FR 2.1.8 Issue - Unjustified(?) Access-Rejects.
Alan DeKok
aland at deployingradius.com
Tue Jan 12 12:33:01 CET 2010
Palmer J.D.F. wrote:
> We migrated to 2.1.8 (from 2.1.7) last week while things were quiet, as
> the users have re-appeared after the holiday we've started to receive a
> few reports from users stating that they have been getting lots of
> prompts for credentials.
The log says:
... WARNING: No information in cached session!
This means that the session wasn't cached, and they are trying to
resume a session that never was started. The change in 2.1.8 is there
to work around a bug in OpenSSL.
The only other alternative is that they *are* resuming a valid
session, but (a) after the session has timed out, or (b) where no
User-Name was cached from the inner tunnel session.
> Is this likely to be a configuration error (no changes were made to the
> 2.1.7 config), or a bug?
Try increasing the size of the cache. Try ensuring that there is
always a User-Name in the inner tunnel. This user name is cached, and
is checked on session resumption.
Alan DeKok.
More information about the Freeradius-Users
mailing list