rlm_eap problem after upgrade from 2.1.12 to 2.2.5 via radsecproxy
Jonathan
huffelduffel at gmail.com
Wed Oct 8 14:48:43 CEST 2014
We have alike issues in 2.2.5 where the EAP proxying at some point
(usually 2-3months uptime) just stops working without any error
messages in the log.
A reload of freeradius process makes it work again. We are not using
status-messages to verify server availability
On Wed, Sep 3, 2014 at 4:06 PM, Alan DeKok <aland at deployingradius.com> wrote:
> Thomas Boettcher wrote:
>> what me concerns is, that the problem occurs, when MY freeradius is
>> upgraded. So it looks to me that the software is handling something
>> within the eap more strictly.
>
> That could be true. It could also be true that the SSL interactions
> are different. Windows is *very* picky about SSL in EAP.
>
>> I analysed my logs and picked some users with high amounts of Login
>> problems. Running in 2.1.12 there is also a high amount of Logins for
>> this user at the remote site. The only difference is, that they all are
>> accepted. In 2.2.5 I get this:
>> 2 Login OK (outer and inner Tunnel)
>> 5-10 secs later: rlm_eap State variable error with Login incorrect.
>> This repeats mostly every 30 seconds.
>
> That's a problem. The user shouldn't be authenticating every 30s.
>
>> Leads me to the assumption, that the remote NAS is doing Login requests
>> very ofter (maybe WLAN coverage holes or many autonomous APs).
>
> Which can lead to network problems.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list