I'm using freeradius 1.0.0 on suse 9.2 to authenticate wireless users
from a US Robotics USR5450 Access Point via eap-ttls (with eap-md5) Although the connection is established it is disconnected after 4 minutes (sometimes 2 minutes or 6 minutes). I get entries like the following repeated every four minutes in the radius.log Mon Jun 20 00:37:59 2005 : Info: rlm_eap_tls: Length Included Mon Jun 20 00:37:59 2005 : Error: TLS_accept:error in SSLv3 read client certificate A Mon Jun 20 00:38:00 2005 : Info: rlm_eap_tls: Received EAP-TLS ACK message Mon Jun 20 00:38:02 2005 : Info: rlm_eap_tls: Length Included Mon Jun 20 00:38:02 2005 : Info: (other): SSL negotiation finished successfully Mon Jun 20 00:38:02 2005 : Info: rlm_eap_tls: Length Included Mon Jun 20 00:38:02 2005 : Info: rlm_eap_md5: Issuing Challenge Mon Jun 20 00:38:03 2005 : Info: rlm_eap_tls: Length Included Mon Jun 20 00:38:03 2005 : Auth: Login OK: [steve/<no User-Password attribute>] (from client localhost port 0 cli 00-0e-35-c7-e3-fe) Mon Jun 20 00:38:03 2005 : Auth: Login OK: [steve/<no User-Password attribute>] (from client usrobotics port 0 cli 00-0e-35-c7-e3-fe) Just a couple of more points: I don't think the TLS_accept: error is serious. I cannot explain why there are two Auth Logins one from the NAS and one from localhost. Any help appreciated. I somehow get the impression that I'm probably not passing back the right attributes to the NAS: for testing I'm using the users file: steve User-Password == "testing" Framed-IP-Address = 192.168.1.67, Framed-IP-Netmask = 255.255.255.0, Service-Type = Framed-User Thanks John - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html |
John Fawcett <[hidden email]> wrote:
> Although the connection is established it is disconnected after 4 > minutes (sometimes 2 minutes or 6 minutes). I get entries like the > following repeated every four minutes in the radius.log What's the Session-Timeout set to? > I don't think the TLS_accept: error is serious. > I cannot explain why there are two Auth Logins one from the NAS and one > from localhost. The first is the outer tunnel session, the second is the inner tunnel session. > Any help appreciated. I somehow get the impression that I'm probably not > passing back the right attributes to the NAS: for testing I'm using the > users file: It should work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html |
Alan DeKok wrote:
> John Fawcett <[hidden email]> wrote: > >>Although the connection is established it is disconnected after 4 >>minutes (sometimes 2 minutes or 6 minutes). I get entries like the >>following repeated every four minutes in the radius.log > > > What's the Session-Timeout set to? > > steve User-Password == "testing" Framed-IP-Address = 192.168.1.67, Framed-IP-Netmask = 255.255.255.0, Service-Type = Framed-User, Session-Timeout = 7200, Idle-Timeout = 3600 >>I don't think the TLS_accept: error is serious. >>I cannot explain why there are two Auth Logins one from the NAS and one >>from localhost. > > > The first is the outer tunnel session, the second is the inner > tunnel session. > > >>Any help appreciated. I somehow get the impression that I'm probably not >>passing back the right attributes to the NAS: for testing I'm using the >>users file: > > > It should work. Unless anyone can see something obviously wrong or knows of attributes I should be passing back which aren't included, I'm inclined to believe that its a problem with the AP. I'll get in touch with the manufacturer. Thanks for the help. John > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html |
Free forum by Nabble | Edit this page |