dear all, hi! Now I use fr 2.19 for wimax. The CPE asks for session resumption in TTLS-MACHAPv2. like this: Mon Aug 9 16:14:16 2010 : Info: [eap] Request found, released from the list Mon Aug 9 16:14:16 2010 : Info: [eap] EAP/ttls Mon Aug 9 16:14:16 2010 : Info: [eap] processing type ttls Mon Aug 9 16:14:16 2010 : Info: [ttls] Authenticate Mon Aug 9 16:14:16 2010 : Info: [ttls] processing EAP-TLS Mon Aug 9 16:14:16 2010 : Info: [ttls] eaptls_verify returned 7 Mon Aug 9 16:14:16 2010 : Info: [ttls] Done initial handshake Mon Aug 9 16:14:16 2010 : Info: [ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001] Mon Aug 9 16:14:16 2010 : Info: [ttls] <<< TLS 1.0 Handshake [length 0010], Finished Mon Aug 9 16:14:16 2010 : Info: [ttls] TLS_accept: SSLv3 read finished A Mon Aug 9 16:14:16 2010 : Info: [ttls] (other): SSL negotiation finished successfully Mon Aug 9 16:14:16 2010 : Debug: SSL Connection Established Mon Aug 9 16:14:16 2010 : Debug: SSL Application Data Mon Aug 9 16:14:16 2010 : Info: [ttls] eaptls_process returned 3 Mon Aug 9 16:14:16 2010 : Info: [ttls] Skipping Phase2 due to session resumption Mon Aug 9 16:14:16 2010 : Info: [ttls] FAIL: Forcibly stopping session resumption as it is not allowed. Mon Aug 9 16:14:16 2010 : Info: [eap] Freeing handler Mon Aug 9 16:14:16 2010 : Info: ++[eap] returns reject Mon Aug 9 16:14:16 2010 : Info: Failed to authenticate the user. Mon Aug 9 16:14:16 2010 : Info: Using Post-Auth-Type Reject Mon Aug 9 16:14:16 2010 : Info: +- entering group REJECT {...} Mon Aug 9 16:14:16 2010 : Info: [attr_filter.access_reject] expand: %{User-Name} -> B8616F001F47 Mon Aug 9 16:14:16 2010 : Debug: attr_filter: Matched entry DEFAULT at line 11 Mon Aug 9 16:14:16 2010 : Info: ++[attr_filter.access_reject] returns updated Mon Aug 9 16:14:16 2010 : Info: Delaying reject of request 69 for 1 seconds Mon Aug 9 16:14:16 2010 : Debug: Going to the next request Mon Aug 9 16:14:16 2010 : Debug: Waking up in 0.9 seconds. Mon Aug 9 16:14:17 2010 : Info: Sending delayed reject for request 69 Sending Access-Reject of id 3 to 25.25.25.25 port 36867 EAP-Message = 0x043c0004 Message-Authenticator = 0x00000000000000000000000000000000 But , if I enabled session resumption by setting it in eap.conf by: # # Enable it. The default is "no". # Deleting the entire "cache" subsection # Also disables caching. # # You can disallow resumption for a # particular user by adding the following # attribute to the control item list: # # Allow-Session-Resumption = No # # If "enable = no" below, you CANNOT # enable resumption for just one user # by setting the above attribute to "yes". # enable = yes then I got: Mon Aug 9 16:55:26 2010 : Info: [eap] EAP/ttls Mon Aug 9 16:55:26 2010 : Info: [eap] processing type ttls Mon Aug 9 16:55:26 2010 : Info: [ttls] Authenticate Mon Aug 9 16:55:26 2010 : Info: [ttls] processing EAP-TLS Mon Aug 9 16:55:26 2010 : Info: [ttls] Received TLS ACK Mon Aug 9 16:55:26 2010 : Info: [ttls] ACK handshake is finished Mon Aug 9 16:55:26 2010 : Info: [ttls] eaptls_verify returned 3 Mon Aug 9 16:55:26 2010 : Info: [ttls] eaptls_process returned 3 Mon Aug 9 16:55:26 2010 : Info: [ttls] Saving response in the cache Mon Aug 9 16:55:26 2010 : Info: [ttls] WARNING: No information to cache: session caching will be disabled for this session. Mon Aug 9 16:55:26 2010 : Info: [eap] Freeing handler Mon Aug 9 16:55:26 2010 : Info: ++[eap] returns ok Mon Aug 9 16:55:26 2010 : Info: +- entering group post-auth {...