TTLS authentication slow
charlie derr
cderr at simons-rock.edu
Wed Nov 14 17:53:29 CET 2007
I'm posting a colleague's response (by request, he didn't want to subscribe himself):
Allan Riordan Boll wrote:
> >> Maybe I missed it, but what client do you use? Windows does not yet
> >> support TTLS natively.
>
> yes sorry, i forgot to say. I am already using SecureW2 of course. And
> it does work, it's just very slow at authenticating... Also, I'm using
> FreeRADIUS 1.1.7.
>
>
>>>> If it works...
>>>>
>>>> If it doesn't work, go back to the default config.
>>>>
>
> Well, the default config had the same problem. That's why I tried
> writing one from scratch, to make sure there wasn't some obscure module
> making the server hang. Is this an unusual approach to write a config
> from scratch, or is it a good idea? Would love to hear what's normal.
>
> Thank you for your replies! :-)
Define slow. Where are you seeing the slowness? By default many Cisco authenticators have timeouts of 30 seconds per auth session
or so, as well as additional time between successive EAPOL requests to the client (5 seconds?). (That is, Cisco authenticators
have a timeout to wait for an answer from the client between EAPOL requests within the same session as well as a timeout between
session attempts themselves, as well as settings for how many successive EAPOLs to send within a given session, before trying to
reauthenticate (start a new session)).
If you turn on both logging from the authenticator and radiusd -X, you can correlate when you see auth(z) requests come in with
when the authenticator is waiting for the client (or vice-versa).
===========================================================
Peter C. Lai | Bard College at Simon's Rock
Systems Administrator | 84 Alford Rd.
Information Technology Svcs | Gt. Barrington, MA 01230 USA
peter AT simons-rock.edu | (413) 528-7428
===========================================================
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list