FR 2.1.8 Issue - Unjustified(?) Access-Rejects.

Alan DeKok aland at deployingradius.com
Tue Jan 12 12:33:01 CET 2010


Palmer J.D.F. wrote:
> We migrated to 2.1.8 (from 2.1.7) last week while things were quiet, as
> the users have re-appeared after the holiday we've started to receive a
> few reports from users stating that they have been getting lots of
> prompts for credentials.

  The log says:

 ... WARNING: No information in cached session!

  This means that the session wasn't cached, and they are trying to
resume a session that never was started.  The change in 2.1.8 is there
to work around a bug in OpenSSL.

  The only other alternative is that they *are* resuming a valid
session, but (a) after the session has timed out, or (b) where no
User-Name was cached from the inner tunnel session.

> Is this likely to be a configuration error (no changes were made to the
> 2.1.7 config), or a bug?

  Try increasing the size of the cache.  Try ensuring that there is
always a User-Name in the inner tunnel.  This user name is cached, and
is checked on session resumption.

  Alan DeKok.



More information about the Freeradius-Users mailing list