PEAP - fast reconnect

Marcin Marszałkowski m.marszal at wp.pl
Wed Aug 21 16:18:52 CEST 2019 

> What does that mean?  Which "configured folder"?
I meant „persist_dir”, as it is set in eap module and radius.conf. None of configuration files are missing, everything is in /etc/freeradius/3.0/

radiusd.conf:

		localstatedir = /var
		# Should likely be ${localstatedir}/lib/radiusd
		#db_dir = ${raddbdir}
		db_dir = ${localstatedir}/lib/radiusd


eap:
			name = "EAP module"	
			#  The server will need write perms, and the directory
			#  should be secured from anyone else. You might want
			#  a script to remove old files from here periodically:
			#
			#    find ${logdir}/tlscache -mtime +2 -exec rm -f {} \;
			#
			#  This feature REQUIRES "name" option be set above.
			#
			persist_dir = "${db_dir}/tlscache"


and in debug freeradius -X:

    cache {
    	enable = yes
    	lifetime = 24
    	name = "EAP module"
    	max_entries = 255
    	persist_dir = "/var/lib/radiusd/tlscache"
    }

And persist_dir = "/var/lib/radiusd/tlscache” is empty

But another part of debug says (rejection is ok - user restricted by logintime):

(41) eap_peap: Continuing EAP-TLS
(41) eap_peap: [eaptls verify] = ok
(41) eap_peap: Done initial handshake
(41) eap_peap: [eaptls process] = ok
(41) eap_peap: Session established.  Decoding tunneled attributes
(41) eap_peap: PEAP state send tlv failure
(41) eap_peap: Received EAP-TLV response

(41) eap_peap:   ERROR: The users session was previously rejected: returning reject (again.)

(41) eap_peap:   This means you need to read the PREVIOUS messages in the debug output
(41) eap_peap:   to find out the reason why the user was rejected
(41) eap_peap:   Look for "reject" or "fail".  Those earlier messages will tell you
(41) eap_peap:   what went wrong, and how to fix the problem
(41) eap: ERROR: Failed continuing EAP PEAP (25) session.  EAP sub-module failed
(41) eap: Sending EAP Failure (code 4) ID 75 length 4
(41) eap: Failed in EAP select

To me it’s not written black on white that cache does work, since persist_dir is empty, I’m not sure of it.
And that’s why I’ve asked  about cache module.

Regards
Martin

More information about the Freeradius-Users mailing list