FR 2.1.8 Issue - Unjustified(?) Access-Rejects.
Palmer J.D.F.
J.D.F.Palmer at swansea.ac.uk
Tue Jun 29 13:39:35 CEST 2010
Hi Alan,
I've just been perusing the release notes for 2.1.9 and I see a bug
fix...
" Set EAP-Session-Resumed = Yes, not "No" when session is resumed. "
Can you confirm if this is relating to the problem I reported in the
conversation below?
Many thanks,
Jezz.
> -----Original Message-----
> From: freeradius-users-
> bounces+j.d.f.palmer=swansea.ac.uk at lists.freeradius.org
> [mailto:freeradius-users-
> bounces+j.d.f.palmer=swansea.ac.uk at lists.freeradius.org] On Behalf Of
> Alan DeKok
> Sent: 12 January 2010 11:33
> To: FreeRadius users mailing list
> Subject: Re: FR 2.1.8 Issue - Unjustified(?) Access-Rejects.
>
> Palmer J.D.F. wrote:
> > We migrated to 2.1.8 (from 2.1.7) last week while things were quiet,
> as
> > the users have re-appeared after the holiday we've started to
receive
> a
> > few reports from users stating that they have been getting lots of
> > prompts for credentials.
>
> The log says:
>
> ... WARNING: No information in cached session!
>
> This means that the session wasn't cached, and they are trying to
> resume a session that never was started. The change in 2.1.8 is there
> to work around a bug in OpenSSL.
>
> The only other alternative is that they *are* resuming a valid
> session, but (a) after the session has timed out, or (b) where no
> User-Name was cached from the inner tunnel session.
>
> > Is this likely to be a configuration error (no changes were made to
> the
> > 2.1.7 config), or a bug?
>
> Try increasing the size of the cache. Try ensuring that there is
> always a User-Name in the inner tunnel. This user name is cached, and
> is checked on session resumption.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list