reauth-problem with WPA2-tls

Alan DeKok aland at
Fri Jun 4 09:11:01 CEST 2010

Andreas Hartmann wrote:
> I have one basic question:
> There are now two different caches: one in eap (based on ssl) and the
> extern cache, rlm_caching.

  rlm_caching has nothing to do with EAP.

> If I want to use fast_reauth, is it necessary to enable both caches or
> must the ssl-cache in eap.conf be disabled to run fast_reauth
> successfully with rlm_caching?

  The EAP configuration explains what you need to do for fast re-auth.

> Meanwhile, I have a configuration, which does a User-Name-based
> rlm_caching at the end of the last fragment of the initial
> authentication with an originaly empty database.

  What is it supposed to do?

> But the problem is:
> If the user reconnects or wants to connect initial again, the process is
> stopped (with success returned) at the moment, the client sends the
> User-Name.
> This is wrong. The process can't be interrupted before the key exchange
> has been done successfully.
> How can this be written in the config-file (authorize-section)?

  What do you want to do?

  I have no idea why you configured the caching module, and you haven't
explained why you configured it.

  Alan DeKok.

More information about the Freeradius-Users mailing list