EAP advanced auth. methods problem
Tomas Pelka
tompelka at gmail.com
Sat Nov 21 12:11:33 CET 2009
tnt at kalik.net wrote:
>> Alan DeKok wrote:
>>> Tomas Pelka wrote:
>>>> have a problem with "advanced" EAP authentication methods including
>>>> PEAP, EAP-TLS, EAP-TTLS-MD5/MSCHAPV2.
>>> I wouldn't call them "advanced..."
>>>
>>>> Certs was created with the makefile included in freeradius sources.
>>>>
>>>> All my experiments ending with: decapsulated EAP packet (code=4 id=4
>>>> len=4) from RADIUS server: EAP Failure
>
> Authentication works fine - you are getting an initial Access-Accept. But
> then:
>
> [ttls] Skipping Phase2 due to session resumption
> [ttls] FAIL: Forcibly stopping session resumption as it is not allowed.
>
> Read cache section of eap.conf.
>
> Ivan Kalik
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
So if am I get it right, the problem is reauthentication, right? But
#tls section
cache {
enable = yes
lifetime = 24 # hours
max_entries = 255
}
and even no cache (enable=no) do not work.
TTLS-md5/mschapv2 and PEAP, works with cache enabled (inside ttls section).
Thanks.
--
Tom
More information about the Freeradius-Users
mailing list