dot1x PEAPoMSChapv2 timers
32d4rkn3ss at gmail.com
Thu Dec 14 08:07:35 CET 2017
First, I must say that FreeRadius is in my humble opinion, the best open
source project out there: top dev team, well documented, proactive mailing
list, and above all, you can find it anywhere inside the security vendors
solutions ... and that's a few of the advantages. I had to get that out of
my chest before anything ... so Thank you for all the devs out there, for
the idea and for making such a beautiful, stable and strong product ! I
really hope that I would be able to contribute one day, even if its for the
documentation since I m not good at coding :)
Here come worries: I have setup inside 4 different companies a 802.1X
solution (of course based on FreeRadius) and everything is working like a
charm, (FreeRADIUS v 3.0.14) but in one of the secondary server (the main
and the backup is linked through UCARP VRRP) which is currently serving
around 400 supplicants, it is dropping the clients (randomly) after a
timeout. below the setup (simple enough):
FreeRADIUS authenticates the client (supplicants) to the AD, then verifies
if its MAC address is authorized to connect or not.
I suspect that is related to the following:
Wed Dec 13 16:39:52 2017 : Debug: (73) mschap: EXPAND
Wed Dec 13 16:39:52 2017 : Debug: (73) mschap: -->
Wed Dec 13 16:39:52 2017 : Debug: Waking up in 0.4 seconds.
Wed Dec 13 16:39:53 2017 : Debug: Waking up in 0.7 seconds.
Wed Dec 13 16:39:53 2017 : Debug: Waking up in 1.1 seconds.
But I am not sure. If the above is however correct, does it mean that it is
waiting for the AD to reply or is it just misbehaving ? Please find
enclosed the full log for your reference.
More information about the Freeradius-Users