Many exchanges between supplicant and the server - EAP-TLS

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Wed Jun 10 17:16:12 CEST 2015


Hi,

> On a radius server configured with EAP-TLS, logs contain many exchanges between
> the station and the server. It seems logical with the handshake TLS but each
> station response of access challenge causes the execution of the authorize
> section.
>  Can you tell me if this is normal?

every packet received by the server is a new UDP packet and passes through all
the same path as previous packets. there are mechanisms that allow you to
skip from authorise into the next phase - look at the default config, you should see
something like

eap {
 ok = return
 }

or such...put that ahead of the thing you want to avoid every single time (usually
an LDAP or SQL query etc). in debug mode you can see how the server works... it doesnt
go 'ah, a reply to me previous packet, I know exactly where I was when we got to this part of
the conversation... i'll start at line 45 or inner-tunnel' - it doesnt do that. it cant do that

alan


More information about the Freeradius-Users mailing list