> On Sep 9, 2019, at 2:07 AM, Marcin Marszałkowski <[hidden email]> wrote:
> I have freeradius 3.0.20 with tls cache enabled (fast reauthentication) running in docker container , sql backend.
> Everything has been working fine until recently new device (laptop) was added to network.
> Laptop connects properly to specified network but when roaming it gets answer Access-Accept without any AVP, thus it is assigned to native, trunk network.
> Since it applies only to one device (MacBook Pro) and debug doesn’t throw any errors
It *does* show you what the server is doing, and *why* it added attributes to Access-Accept.
> I don’t know where to start troubleshooting. I’d removed content of tlscache folder, toggled off/on cache and it didn’t help.
> Any suggestion?
Read the debug output. If it's too confusing, post it here.
If you want to allow the attributes to change between the original authentication and
a reauth you'll have to modify that quite a bit and do some SQL in the outer tunnel server
based on inner tunnel attributes.
> On Sep 11, 2019, at 2:26 PM, Marcin Marszałkowski <[hidden email]> wrote:
>> Alan DeKok <[hidden email]> w dniu 11.09.2019, o godz. 18:24:
>> Then the question of "why are the replies different?" is answered in the debug output. Which means I'm surprised that the question was asked.
> „Why…” I meant to find the underlying root cause of this particular problem. I’m not developer - just a user and debug info is not as clear to me as is to you.
The messages are pretty clear. They show you which attributes are stored in the session cache, and which ones are retrieved from the session cache.
>> Did you edit the "store" subsection to list attributes for it to cache? As documented ... ?
> I’ve read on wiki rlm_eap description and there’s nothing about caching. The only thing I adhered to was description in eap config file
> Unfortunately, I couldn’t find anything about „store” subsection.
Then you're not looking at the mods-available/eap file from the v3.0.x branch.
The point of using a new version is *not* just to use the binary. But *also* to look at the updated documentation and configuration examples.
So you've wasted days of time and many message just to realize that you're *not* looking at the updated examples as I suggested.
Please follow instructions. It shouldn't be difficult. Every step you skip results in lost time and more frustration for everyone.