Session resumption
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Thu Feb 11 18:58:30 CET 2016
> On 11 Feb 2016, at 01:59, Jonathan Gazeley <Jonathan.Gazeley at bristol.ac.uk> wrote:
>
> On 11/02/16 09:51, A.L.M.Buxey at lboro.ac.uk wrote:
>> Hi,
>>
>>> Is there are a way to fabricate EAP/MSCHAPv2 packets such that we
>>> can reliably provoke the server into using session resumption or
>>> not? This way we would be able able to
>>> test->capture->debug->fix->repeat much more quickly.
>>
>> use eapol_test from the wpa_supplicant system
>>
>> its likely that you have some policy or unlang corner-case that isnt
>> matching the cache...or you arent querying the existing cache entry
>> and adding other stuff based on the new NAS id - possibly roaming
>> events between 2 seperate controllers etc etc
>>
>
> Thanks for the suggestions. We already use eapol_test for monitoring and testing/debugging but I'm not sure how to generate packets that definitely lead to resumed sessions. Is there an attribute I need to add?
No, you just set it to repeat authentication n types. There's an argument you pass, see output of -h.
If you look through the debug output (of FreeRADIUS), it'll mention the session is being resumed.
-Arran
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160211/6a31a89c/attachment.sig>
More information about the Freeradius-Users
mailing list