dot1x PEAPoMSChapv2 timers

3@D4rkn3ss DuMb 32d4rkn3ss at gmail.com
Thu Dec 14 08:07:35 CET 2017


Dear list,

First, I must say that FreeRadius is in my humble opinion, the best open
source project out there: top dev team, well documented, proactive mailing
list, and above all, you can find it anywhere inside the security vendors
solutions ... and that's a few of the advantages. I had to get that out of
my chest before anything ... so Thank you for all the devs out there, for
the idea and for making such a beautiful, stable and strong product ! I
really hope that I would be able to contribute one day, even if its for the
documentation since I m not good at coding :)

Here come worries: I have setup inside 4 different companies a 802.1X
solution (of course based on FreeRadius) and everything is working like a
charm, (FreeRADIUS v 3.0.14) but in one of the secondary server (the main
and the backup is linked through UCARP VRRP) which is currently serving
around 400 supplicants, it is dropping the clients (randomly) after a
timeout. below the setup (simple enough):

FreeRADIUS authenticates the client (supplicants) to the AD, then verifies
if  its MAC address is authorized to connect or not.

I suspect that is related to the following:
Wed Dec 13 16:39:52 2017 : Debug: (73) mschap: EXPAND
--nt-response=%{%{mschap:NT-Response}:-00}
Wed Dec 13 16:39:52 2017 : Debug: (73) mschap:    -->
--nt-response=ebe1377d01d09cbe0bfda9256149732ec2b94b30d4cbc327
Wed Dec 13 16:39:52 2017 : Debug: Waking up in 0.4 seconds.
Wed Dec 13 16:39:53 2017 : Debug: Waking up in 0.7 seconds.
Wed Dec 13 16:39:53 2017 : Debug: Waking up in 1.1 seconds.

But I am not sure. If the above is however correct, does it mean that it is
waiting for the AD to reply or is it just misbehaving ? Please find
enclosed the full log for your reference.

Regards


More information about the Freeradius-Users mailing list