I've seen such things if the authentication takes an extraordinary
length of time. Windows EAP client expects a round trip on the order
of 30 seconds (or 60, ummm my memory is already fading...) and if EAP
doesn't come back in that time, could abort the authentication.
Typically another will start right away.
This can be exacerbated by Cisco APs that use the Session-Timeout
value to kill the session rather than retransmit.
The orginal response will often be accepted when it arrives late.
Their is a caching option in the supplicant (Remember my credentials
checkbox something like that) that can make some of this transparent.
Why do I know? My SecurID EAP client had to stand on it's head and
dance around these constraints.
Dave. (not there anymore)
Quoting Alan Buxey <[email protected]>:
Hi,
Does anyone else get a problem with Windows 7 clients prompting for the
radius credentials 2 or 3 times before finally accepting them? No errors
are shown on the radius side, and I’ve read that this is a problem with
the operating system, but wondered whether anyone in this knowledgeable
community had overcome this?
have you tried the pre-caching option where you can provide the
details in advance?
(windows 7 options in advanced EAP settings)
alan
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
