Hi Guy (and others who replied to the original thread),
I've read the responses to this and to the TLS/TTLS thread... tried to find somewhere in the Funk client where I might be able to control some kind of reauthentication interval (there's a setting on the AP), but no luck there unfortunately.
Anyway, it still doesn't answer the question... has anyone managed to get a "WPA-capable" AP (not just one which says it does 802.1x) running in a WPA+RADIUS setting with TKIP, authenticating against FreeRADIUS? We certainly haven't (can't get it to run with AES either), and we're not really sure why.... Given that WPA is "the 802.11 security protocol suite of the future", I guess it might be quite important.... regardless of which EAP flavour is used... ;-)
Thanks,
Ian
From: Guy Davies <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: RE: WPA w/ EAP-TLS against 0.8.1
Date: Fri, 26 Sep 2003 14:37:52 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Artur is right. This was a problem previously seen by one AP vendor with whom I talk, which affected both Microsoft's IAS and Funk's Steel Belted RADIUS servers. The session-timeout returned by default by those was very low and caused repeated authentication which dramatically reduced the perceived throughput. I found that explicitly setting the session-timeout value for MAC authenticated users dramatically improved things. It is possible that such an explicit session-timeout is required for users authenticating using TLS?
As Artur said, nothing to do with the supplicant (those bring their own problems ;-). Apologies for the confusion.
Regards,
Guy
_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html