On 12/14/2012 02:01 PM, Jethro R Binks wrote: > On Fri, 14 Dec 2012, Mike McCauley wrote: > >> Improvements to PEAP support for Windows failing to work when PEAP fast >> reconnect was enabled. EAP Extension TLV/Success is now exchanged over >> TLS tunnel between the server and client before sending final >> Access-Accept. > > This is interesting; is there any more information about this fix and if > the fault is something I would likely have experienced?
Before this change when the PEAP client did successful fast reconnect using TLS session resumption, Radiator returned final Accept-Accept immediately. The Windows native client did not like this and instead wanted to see the success inside TLS tunnel first. The symptom was PEAP succeeding first when full authentication was done with the client hanging during reauthentication when it tried to do fast reconnect. The EAP clients in e.g., Android and Apple devices did not require the tunneled success, and they were able to do fast reauthentication even without this change. If your Radiator configuration currently has fast reconnect disabled with 'EAPTLS_SessionResumption 0' you should be able to comment this out or switch from 0 to 1 to allow fast reconnect. Thanks, Heikki -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator