Phil, thank you for your reply!<br><br>I've tried to debug as you suggest. I run wireshark on the remote side + tcpdump on the server side.<br><br>The results are really interesting and not expected.<br><br>As the client is disconnected, it sends an auth request to the server. Server gets the request and after a successful authentication it sends back Access-Accept. Client gets this message. However, immediately after a successful authantication, it starts with the authentication process again and it loops like that. In the test time Access-Accept was granted 7 times, but client was still without connection and retrying.<br>
<br>For tests I used a linux client on the remote side. After running dhclient for a couple of times the connection is usualy restored, sometimes it even takes to take down the interface and bring it up again to restore the connection.<br>
<br>As of my understanding this does not prove a weak wifi as a reason for failure, as it does not prove that it is not the cause for trouble. Additionaly, there seems te be something else, besides wireless, which I can't explain, so feel free to commend and sugest!<br>
<br>Regards!<br><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Nov 23, 2012 at 10:54 AM, Phil Mayers <span dir="ltr"><<a href="mailto:p.mayers@imperial.ac.uk" target="_blank">p.mayers@imperial.ac.uk</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">On 11/23/2012 08:03 AM, Uros Kolar wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi all!<br>
<br>
We've been using freeradius 2.1.12 with EAP-TLS authentication. The<br>
problem we experience is constant disconnects of the clients. After an<br>
some time (it seems like the intervals are random) of usage the<br>
connection drops. I don't have a debug output, since the server is in<br>
production allready and because of the valid traffic it's hard to<br>
efficiently debug it that way.<br>
<br>
A similar problem was allready reported some years ago (without an<br>
answer - at least not in that thread): <a href="http://bit.ly/10o9xkG" target="_blank">http://bit.ly/10o9xkG</a><br>
</blockquote>
<br></div>
The issue described in that post is symptomatic of wireless problems - interference, low signal, etc. - not RADIUS problems. The "EAP Identity" retries he mentions are on the *wireless* side i.e. the AP asking the client to start a re-auth.<br>
<br>
You problem also sounds like wireless to me; FreeRADIUS either:<br>
<br>
* receives auth requests and sends an accept<br>
* receives auth requests and sends a reject<br>
* receives auth requests that the client never completes<br>
<br>
It doesn't somehow magically disconnect the client (well, unless you're using the CoA functionality and you *ask* it to).<br>
<br>
I would suggest starting the debugging at the wireless side. Wait for a report of a disconnect, then search your logs.<br>
<br>
You could also start a rolling tcpdump on the RADIUS server of all auth traffic, and then search it for an auth request - I bet you don't see one.<br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/<u></u>list/users.html</a><br>
</blockquote></div><br></div>