reauth-problem with WPA2-tls
Andreas Hartmann
andihartmann at 01019freenet.de
Thu Jun 3 07:36:12 CEST 2010
Andreas Hartmann schrieb:
> David Mitchell schrieb:
>> Alan DeKok wrote:
>>> Andreas Hartmann wrote:
>>>> In eap.conf, the option eap -> tls -> cache -> enable is switched off
>>>> and fast_reauth in wpa_supplicant is enabled.
>>>
>>> Uh... that makes no sense.
>>>
>>> You've disabled caching (i.e fast re-auth) on the server, and enabled
>>> it on the client. Why are you surprised that fast re-auth isn't working?
>>
>> I've seen similar problems between FreeRadius and wpa_supplicant both
>> with and without the cache enabled. Getting wpa_supplicant to restart
>> seems to clear it temporarily.
>
> Well, I took your realization to implement the following workaround:
>
> Caching is enabled in freeradius, fast_reauth is switched on in
> wpa_supplicant.
>
> I set the reauth-timeout of the AP to 2 hours. On the supplicant, I
> started a cronjob, which HUP's the supplicant each 59 minutes. That's
> the way how the supplicant is prevented to do a fast reauth (which
> doesn't really work). A full reauth isn't necessary too, because of the
> sig hup all 59 minutes, which is done like this:
>
> rad_recv: Accounting-Request packet from host 192.168.1.9 port 2049,
> id=112, length=177
> Acct-Session-Id = "0000001B-00000007"
> Acct-Status-Type = Stop
> Acct-Authentic = RADIUS
> User-Name = "myuser at mydom"
> NAS-Port = 0
> Called-Station-Id = "00-25-...:mylan"
> Calling-Station-Id = "00-13-..."
> NAS-Port-Type = Wireless-802.11
> Connect-Info = "CONNECT 11Mbps 802.11b"
> Acct-Session-Time = 358
> Event-Timestamp = "Jan 1 1970 02:26:18 CET"
^^^^^^^^^^^^^^^^^^^^^^^^
Hmmm, where does this funny Event-Timestamp comes from? All my times of
client and server are ok. Otherwise, I can't find any way to set the
time at the AP (linksys WAP610N)? Is there any way?
clueless ...
Kind regards,
Andreas
More information about the Freeradius-Users
mailing list