On 11/02/16 09:51, A.L.M.Buxey@lboro.ac.uk wrote:
Hi,
Is there are a way to fabricate EAP/MSCHAPv2 packets such that we can reliably provoke the server into using session resumption or not? This way we would be able able to test->capture->debug->fix->repeat much more quickly.
use eapol_test from the wpa_supplicant system
its likely that you have some policy or unlang corner-case that isnt matching the cache...or you arent querying the existing cache entry and adding other stuff based on the new NAS id - possibly roaming events between 2 seperate controllers etc etc
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I've captured a debug log which contains two authentications, both of which are successful. I have disabled the TLS cache so session resumption shouldn't occur. However, something seems odd with the EAP session state expiry. The attached log came from a single AP connected to a single WISM in our lab (so this rules out roaming events between controllers and/or APs). From what I can tell, the server is trying to repeatedly expire EAP session with state 0x6fc3095a6cc610be. This session is first mentioned on line 3805 but e.g. on line 4012 it is expired but mentioned alongside another session. From then onwards, every packet that is handled tries to expire 0x6fc3095a6cc610be but mentions finishing a different session (e.g. line 4013) Is this normal? Thanks, Jonathan