For my installations I've disabled the EAP cache to make things work better. Only a few users noticed. Does anyone know if the same thing happens In the 3.0 branch? I was planning to put one of my production servers on the 3.0 code this Summer. Alan DeKok <aland@deployingradius.com> wrote:
Phil Mayers wrote:
Am I being dumb / getting something wrong or does the post-auth session not get called if PEAP/MSCHAP returns a reject?
It seems to run for successful auths, but not failures.
That is the case.
This is in the context of us not seeing log messages for EAP auth failures; I suspect that the client may just "hang up" and let the EAP session expire, and since the inner post-auth doesn't run, and the outer session expires, I have no logs.
There was talk about getting it to do Post-Auth-Type Reject in the inner tunnel. No code yet, tho.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html