<div> </div>
<div>This may seem off topic, but here it is:</div>
<div> </div>
<div>I am currently using Freeradius 1.1.0 on Solaris 9 to authenticate WPA enabled clients using EAP-TLS. I am using Cisco 1130 AG access points controlled by a Cisco/Airespace 2000 Wireless Controller using the LWAPP protocol. I have just recently installed this setup and have about 6 clients on it now. The users are reporting many disconnects and looking through the log files of the 2000 Wireless Controller, I am seeing an too many EAP-Identity Request retries(more than the the controller will allow;it will not allow over 21 retries). I also get "Authentication Aborted" message-note that these are from the 2000 Wireless controller not the Radius server logs.
</div>
<div> </div>
<div>I have attempted to run Radius in debug mode(radiusd -X) but cannot decipher(as of yet) the messages returned. Plus, it is hard to correlate the connection drops with the Radius log file. So I am trying to narrow down what may be causing the disconnects; and the reason for the original question was a grab for straws on what that setting did and how it may possibly relate to this problem.
</div>
<div> </div>
<div>BTW,</div>
<div>Freeradius is an excellent piece of software. We use another Radius server on Linux 7.1 running an early version(pre 1.0) to authenticate our VPN and iPass accounts for a couple of years now and it works great. Actually we use 4 Radius servers for our enterprise. Thanks for the great work.
</div>
<div> </div>
<div>Thanks</div>
<div>Terry Zarelli<br><br> </div>
<div><span class="gmail_quote">On 3/17/06, <b class="gmail_sendername">Alan DeKok</b> <<a href="mailto:aland@ox.org">aland@ox.org</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">"Terry Zarelli" <<a href="mailto:terry.zarelli@gmail.com">terry.zarelli@gmail.com</a>> wrote:
<br>> A list is maintained to correlate EAP-Response<br>> packets with EAP-Request packets. After a<br>> configurable length of time, entries in the list<br>> expire, and are deleted.<br>><br>> timer_expire =3D 60
<br><br>An EAP conversation spans multiple RADIUS packets. So the server<br>has to keep track of state to ensure that it doesn't forget about<br>ongoing conversations.<br><br>> What will happen if I change the timer value?
<br><br>If you set it too low, the server will forget about EAP<br>conversations in the middle of the conversation. If you set it too<br>high, then someone can attack the server by sending it many partial<br>EAP conversations, and making the server remember them all.
<br><br>What would you change the value to, and why? If you're not sure<br>what the configuration entry means, why would you want to change it?<br><br>Alan DeKok.<br>-<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html">
http://www.freeradius.org/list/users.html</a><br></blockquote></div><br>