Freeradius 2 , TTLS/PAP, multiples questions

Alan DeKok aland at deployingradius.com
Fri Apr 17 17:13:40 CEST 2009


Jérôme BERTHIER wrote:
> When no cache is enabled on radius (eap.conf / cache / enable=no),
> clients using NetworkManager are not able to re-negociate
> authentification because they are always trying to resume their session.

  Maybe I'm missing something... those clients worked with 2.0.5, didn't
they?

  If you disable the session cache, then OpenSSL should tell the clients
during SSL negotiation that sessions can't be resumed.  FreeRADIUS sets
the "no cache" flag in OpenSSL.

  But... that flag wasn't set in earlier versions of FreeRADIUS.  So
maybe setting it causes OpenSSL to *allow* session resumption?

  I don't know... OpenSSL is *weird*.

  Alan DeKok.



More information about the Freeradius-Users mailing list