reauth-problem with WPA2-tls
Alexander Clouter
alex at digriz.org.uk
Thu Jun 3 13:55:02 CEST 2010
Bjørn Mork <bjorn at mork.no> wrote:
> Andreas Hartmann <andihartmann at 01019freenet.de> writes:
>
>> Yes, you're right - I meant option eap -> tls -> cache -> enable is
>> switched _on_ and fast_reauth is on too on the supplicant. My wrong :-(.
>>
>> You can see it at this log entry at the initial login:
>> Wed Jun 2 20:29:14 2010 : Info: [tls] Adding user data to cached session
>> Wed Jun 2 20:29:14 2010 : Info: [tls] Saving response in the cache
>> Wed Jun 2 20:29:14 2010 : Info: [tls] WARNING: No information to cache:
>> session caching will be disabled for this session.
>>
>> And then the reauth:
>>
>> Wed Jun 2 20:39:18 2010 : Info: [tls] Retrieved session data from
>> cached session
>> Wed Jun 2 20:39:18 2010 : Info: [tls] WARNING: No information in cached
>> session!
>
> FWIW I've seen exactly the same with FR 2.1.8. Ended up disabling
> caching. But I would like to know the cause of this "No information to
> cache" warning. The resulting failure to retrieve cached data is of
> course to be expected, but the warning itself doesn't make any sense to
> me. There must be information to cache since the authentication is
> sucessful.
>
The 'No information to cache' means you do not have anything useful
(for example 'User-Name') in the reply packet.
In the post-auth of my inner-eap virtual server I have added:
----
post-auth {
...
# needed for TTLS cache
update reply {
User-Name := "%{request:User-Name}"
}
...
}
----
That should fix your problem.
Cheers
--
Alexander Clouter
.sigmonster says: Money is the root of all evil, and man needs roots.
More information about the Freeradius-Users
mailing list