Hi Alan
That works, but I suggest using it with care. 99.9% of the time there's no proxy fail-over, so the caching is just extra work. If I understand you correctly, we should disable the EAP caching completely? As I said, I did not know about it before and I am absolutely willing to keep the configuration as simple as possible, if you recommend that!
If you recommend to disable it, is the following correct: 1. Delete the symlink /etc/freeradius/mods-enabled/cache_eap 2. Restart the FreeRADIUS service Regards Dominic Am 25.06.24, 15:11 schrieb "Freeradius-Users im Auftrag von Alan DeKok" <freeradius-users-bounces+dominic.stalder=unibe.ch@lists.freeradius.org <mailto:unibe.ch@lists.freeradius.org> im Auftrag von aland@deployingradius.com <mailto:aland@deployingradius.com>>: On Jun 25, 2024, at 8:53 AM, dominic.stalder@unibe.ch <mailto:dominic.stalder@unibe.ch> wrote:
Thanks a lot, great point; did not know, that we have enabled caching until you mentioned it now! I took over the old FreeRADIUS 3.0 configuration from a former University member and this part was completely "ignored" by me. Just checked the mods-enabled folder and voilà:
/etc/freeradius/mods-enabled/cache_eap
That works, but I suggest using it with care. 99.9% of the time there's no proxy fail-over, so the caching is just extra work. If caching makes a large difference, then the network is unstable enough that it needs fixing.
You see, new to this as well. Can I see cached "authentications" in the logs or can I enable the logging for those (/etc/freeradius/mods-enabled/linelog) somehow?
You'll have to write policies to log the cached packets. But I'd suggest not doing this. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html <http://www.freeradius.org/list/users.html>