EAP TLS cache help

Dave Aldwinckle daldwinc at uwaterloo.ca
Tue Sep 20 19:59:50 CEST 2016

Hi List,

I recently configured TLS caching, but I'm seeing some odd behavior that 
I can't explain. Users are getting authenticated, but I can't tell if 
there are actually any cache hits.

In debug I can see the files getting written to disk, but I can't find 
any log messages that indicate a session was resumed from the cache 
(maybe I'm not looking for the right message?)

I'm also having a hard time explaining to myself why there are so many 
files being written. The cache expiry that I've set is 12 hours.

[root at cn-aaa-4 tlscache]# pwd

[root at cn-aaa-4 tlscache]# ls -l *.vps | wc -l

I would expect a single user to have a few devices (laptop, phone, 
tablet, etc) but I'm seeing more than 20 cache files for some users, and 
I cleared the directory about an hour ago. In the following command I 
sorted by unique Stripped-User-Name and counted number of occurrences. 
The for loop is used because grep wouldn't let me feed it >25K files 
directly. The output has real user names, I've sanitized them for the list.

[root at cn-aaa-4 tlscache]# (for i in 1 2 3 4 5 6 7 8 9 a b c d e f; do 
for j in 1 2 3 4 5 6 7 8 9 a b c d e f; do grep -h Stripped-User-Name 
${i}${j}*.vps; done;done;) 2>/dev/null | sort | uniq -c | sort -nr | head
     188     Stripped-User-Name = "someuser1"
      96     Stripped-User-Name = "someuser2"
      70     Stripped-User-Name = "someuser3"
      62     Stripped-User-Name = "someuser4"
      42     Stripped-User-Name = "someuser5"
      36     Stripped-User-Name = "someuser6"
      35     Stripped-User-Name = "someuser7"
      34     Stripped-User-Name = "someuser8"
      33     Stripped-User-Name = "someuser9"
      32     Stripped-User-Name = "someuser10"

# radiusd -v
radiusd: FreeRADIUS Version 3.0.10, for host x86_64-redhat-linux-gnu, 
built on Oct  5 2015 at 16:30:01

Is that expected?


More information about the Freeradius-Users mailing list