Resuming a user cached session with EAP-TTLS

Alan DeKok aland at deployingradius.com
Mon Jan 23 15:42:48 UTC 2023


On Jan 23, 2023, at 10:32 AM, <florentvercourt at gmail.com> <florentvercourt at gmail.com> wrote:
> I configured the « eap » module by enabling the cache of session, but it
> seems sessions are only stored locally and, the ticket of the user sessions
> is not forward to the supplicant to perform the re-authentication later on,
> without having to go through all EAP-TTLS steps.

  That doesn't make sense.  The resumption tickets are sent via TLS to the client.

> When I try to regain access to the network after being authenticated once,
> all the EAP-TTLS steps are performed.

  The client has chosen to not do session resumption.  It probably needs to be configured to do that.

> So I would like to know if I misunderstood the cache section and the way it
> works in the « eap » module, or if there is a way to re-authenticate users
> in a defined period of time by using the cache after they disconnect.

  The cache has to be configured on the client, too.  You can't just see it doesn't work, and decide that FreeRADIUS is at fault.

> Also, Is it a good practice to send the total Length of the message in each
> packet, or is it not recommended?

  Read the RFCs if you're wondering how TTLS works.

  Alan DeKok.




More information about the Freeradius-Users mailing list