David Mitchell <[email protected]> wrote: > > Alan DeKok wrote: > >> David Mitchell wrote: >>> I was searching back in the archives, and in September there was a user >>> who reported a problem with session resumption. I'm seeing the exact >>> same symptoms I believe, also on Debian 5.0 with OpenSSL 0.9.8g. I never >>> saw any follow up? Is there a fix known for this? I am using a locally >>> compiled version of FreeRadius 2.1.7. It's linked against the system >>> OpenSSL libraries though. Building a local 0.9.8k or even 1.0.0 is >>> certainly an option if there is a chance it will help. >> >> There isn't a lot we can do. It's not clear *why* OpenSSL resumes >> sessions when session resumption is disabled. > > I did manage to find an easy workaround for this. Simply enabling the > cache in eap.conf allows these connections to succeed. I think there may > still be a bug somewhere, or maybe more than one. At a minimum it seems > a bit foolish for wpa_supplicant to keep trying to do a fast reconnect > after getting an Access-Reject. > > Whatever the root problem is, there is an easy workaround. I wanted to > follow up primarily in case others find this thread in the future it > will have a workaround. I'm guessing the only real downside to enabling > the EAP cache is memory usage, which I'm not too worried about. > Make sure you 'git cherry-pick' the patches related to:
https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=15 https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=21 ...if you are using a vanilla 2.1.7. Cheers -- Alexander Clouter .sigmonster says: I'm not laughing with you, I'm laughing at you. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
