EAP-TLS constant disconnects
Phil Mayers
p.mayers at imperial.ac.uk
Fri Nov 23 10:54:05 CET 2012
On 11/23/2012 08:03 AM, Uros Kolar wrote:
> Hi all!
>
> We've been using freeradius 2.1.12 with EAP-TLS authentication. The
> problem we experience is constant disconnects of the clients. After an
> some time (it seems like the intervals are random) of usage the
> connection drops. I don't have a debug output, since the server is in
> production allready and because of the valid traffic it's hard to
> efficiently debug it that way.
>
> A similar problem was allready reported some years ago (without an
> answer - at least not in that thread): http://bit.ly/10o9xkG
The issue described in that post is symptomatic of wireless problems -
interference, low signal, etc. - not RADIUS problems. The "EAP Identity"
retries he mentions are on the *wireless* side i.e. the AP asking the
client to start a re-auth.
You problem also sounds like wireless to me; FreeRADIUS either:
* receives auth requests and sends an accept
* receives auth requests and sends a reject
* receives auth requests that the client never completes
It doesn't somehow magically disconnect the client (well, unless you're
using the CoA functionality and you *ask* it to).
I would suggest starting the debugging at the wireless side. Wait for a
report of a disconnect, then search your logs.
You could also start a rolling tcpdump on the RADIUS server of all auth
traffic, and then search it for an auth request - I bet you don't see one.
More information about the Freeradius-Users
mailing list