Kunal Solanki wrote:
Thanks for replying Alan, I have found the issue in my case, I was using external LDAP with radius and if LDAP is down then for the same EAP requests multiple authentication sessions were getting created. And as the cleanup of eap requests is plugged in processing of a reply message, this makes the cleanup happen only when a successful EAP request goes through.
No... the cleanup *also* happens when a new request comes in. But it takes 60s to expire old sessions. See raddb/eap.conf, "timer_expire".
I am thinking to put a cleanup in session creation path also which cleans very old sessions( double of usual timer limit 20 seconds. So I guess this will not impact any ongoing EAP request(not making to go to "no state variable" state for EAP request, an early delete of an handler).
No... just change the timer_expire to be less. Alan DeKok.