Multiple access-request + access-accept packets in one conversation.
Alan DeKok
aland at deployingradius.com
Wed Jun 1 22:11:39 CEST 2016
On Jun 1, 2016, at 3:27 PM, Vlad Kratsberg <vkratsberg at gmail.com> wrote:
> I will appreciate some help here. We are running FR3.0.11 + ldap + 802.1x
> peap + gtc.
>
> When client tries to get on the network for the first time, everything is
> good. Server issues cert, client accepts, vlan id is attached to
> access-accept packet, and client gets an ip. The whole exchange is fast
> and only consists of 8 request packets.
>
> http://pastebin.com/P35eNW4C
OK...
> However , when client tries to re-authenticate -- communication between
> client and a server grows to 100 + request packets while server responds
> with multiple access-accept packets and none of them contain Tunnel-Id (
> not cached ?)
It's not cached unless you configure the "persist_dir". See the eap module configuration for more information.
Just set "persist_dir", and the attributes in the Access-Accept should be cached.
The caching has been re-done in v3.1, so that it's a lot cleaner and easier to understand. It's just too hard to fix v3.0 at this point.
Alan DeKok.
More information about the Freeradius-Users
mailing list