WPA authentication works but take very log time
Jason Wittlin-Cohen
jasonwc at brandeis.edu
Sat Oct 14 01:21:33 CEST 2006
> Message: 5
> Date: Fri, 13 Oct 2006 23:38:54 +0200
> From: "Giuseppina Venezia" <giusy.venezia at gmail.com>
> Subject: WPA authentication works but take very log time
> To: "FreeRadius users mailing list"
> <freeradius-users at lists.freeradius.org>
> Message-ID:
> <39f5f2680610131438u2c58e099j7f55c2d17470750e at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Hi all,
> I'm using freeradius 1.1.3 with PEAP and EAP-TTLS,the authentication
> using MacOS works but the time spent from when the client insert
> username and password until the moment when the user is authenticated
> (and obtains the IP address) is very long, about 2 minutes. Is normal
> that authentication using WPA takes all this time?
> The access point is configured for using WPA-Auto-Enterprise, *Auto*
> means that WPA1 and WPA2 are simultaneously supported.
> What could be the problem?
>
> I attach the log of the first 6 request reveiced by radius server:
>
>
I've noticed that the time it takes to authenticate a client using
EAP-TLS is heavily dependent on the Wireless Supplicant used. The best
way to tell whether the RADIUS server is at fault is to simply run a
packet sniffer in the background like Ethereal/Wireshark and see when
EAP authentication starts and how long it takes. With the Windows XP SP2
MS supplicant login usually takes 5 OR 34 seconds. When I ran a packet
sniffer I noticed that the client didn't initiate the EAP exchange until
33 seconds had gone by and the actual exchange took .55 seconds-
basically instantaneous.
However, when I use the Funk Odyssey Client authentication occurs in
about 1 second. The Intel PROset wireless supplicant takes a few
seconds- all are much faster than the MS Supplicant. The only way to
tell what's holding things up is to run the packet sniffer and see
what's going on. If you see nothing happening for 2 minutes, and at the
last second the EAP exchange occurs, you know it's the supplicant. If
the EAP exchange starts and stalls for a long period of time, it's
likely your RADIUS setup.
Jason
More information about the Freeradius-Users
mailing list