Alan DeKok a écrit :
reauth-period is a NAS parameter. It specifies period after reauthentification is needed. When no cache is enabled on radius (eap.conf / cache / enable=no), clients using NetworkManager are not able to re-negociate authentification because they are always trying to resume their session. I can't find any option to fix that on the client.Jérôme BERTHIER wrote:Sorry. It means that when the NAS asks for reauthentification (after reauth-period timeout has expired), clients won't stop trying to re-connect using session resumption option again and again.... Here, an extract from freeradius debug : [ttls] eaptls_process returned 3 [ttls] Skipping Phase2 due to session resumption [ttls] FAIL: Forcibly stopping session resumption as it is not allowed.What's "reauth-period"? If the session cache is enabled, then the entries should be deleted after "lifetime" hours. Once the entries are deleted, they will not be in the cache, and attempts to re-used the cached session should cause a re-negotiation. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Jérôme BERTHIER INRIA Bordeaux - Sud-Ouest Service des Moyens Informatiques 05 24 57 40 50
smime.p7s
Description: S/MIME Cryptographic Signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html