reauth-problem with WPA2-tls
David Mitchell
mitchell at ucar.edu
Wed Jun 2 23:56:14 CEST 2010
Alan DeKok wrote:
> Andreas Hartmann wrote:
>> In eap.conf, the option eap -> tls -> cache -> enable is switched off
>> and fast_reauth in wpa_supplicant is enabled.
>
> Uh... that makes no sense.
>
> You've disabled caching (i.e fast re-auth) on the server, and enabled
> it on the client. Why are you surprised that fast re-auth isn't working?
I've seen similar problems between FreeRadius and wpa_supplicant both
with and without the cache enabled. Getting wpa_supplicant to restart
seems to clear it temporarily. My reading of Andreas's message was that
he has tried it both ways. I haven't yet dug into it enough to try and
pin down where the problem is. It does seem that problems with the cache
should just result in a slow authentication taking place, not a total
failure of authentication.
-David Mitchell
>
>> If the reconnect takes place, the missing cache-data seems to be the
>> problem -> the user cannot be authenticated:
>
> <shrug> That's what you told the server to do.
>
>> If fast_reauth in wpa_supplicant is disabled, the reauthentication works
>> fine, but the connection between the AP and the supplicant ist
>> interrupted for about 20 seconds - much to long :-).
>>
>>
>> Do you have any idea how to solve this problem?
>
> Find out why the supplicant is taking 20s for authentication.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
-----------------------------------------------------------------
| David Mitchell (mitchell at ucar.edu) Network Engineer IV |
| Tel: (303) 497-1845 National Center for |
| FAX: (303) 497-1818 Atmospheric Research |
-----------------------------------------------------------------
More information about the Freeradius-Users
mailing list