reauth-problem with WPA2-tls

David Mitchell mitchell at
Wed Jun 2 23:56:14 CEST 2010

Alan DeKok wrote:
> Andreas Hartmann wrote:
>> In eap.conf, the option eap -> tls -> cache -> enable is switched off
>> and fast_reauth in wpa_supplicant is enabled.
>   Uh... that makes no sense.
>   You've disabled caching (i.e fast re-auth) on the server, and enabled
> it on the client.  Why are you surprised that fast re-auth isn't working?

I've seen similar problems between FreeRadius and wpa_supplicant both
with and without the cache enabled. Getting wpa_supplicant to restart
seems to clear it temporarily. My reading of Andreas's message was that
he has tried it both ways. I haven't yet dug into it enough to try and
pin down where the problem is. It does seem that problems with the cache
should just result in a slow authentication taking place, not a total
failure of authentication.

-David Mitchell

>> If the reconnect takes place, the missing cache-data seems to be the
>> problem -> the user cannot be authenticated:
>   <shrug>  That's what you told the server to do.
>> If fast_reauth in wpa_supplicant is disabled, the reauthentication works
>> fine, but the connection between the AP and the supplicant ist
>> interrupted for about 20 seconds - much to long :-).
>> Do you have any idea how to solve this problem?
>   Find out why the supplicant is taking 20s for authentication.
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See

| David Mitchell (mitchell at       Network Engineer IV  |
| Tel: (303) 497-1845                      National Center for  |
| FAX: (303) 497-1818                      Atmospheric Research |

More information about the Freeradius-Users mailing list