On 30.11.2016 17.21, Hartmaier Alexander wrote:
we only do machine cert authentication. Can I log the SessionContextId
for debugging purposes to really make sure it's not the issue?
This defaults to Handler. In other words, if a full authentication was
processed by Handler A, the resumption will only work with Handler A. If
Handler B is selected, full authentication is done. If this happens, it
is not an error but a normal full authentication.
This also happens for smartphones, mainly Apple and Android.
Do you have log messages about errors?
I wonder if the reduced EAPContextTimeout from 1000 to 120 seconds might
cause this when roaming from access-point to access-point?
This should only matter when it takes more than 120 seconds for the
client to respond after Radiator sends RADIUS Access-Challenge to get
the client to continue the ongoing EAP authentication. Once the
authentication has finished, this context is not required any longer.
The information required for resume is kept longer. See
EAPTLS_SessionResumptionLimit that defaults of 12 hours.
https://www.open.com.au/radiator/ref/EAPTLS_SessionResumptionLimit.html
Thanks,
Heikki
--
Heikki Vatiainen <[email protected]>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
_______________________________________________
radiator mailing list
[email protected]
http://lists.open.com.au/mailman/listinfo/radiator
