> (18) eap_peap: [eaptls verify] = ok
> (18) eap_peap: Done initial handshake
> (18) eap_peap: [eaptls process] = ok
> (18) eap_peap: Session established.  Decoding tunneled attributes
> (18) eap_peap: PEAP state send tlv success
> (18) eap_peap: Received EAP-TLV response
> (18) eap_peap: Success
> (18) eap_peap: No saved attributes in the original Access-Accept
> (18) eap_peap:   &request:EAP-Session-Resumed := 1
> (18) eap: Sending EAP Success (code 3) ID 149 length 4
> (18) eap: Freeing handler
> (18)     [eap] = ok
> (18)   } # authenticate = ok

  There are a LOT more messages than that.  Including messages which talk about restoring cached attributes.

  Honestly, *read* the debug output.  ALL OF IT.  If there's nothing about the cache, then you didn't configure the cache properly.

  I fail to understand why you're only looking at the final access accept.   The REST of the debug output shows more information about previous actions, like caching...

> Without cache, all AVP are retrieved from sql; with cache that step is skipped and cache doesn’t save AVP.

  Yes, if you *read* the debug outputs you'll see why.  There's no "inner-tunnel" being run for the cached session.

> If it’s required, I can post full debug or attached it as file ;-)
> Any ideas what might be going wrong with saving AVP in cache?

  TBH, first upgrade to the v3.0.x branch on GitHub.  I'm pretty sure I already suggest this.  That makes caching easier to configure.  See the "cache" section of mods-available/eap in the v3.0.x source.

  Then, READ the debug output.  ALL OF IT.  Do simple things like LOOK FOR THE WORD "cache" or "caching".

  The more you ignore the debug output, the harder it will be for you to understand the problem and fix it.

  Alan DeKok.




More information about the Freeradius-Users mailing list