disconnections

classic Classic list List threaded Threaded
3 messages Options
| Threaded
Open this post in threaded view
|

disconnections

John Fawcett
I'm using freeradius 1.0.0 on suse 9.2 to authenticate wireless users
from a US Robotics USR5450 Access Point via eap-ttls (with eap-md5)

Although the connection is established it is disconnected after 4
minutes (sometimes 2 minutes or 6 minutes). I get entries like the
following repeated every four minutes in the radius.log

Mon Jun 20 00:37:59 2005 : Info: rlm_eap_tls:  Length Included
Mon Jun 20 00:37:59 2005 : Error:     TLS_accept:error in SSLv3 read
client certificate A
Mon Jun 20 00:38:00 2005 : Info: rlm_eap_tls: Received EAP-TLS ACK message
Mon Jun 20 00:38:02 2005 : Info: rlm_eap_tls:  Length Included
Mon Jun 20 00:38:02 2005 : Info:     (other): SSL negotiation finished
successfully
Mon Jun 20 00:38:02 2005 : Info: rlm_eap_tls:  Length Included
Mon Jun 20 00:38:02 2005 : Info: rlm_eap_md5: Issuing Challenge
Mon Jun 20 00:38:03 2005 : Info: rlm_eap_tls:  Length Included
Mon Jun 20 00:38:03 2005 : Auth: Login OK: [steve/<no User-Password
attribute>] (from client localhost port 0 cli 00-0e-35-c7-e3-fe)
Mon Jun 20 00:38:03 2005 : Auth: Login OK: [steve/<no User-Password
attribute>] (from client usrobotics port 0 cli 00-0e-35-c7-e3-fe)

Just a couple of more points:
I don't think the TLS_accept: error is serious.
I cannot explain why there are two Auth Logins one from the NAS and one
from localhost.

Any help appreciated. I somehow get the impression that I'm probably not
passing back the right attributes to the NAS: for testing I'm using the
users file:
steve   User-Password == "testing"
    Framed-IP-Address = 192.168.1.67,
    Framed-IP-Netmask = 255.255.255.0,
    Service-Type = Framed-User

Thanks
John
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: disconnections

Alan DeKok
John Fawcett <[hidden email]> wrote:
> Although the connection is established it is disconnected after 4
> minutes (sometimes 2 minutes or 6 minutes). I get entries like the
> following repeated every four minutes in the radius.log

  What's the Session-Timeout set to?

> I don't think the TLS_accept: error is serious.
> I cannot explain why there are two Auth Logins one from the NAS and one
> from localhost.

  The first is the outer tunnel session, the second is the inner
tunnel session.

> Any help appreciated. I somehow get the impression that I'm probably not
> passing back the right attributes to the NAS: for testing I'm using the
> users file:

  It should work.

  Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: disconnections

John Fawcett
Alan DeKok wrote:

> John Fawcett <[hidden email]> wrote:
>
>>Although the connection is established it is disconnected after 4
>>minutes (sometimes 2 minutes or 6 minutes). I get entries like the
>>following repeated every four minutes in the radius.log
>
>
>   What's the Session-Timeout set to?
>
>
I have the following set in users

steve   User-Password == "testing"
    Framed-IP-Address = 192.168.1.67,
    Framed-IP-Netmask = 255.255.255.0,
    Service-Type = Framed-User,
    Session-Timeout = 7200,
    Idle-Timeout = 3600

>>I don't think the TLS_accept: error is serious.
>>I cannot explain why there are two Auth Logins one from the NAS and one
>>from localhost.
>
>
>   The first is the outer tunnel session, the second is the inner
> tunnel session.
>
>
>>Any help appreciated. I somehow get the impression that I'm probably not
>>passing back the right attributes to the NAS: for testing I'm using the
>>users file:
>
>
>   It should work.

Unless anyone can see something obviously wrong or knows of attributes I
should be passing back which aren't included, I'm inclined to believe
that its a problem with the AP. I'll get in touch with the manufacturer.
Thanks for the help.

John

>   Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html