Multiple access-request + access-accept packets in one conversation.

Alan DeKok aland at deployingradius.com
Wed Jun 1 22:11:39 CEST 2016


On Jun 1, 2016, at 3:27 PM, Vlad Kratsberg <vkratsberg at gmail.com> wrote:
> I will appreciate some help here.  We are running FR3.0.11 + ldap + 802.1x
> peap + gtc.
> 
> When client tries to get on the network for the first time, everything is
> good.  Server issues cert, client accepts, vlan id is attached to
> access-accept packet, and client gets an ip.  The whole exchange is fast
> and only consists of 8 request packets.
> 
> http://pastebin.com/P35eNW4C

  OK...

> However , when client tries to re-authenticate -- communication between
> client and a server grows to 100 + request packets while server responds
> with multiple access-accept packets and none of them contain Tunnel-Id (
> not cached ?)

  It's not cached unless you configure the "persist_dir".  See the eap module configuration for more information.

  Just set "persist_dir", and the attributes in the Access-Accept should be cached.

  The caching has been re-done in v3.1, so that it's a lot cleaner and easier to understand.  It's just too hard to fix v3.0 at this point.

  Alan DeKok.




More information about the Freeradius-Users mailing list