Multiple access-request + access-accept packets in one conversation.

Vlad Kratsberg vkratsberg at gmail.com
Wed Jun 1 22:23:41 CEST 2016


Hi Alan,

Thanks for response.  Below are mine cache configurations and i actually
see .vps and .asn1 entries created in /var/log/radius/tlscache/.

cache
                        enable = yes
                        max_entries = 255
                        name = "EAP module"
                        persist_dir = "${logdir}/tlscache"
                }

.vps files only contain User-Name attribute.

So is this a know issue where 3.0.X doesn't cache all atributes ?   Is this
related to the fact that conversation between client and server becoming
too long during renegotiation ?




On Wed, Jun 1, 2016 at 4:11 PM, Alan DeKok <aland at deployingradius.com>
wrote:

> On Jun 1, 2016, at 3:27 PM, Vlad Kratsberg <vkratsberg at gmail.com> wrote:
> > I will appreciate some help here.  We are running FR3.0.11 + ldap +
> 802.1x
> > peap + gtc.
> >
> > When client tries to get on the network for the first time, everything is
> > good.  Server issues cert, client accepts, vlan id is attached to
> > access-accept packet, and client gets an ip.  The whole exchange is fast
> > and only consists of 8 request packets.
> >
> > http://pastebin.com/P35eNW4C
>
>   OK...
>
> > However , when client tries to re-authenticate -- communication between
> > client and a server grows to 100 + request packets while server responds
> > with multiple access-accept packets and none of them contain Tunnel-Id (
> > not cached ?)
>
>   It's not cached unless you configure the "persist_dir".  See the eap
> module configuration for more information.
>
>   Just set "persist_dir", and the attributes in the Access-Accept should
> be cached.
>
>   The caching has been re-done in v3.1, so that it's a lot cleaner and
> easier to understand.  It's just too hard to fix v3.0 at this point.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list