EAP-TLS rekeying disconect issues
Alan DeKok
aland at deployingradius.com
Sat Jul 4 12:42:33 CEST 2009
Harry Lachanas wrote:
> One issue that we observed was that after some idle time on the client,
> the client gets disconected and it fails to auto-re-authorize.
> Then one has to disconect manually and reauthorize ... ( nothing in the
> logs of freeradius indicates that .. )
If there is no RADIUS traffic when the client fails to
auto-re-authorize, then the problem is
a) the client
b) the AP
Pick one or both.
> My questions are:
>
> a) Is this a normal behavior ? ( I suspect not )
No.
> b) Is it a windows XP/driver etc issue?
No idea.
> c) AP issue ( rekeying interval = 900 and no accounting profile enabled )
Very likely. I'd bet that Windows would be more stable than AP's from
random vendors.
> d) Firewall Issue ( ports 1812:1813 are wide open for access on the
> radius side ) ?
No. If they get authenticated once, there's no problem.
> e) Freeradius issue ??? ( The only attribute set in mysql radgroupcheck
> is GROUPNAME=prv-net , Attribute=Auth-Type,op=':=' , VALUE=EAP )
No. If there's no RADIUS traffic the second time, there's no problem.
> Any help/Hints would be very much appreciated
Buy a $40 access point that does RADIUS, and see if it works. If it
does, throw the Proxim AP in the garbage, or see of you can get your
money back.
Alan DeKok.
More information about the Freeradius-Users
mailing list