[RADIATOR] PEAP internal session resumption breaks some clients
Ullfig, Roberto Alfredo
rullfig at uic.edu
Fri Aug 28 10:35:06 CDT 2015
I don't know if this is the same issue we had. It was trivial to get an 802.1x error on my non-AD laptop (for some reason I could not get it to fail with my account on an AD connected laptop). All I had to do was connect and reconnect quickly a few times in a row. We added "EAPTLS_SessionResumption 0" to our 802.1x handler and the problem went away.
---
Roberto Ullfig - rullfig at uic.edu
ACCC Research Programmer
-----Original Message-----
From: radiator-bounces at open.com.au [mailto:radiator-bounces at open.com.au] On Behalf Of Heikki Vatiainen
Sent: Friday, August 28, 2015 6:06 AM
To: radiator at open.com.au
Subject: Re: [RADIATOR] PEAP internal session resumption breaks some clients
On 28.8.2015 12.22, Alan Buxey wrote:
> I would suspect either wireless controller problems (eg related to
> 802.11k or such) or client misconfiguration (do you have a deployment
> tool for the 802.1X or do users just click on SSID and enter their
> status? )
I plan to dig more into the fast reconnection control behaviour, provided by the checkbox in the GUI, to see what it really does. For example, does it affect the TLS handshake.
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
_______________________________________________
radiator mailing list
radiator at open.com.au
http://www.open.com.au/mailman/listinfo/radiator
More information about the radiator
mailing list