Hi Alan, I've just been perusing the release notes for 2.1.9 and I see a bug fix... " Set EAP-Session-Resumed = Yes, not "No" when session is resumed. " Can you confirm if this is relating to the problem I reported in the conversation below? Many thanks, Jezz.
-----Original Message----- From: freeradius-users- bounces+j.d.f.palmer=swansea.ac.uk@lists.freeradius.org [mailto:freeradius-users- bounces+j.d.f.palmer=swansea.ac.uk@lists.freeradius.org] On Behalf Of Alan DeKok Sent: 12 January 2010 11:33 To: FreeRadius users mailing list Subject: Re: FR 2.1.8 Issue - Unjustified(?) Access-Rejects.
Palmer J.D.F. wrote:
We migrated to 2.1.8 (from 2.1.7) last week while things were quiet, as the users have re-appeared after the holiday we've started to receive a few reports from users stating that they have been getting lots of prompts for credentials.
The log says:
... WARNING: No information in cached session!
This means that the session wasn't cached, and they are trying to resume a session that never was started. The change in 2.1.8 is there to work around a bug in OpenSSL.
The only other alternative is that they *are* resuming a valid session, but (a) after the session has timed out, or (b) where no User-Name was cached from the inner tunnel session.
Is this likely to be a configuration error (no changes were made to the 2.1.7 config), or a bug?
Try increasing the size of the cache. Try ensuring that there is always a User-Name in the inner tunnel. This user name is cached, and is checked on session resumption.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html