reauth-problem with WPA2-tls

David Mitchell mitchell at ucar.edu
Wed Jun 2 23:56:14 CEST 2010


Alan DeKok wrote:
> Andreas Hartmann wrote:
>> In eap.conf, the option eap -> tls -> cache -> enable is switched off
>> and fast_reauth in wpa_supplicant is enabled.
> 
>   Uh... that makes no sense.
> 
>   You've disabled caching (i.e fast re-auth) on the server, and enabled
> it on the client.  Why are you surprised that fast re-auth isn't working?

I've seen similar problems between FreeRadius and wpa_supplicant both
with and without the cache enabled. Getting wpa_supplicant to restart
seems to clear it temporarily. My reading of Andreas's message was that
he has tried it both ways. I haven't yet dug into it enough to try and
pin down where the problem is. It does seem that problems with the cache
should just result in a slow authentication taking place, not a total
failure of authentication.

-David Mitchell

> 
>> If the reconnect takes place, the missing cache-data seems to be the
>> problem -> the user cannot be authenticated:
> 
>   <shrug>  That's what you told the server to do.
> 
>> If fast_reauth in wpa_supplicant is disabled, the reauthentication works
>> fine, but the connection between the AP and the supplicant ist
>> interrupted for about 20 seconds - much to long :-).
>>
>>
>> Do you have any idea how to solve this problem?
> 
>   Find out why the supplicant is taking 20s for authentication.
> 
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


-- 
-----------------------------------------------------------------
| David Mitchell (mitchell at ucar.edu)       Network Engineer IV  |
| Tel: (303) 497-1845                      National Center for  |
| FAX: (303) 497-1818                      Atmospheric Research |
-----------------------------------------------------------------



More information about the Freeradius-Users mailing list