Multiple access-request + access-accept packets in one conversation.
Vlad Kratsberg
vkratsberg at gmail.com
Wed Jun 1 22:23:41 CEST 2016
Hi Alan,
Thanks for response. Below are mine cache configurations and i actually
see .vps and .asn1 entries created in /var/log/radius/tlscache/.
cache
enable = yes
max_entries = 255
name = "EAP module"
persist_dir = "${logdir}/tlscache"
}
.vps files only contain User-Name attribute.
So is this a know issue where 3.0.X doesn't cache all atributes ? Is this
related to the fact that conversation between client and server becoming
too long during renegotiation ?
On Wed, Jun 1, 2016 at 4:11 PM, Alan DeKok <aland at deployingradius.com>
wrote:
> On Jun 1, 2016, at 3:27 PM, Vlad Kratsberg <vkratsberg at gmail.com> wrote:
> > I will appreciate some help here. We are running FR3.0.11 + ldap +
> 802.1x
> > peap + gtc.
> >
> > When client tries to get on the network for the first time, everything is
> > good. Server issues cert, client accepts, vlan id is attached to
> > access-accept packet, and client gets an ip. The whole exchange is fast
> > and only consists of 8 request packets.
> >
> > http://pastebin.com/P35eNW4C
>
> OK...
>
> > However , when client tries to re-authenticate -- communication between
> > client and a server grows to 100 + request packets while server responds
> > with multiple access-accept packets and none of them contain Tunnel-Id (
> > not cached ?)
>
> It's not cached unless you configure the "persist_dir". See the eap
> module configuration for more information.
>
> Just set "persist_dir", and the attributes in the Access-Accept should
> be cached.
>
> The caching has been re-done in v3.1, so that it's a lot cleaner and
> easier to understand. It's just too hard to fix v3.0 at this point.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list