Alan DeKok a écrit :
Jérôme BERTHIER wrote:
Sorry. It means that when the NAS asks for reauthentification (after
reauth-period timeout has expired), clients won't stop trying to
re-connect using session resumption option again and again....
Here, an extract from freeradius debug :
[ttls] eaptls_process returned 3
[ttls] Skipping Phase2 due to session resumption
[ttls] FAIL: Forcibly stopping session resumption as it is not allowed.

  What's "reauth-period"?

  If the session cache is enabled, then the entries should be deleted
after "lifetime" hours.  Once the entries are deleted, they will not be
in the cache, and attempts to re-used the cached session should cause a
re-negotiation.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
reauth-period is a NAS parameter. It specifies period after reauthentification is needed. When no cache is enabled on radius (eap.conf / cache / enable=no), clients using NetworkManager are not able to re-negociate authentification because they are always trying to resume their session. I can't find any option to fix that on the client.

--
Jérôme BERTHIER
INRIA Bordeaux - Sud-Ouest
Service des Moyens Informatiques
05 24 57 40 50


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to