On Fri, 14 Dec 2012, Heikki Vatiainen wrote: > On 12/14/2012 02:01 PM, Jethro R Binks wrote: > > On Fri, 14 Dec 2012, Mike McCauley wrote: > > > >> Improvements to PEAP support for Windows failing to work when PEAP fast > >> reconnect was enabled. EAP Extension TLV/Success is now exchanged over > >> TLS tunnel between the server and client before sending final > >> Access-Accept. > > > > This is interesting; is there any more information about this fix and if > > the fault is something I would likely have experienced? > > Before this change when the PEAP client did successful fast reconnect > using TLS session resumption, Radiator returned final Accept-Accept > immediately. The Windows native client did not like this and instead > wanted to see the success inside TLS tunnel first. The symptom was PEAP > succeeding first when full authentication was done with the client > hanging during reauthentication when it tried to do fast reconnect. > > The EAP clients in e.g., Android and Apple devices did not require the > tunneled success, and they were able to do fast reauthentication even > without this change. > > If your Radiator configuration currently has fast reconnect disabled > with 'EAPTLS_SessionResumption 0' you should be able to comment this out > or switch from 0 to 1 to allow fast reconnect.
Thanks Heikki, Are there any reasons why I might chose not to enable fast connect/session resumption? Other broken clients etc? Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks, Network Manager, Information Services Directorate, University Of Strathclyde, Glasgow, UK The University of Strathclyde is a charitable body, registered in Scotland, number SC015263. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
