reauth-problem with WPA2-tls

Alexander Clouter alex at digriz.org.uk
Thu Jun 3 13:55:02 CEST 2010


Bjørn Mork <bjorn at mork.no> wrote:
> Andreas Hartmann <andihartmann at 01019freenet.de> writes:
> 
>> Yes, you're right - I meant option eap -> tls -> cache -> enable is
>> switched _on_ and fast_reauth is on too on the supplicant. My wrong :-(.
>>
>> You can see it at this log entry at the initial login:
>> Wed Jun  2 20:29:14 2010 : Info: [tls] Adding user data to cached session
>> Wed Jun  2 20:29:14 2010 : Info: [tls] Saving response in the cache
>> Wed Jun  2 20:29:14 2010 : Info: [tls] WARNING: No information to cache:
>> session caching will be disabled for this session.
>>
>> And then the reauth:
>>
>> Wed Jun  2 20:39:18 2010 : Info: [tls] Retrieved session data from
>> cached session
>> Wed Jun  2 20:39:18 2010 : Info: [tls] WARNING: No information in cached
>> session!
> 
> FWIW I've seen exactly the same with FR 2.1.8.  Ended up disabling
> caching.  But I would like to know the cause of this "No information to
> cache" warning.  The resulting failure to retrieve cached data is of
> course to be expected, but the warning itself doesn't make any sense to
> me.  There must be information to cache since the authentication is
> sucessful. 
>
The 'No information to cache' means you do not have anything useful 
(for example 'User-Name') in the reply packet.

In the post-auth of my inner-eap virtual server I have added:
----
post-auth {
  ...
  # needed for TTLS cache
  update reply {
    User-Name := "%{request:User-Name}"
  }
  ...
}
----

That should fix your problem.

Cheers

-- 
Alexander Clouter
.sigmonster says: Money is the root of all evil, and man needs roots.




More information about the Freeradius-Users mailing list