tnt@kalik.net wrote:
Alan DeKok wrote:
Tomas Pelka wrote:
have a problem with "advanced" EAP authentication methods including PEAP, EAP-TLS, EAP-TTLS-MD5/MSCHAPV2. I wouldn't call them "advanced..."
Certs was created with the makefile included in freeradius sources.
All my experiments ending with: decapsulated EAP packet (code=4 id=4 len=4) from RADIUS server: EAP Failure
Authentication works fine - you are getting an initial Access-Accept. But then:
[ttls] Skipping Phase2 due to session resumption [ttls] FAIL: Forcibly stopping session resumption as it is not allowed.
Read cache section of eap.conf.
Ivan Kalik
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
So if am I get it right, the problem is reauthentication, right? But #tls section cache { enable = yes lifetime = 24 # hours max_entries = 255 } and even no cache (enable=no) do not work. TTLS-md5/mschapv2 and PEAP, works with cache enabled (inside ttls section). Thanks. -- Tom