Alan DeKok wrote:
Andreas Hartmann wrote:
In eap.conf, the option eap -> tls -> cache -> enable is switched off and fast_reauth in wpa_supplicant is enabled.
Uh... that makes no sense.
You've disabled caching (i.e fast re-auth) on the server, and enabled it on the client. Why are you surprised that fast re-auth isn't working?
I've seen similar problems between FreeRadius and wpa_supplicant both with and without the cache enabled. Getting wpa_supplicant to restart seems to clear it temporarily. My reading of Andreas's message was that he has tried it both ways. I haven't yet dug into it enough to try and pin down where the problem is. It does seem that problems with the cache should just result in a slow authentication taking place, not a total failure of authentication. -David Mitchell
If the reconnect takes place, the missing cache-data seems to be the problem -> the user cannot be authenticated:
<shrug> That's what you told the server to do.
If fast_reauth in wpa_supplicant is disabled, the reauthentication works fine, but the connection between the AP and the supplicant ist interrupted for about 20 seconds - much to long :-).
Do you have any idea how to solve this problem?
Find out why the supplicant is taking 20s for authentication.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- ----------------------------------------------------------------- | David Mitchell (mitchell@ucar.edu) Network Engineer IV | | Tel: (303) 497-1845 National Center for | | FAX: (303) 497-1818 Atmospheric Research | -----------------------------------------------------------------