random 3.0.22 issues with hostapd
michael at stroeder.com
Sat May 22 00:58:19 CEST 2021
I'm running a Wifi access point with hostapd 2.9 and FreeRADIUS 3.0.22
 running on raspberry pi armv6 (32-bit) with openSUSE Tumbleweed
(kernel 5.12.3). OpenLDAP (Æ-DIR) is used as user management backend.
Client is also a Laptop with openSUSE Tumbleweed x86_64 and the usual
Network Manager setup with WPA2 with EAP-TTLS/PAP.
In general the configuration seems to work and I had no issues with 3.0.21.
But with 3.0.22 every now and then it does not work anymore. Restarting
radiusd "fixes" it for some time. Unfortunately I did not find a way to
easily reproduce it.
In syslog I see these messages (first line is the last good case before
2021-05-21T17:24:13.571211+00:00 ap1 radiusd: (13) Login OK:
[miwi] (from client localhost port 1 cli 84-EF-18-F7-9E-6E)
2021-05-21T18:18:31.765761+00:00 ap1 radiusd: (20) Invalid user
(ldap: Bind with (anonymous) to ldaps://ae-dir.hv.local:636 failed:
Local error): [miwi] (from client localhost port 0 via TLS tunnel)
2021-05-21T18:18:31.772668+00:00 ap1 radiusd: (20) Login
incorrect (ldap: Bind with (anonymous) to ldaps://ae-dir.hv.local:636
failed: Local error): [miwi] (from client localhost port 0 via TLS tunnel)
2021-05-21T18:18:31.775870+00:00 ap1 radiusd: (20) Login incorrect
(eap: Failed continuing EAP TTLS (21) session. EAP sub-module failed):
[miwi] (from client localhost port 1 cli 84-
>From the above I suspect radiusd does not properly properly reconnect as
configured with SASL/EXTERNAL bind (using its EAP-TLS server cert as
client cert) probably after reaching idle connection timeout. Instead it
seems to use an anonymous bind.
Any clue what's going on here?
More information about the Freeradius-Users