Session resumption
Jonathan Gazeley
Jonathan.Gazeley at bristol.ac.uk
Thu Feb 11 10:44:00 CET 2016
We've upgraded our FreeRADIUS 2.2.x servers to FreeRADIUS 3.0.11 because
it was about time. Since then, we're having a subtle problem with
session resumption where in some cases, FreeRADIUS returns two
Access-Accept packets, each with differing VLAN information which breaks
the client. The double reply only occurs when EAP sessions have been
resumed, but not with every resumed session.
This happens relatively infrequently so we are having to wait a long
time (hours) in debug mode before we capture one of these faulty
authentications to see if our latest attempt at fixing has worked.
Is there are a way to fabricate EAP/MSCHAPv2 packets such that we can
reliably provoke the server into using session resumption or not? This
way we would be able able to test->capture->debug->fix->repeat much more
quickly.
I hope today to capture enough debug information to be able to submit a
detailed report to this list.
Thanks,
Jonathan
More information about the Freeradius-Users
mailing list