Alan DeKok <[email protected]> writes: > Palmer J.D.F. wrote: >> We migrated to 2.1.8 (from 2.1.7) last week while things were quiet, as >> the users have re-appeared after the holiday we've started to receive a >> few reports from users stating that they have been getting lots of >> prompts for credentials. > > The log says: > > ... WARNING: No information in cached session! > > This means that the session wasn't cached, and they are trying to > resume a session that never was started. The change in 2.1.8 is there > to work around a bug in OpenSSL. > > The only other alternative is that they *are* resuming a valid > session, but (a) after the session has timed out, or (b) where no > User-Name was cached from the inner tunnel session.
Don't know if it's relevant, but I briefly tried to enable caching on my home network after installing 2.1.8 and could not make it work. It wasn't important to me, so I just disabled it. Haven't reported it earlier as I suspected (and still does...) that I was doing something wrong. But here are the log messages anyway, in the event that they are symptoms of a real problem: I got this after a sucessful first authentication: Tue Jan 5 19:00:21 2010 : Info: [ttls] Got tunneled Access-Accept Tue Jan 5 19:00:21 2010 : Info: [ttls] Saving response in the cache Tue Jan 5 19:00:21 2010 : Info: [ttls] WARNING: No information to cache: session caching will be disabled for this session. Then, as I guess is expected based on the above, on reauth (please ignore the timestamps - these are not matched samples): Tue Jan 5 18:18:15 2010 : Info: [eap] Request found, released from the list Tue Jan 5 18:18:15 2010 : Info: [eap] EAP/ttls Tue Jan 5 18:18:15 2010 : Info: [eap] processing type ttls Tue Jan 5 18:18:15 2010 : Info: [ttls] Authenticate Tue Jan 5 18:18:15 2010 : Info: [ttls] processing EAP-TLS Tue Jan 5 18:18:15 2010 : Info: [ttls] eaptls_verify returned 7 Tue Jan 5 18:18:15 2010 : Info: [ttls] Done initial handshake Tue Jan 5 18:18:15 2010 : Info: [ttls] TLS_accept: SSLv3 read finished A Tue Jan 5 18:18:15 2010 : Info: [ttls] (other): SSL negotiation finished successfully Tue Jan 5 18:18:15 2010 : Info: [ttls] eaptls_process returned 3 Tue Jan 5 18:18:15 2010 : Info: [ttls] Skipping Phase2 due to session resumption Tue Jan 5 18:18:15 2010 : Info: [ttls] WARNING: No information in cached session! Tue Jan 5 18:18:15 2010 : Info: [eap] Freeing handler Tue Jan 5 18:18:15 2010 : Info: ++[eap] returns reject Bjørn - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
