EAP-TLS rekeying disconect issues

Alan DeKok aland at deployingradius.com
Sat Jul 4 12:42:33 CEST 2009

Harry Lachanas wrote:
> One issue that we observed was that after some idle time on the client,
> the client gets disconected and it fails to auto-re-authorize.
> Then one has to disconect manually and reauthorize ... ( nothing in the
> logs of freeradius indicates that .. )

  If there is no RADIUS traffic when the client fails to
auto-re-authorize, then the problem is

  a) the client
  b) the AP

  Pick one or both.

> My questions are:
> a) Is this a normal behavior ? ( I suspect not )


> b) Is it a windows XP/driver etc  issue?

  No idea.

> c) AP issue ( rekeying interval = 900  and no accounting profile enabled )

  Very likely.  I'd bet that Windows would be more stable than AP's from
random vendors.

> d) Firewall Issue ( ports 1812:1813 are wide open for access on the
> radius side  )  ?

  No.  If they get authenticated once, there's no problem.

> e) Freeradius issue ??? ( The only attribute set in mysql radgroupcheck
> is GROUPNAME=prv-net , Attribute=Auth-Type,op=':=' , VALUE=EAP )

  No.  If there's no RADIUS traffic the second time, there's no problem.

> Any help/Hints  would be very much appreciated

  Buy a $40 access point that does RADIUS, and see if it works.  If it
does, throw the Proxim AP in the garbage, or see of you can get your
money back.

  Alan DeKok.

More information about the Freeradius-Users mailing list