confusion about radius.log entries
Winders, Timothy A
twinders at southplainscollege.edu
Wed Aug 26 02:08:36 CEST 2015
We have had back to school this week and a lot of students are complaining about "unstable wifi". Not a lot of help… but after much digging, the general report is that they connect to the wireless network (Cisco 5508 controller advertising WPA2 Enterprise / PEAP / MSCHAPv2 network authenticating against FreeRadius 3.0.7 with Active Directory) but then they will lose their connection and may not be able to get connected again for 30 minutes to several hours later.
We didn’t have problems at all this summer with light traffic, but now with heavy traffic, it’s quite overwhelming.
I plan to upgrade to FR 3.0.9 tomorrow.
I will also open a case with Cisco in the morning.
My question here is related to the activity I’m seeing in the radius.log on the FR servers. I see login OK messages for the same user repeatedly at intervals from a few seconds to a few minutes apart. I thought it might have something to do with a user moving between access points, but even when they are in a fixed location, multiple entries show in the log.
I’m not familiar with the radius protocol, but this seems… excessive. My first thought is a misconfiguration of the WLAN on the Cisco controller, but, before opening a case with Cisco, are there thoughts from the FR community?
Here is a sample of log messages for me from a period today:
Tue Aug 25 14:15:08 2015 : Auth: (24739) Login OK: [twinders at southplainscollege.edu] (from client lev-wireless1 port 13 cli 04-f1-3e-bc-44-05 via TLS tunnel)
Tue Aug 25 14:15:14 2015 : Auth: (25069) Login OK: [twinders at southplainscollege.edu] (from client lev-wireless1 port 13 cli 04-f1-3e-bc-44-05 via TLS tunnel)
Tue Aug 25 14:15:44 2015 : Auth: (26647) Login OK: [twinders at southplainscollege.edu] (from client lev-wireless1 port 13 cli 04-f1-3e-bc-44-05 via TLS tunnel)
Tue Aug 25 14:19:42 2015 : Auth: (37222) Login OK: [twinders at southplainscollege.edu] (from client lev-wireless1 port 13 cli 04-f1-3e-bc-44-05 via TLS tunnel)
Tue Aug 25 14:19:58 2015 : Auth: (38197) Login OK: [twinders at southplainscollege.edu] (from client lev-wireless1 port 13 cli 04-f1-3e-bc-44-05 via TLS tunnel)
Tue Aug 25 14:21:11 2015 : Auth: (41519) Login OK: [twinders at southplainscollege.edu] (from client lev-wireless1 port 13 cli 04-f1-3e-bc-44-05 via TLS tunnel)
Tue Aug 25 14:23:00 2015 : Auth: (46534) Login OK: [twinders at southplainscollege.edu] (from client lev-wireless1 port 13 cli 04-f1-3e-bc-44-05 via TLS tunnel)
Tue Aug 25 14:23:38 2015 : Auth: (48018) Login OK: [twinders at southplainscollege.edu] (from client lev-wireless1 port 13 cli 04-f1-3e-bc-44-05 via TLS tunnel)
I can post additional logs or configuration information if that would be helpful. I’m not sure exactly what would be helpful, so I’ll hold off including anything more for now.
Thank you.
--
Tim Winders
Associate Dean of Information Technology
South Plains College
(806) 716-2369
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5765 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150826/87642883/attachment-0001.bin>
More information about the Freeradius-Users
mailing list