} Mon Aug 9 16:55:26 2010 : Info: ++[exec] returns noop Mon Aug 9 16:55:26 2010 : Info: expand: %{User-Name} -> 1109d0389bf34a72981580a304b50f3b Mon Aug 9 16:55:26 2010 : Info: ++[reply] returns noop Mon Aug 9 16:55:26 2010 : Info: [wimax] MIP-RK = 0x61c8c180fc45a070ca34e0d84e905c23329eec7d5ae69fe3f037d0b404988c7fec960a3dfcebba7615bf1a616ae527f699c87a93e29d66dc79f7fb02208fc1c1 Mon Aug 9 16:55:26 2010 : Info: [wimax] MIP-SPI = 29e23a18 Mon Aug 9 16:55:26 2010 : Info: [wimax] WARNING: WiMAX-IP-Technology not found in reply. Mon Aug 9 16:55:26 2010 : Info: [wimax] WARNING: Not calculating MN-HA keys Mon Aug 9 16:55:26 2010 : Info: ++[wimax] returns updated Mon Aug 9 16:55:26 2010 : Info: expand: %{EAP-MSK} -> Mon Aug 9 16:55:26 2010 : Info: expand: %{User-Name} -> 1109d0389bf34a72981580a304b50f3b Mon Aug 9 16:55:26 2010 : Info: expand: %{md5:%{User-Name}} -> 879d5828deac9e6abd6b86721968d541 Mon Aug 9 16:55:26 2010 : Info: ++[reply] returns updated Sending Access-Accept of id 7 to 25.25.25.25 port 36867 And when resumption: Mon Aug 9 16:53:46 2010 : Info: [eap] Request found, released from the list Mon Aug 9 16:53:46 2010 : Info: [eap] EAP/ttls Mon Aug 9 16:53:46 2010 : Info: [eap] processing type ttls Mon Aug 9 16:53:46 2010 : Info: [ttls] Authenticate Mon Aug 9 16:53:46 2010 : Info: [ttls] processing EAP-TLS Mon Aug 9 16:53:46 2010 : Info: [ttls] eaptls_verify returned 7 Mon Aug 9 16:53:46 2010 : Info: [ttls] Done initial handshake Mon Aug 9 16:53:46 2010 : Info: [ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001] Mon Aug 9 16:53:46 2010 : Info: [ttls] <<< TLS 1.0 Handshake [length 0010], Finished Mon Aug 9 16:53:46 2010 : Info: [ttls] TLS_accept: SSLv3 read finished A Mon Aug 9 16:53:46 2010 : Info: [ttls] (other): SSL negotiation finished successfully Mon Aug 9 16:53:46 2010 : Debug: SSL Connection Established Mon Aug 9 16:53:46 2010 : Debug: SSL Application Data Mon Aug 9 16:53:46 2010 : Info: [ttls] eaptls_process returned 3 Mon Aug 9 16:53:46 2010 : Info: [ttls] Skipping Phase2 due to session resumption Mon Aug 9 16:53:46 2010 : Info: [ttls] WARNING: No information in cached session! Mon Aug 9 16:53:46 2010 : Info: [eap] Freeing handler Mon Aug 9 16:53:46 2010 : Info: ++[eap] returns reject Mon Aug 9 16:53:46 2010 : Info: Failed to authenticate the user. Mon Aug 9 16:53:46 2010 : Info: Using Post-Auth-Type Reject Mon Aug 9 16:53:46 2010 : Info: +- entering group REJECT {...} Mon Aug 9 16:53:46 2010 : Info: [attr_filter.access_reject] expand: %{User-Name} -> 5e6b5185dcc44c0db5e23c6f0668c7a6 Mon Aug 9 16:53:46 2010 : Debug: attr_filter: Matched entry DEFAULT at line 11 Mon Aug 9 16:53:46 2010 : Info: ++[attr_filter.access_reject] returns updated Mon Aug 9 16:53:46 2010 : Info: Delaying reject of request 109 for 1 seconds Mon Aug 9 16:53:46 2010 : Debug: Going to the next request I don't know how to set the following: # You can disallow resumption for a # particular user by adding the following # attribute to the control item list: # # Allow-Session-Resumption = No It seems this attr can't be added into the access-xxx messages. How can I do to enable session resumption in fr?