Alan DeKok a écrit :
Jérôme BERTHIER wrote:
Sorry. It means that when the NAS asks for reauthentification (after reauth-period timeout has expired), clients won't stop trying to re-connect using session resumption option again and again.... Here, an extract from freeradius debug : [ttls] eaptls_process returned 3 [ttls] Skipping Phase2 due to session resumption [ttls] FAIL: Forcibly stopping session resumption as it is not allowed.
What's "reauth-period"?
If the session cache is enabled, then the entries should be deleted after "lifetime" hours. Once the entries are deleted, they will not be in the cache, and attempts to re-used the cached session should cause a re-negotiation.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
reauth-period is a NAS parameter. It specifies period after reauthentification is needed. When no cache is enabled on radius (eap.conf / cache / enable=no), clients using NetworkManager are not able to re-negociate authentification because they are always trying to resume their session. I can't find any option to fix that on the client. -- Jérôme BERTHIER INRIA Bordeaux - Sud-Ouest Service des Moyens Informatiques 05 24 57 40 50