How does hostapd interact with an external RADIUS server?
Sat Jul 23 12:54:19 PDT 2011
On Thu, Jul 14, 2011 at 12:16 PM, Jouni Malinen <j at w1.fi> wrote:
> On Thu, Jul 14, 2011 at 07:52:56AM -0500, Harshal Chhaya wrote:
>> My understanding is that the RADIUS server is used only during
>> authentication and then for re-keying but is out of the picture during
>> normal data transfer.
> Correct or well, not all re-keying cases require RADIUS authentication
Oh - this is good information. So hostapd handles some of the rekeying
If it helps, this is the relevant part of my 'hostapd.conf' file:
# RADIUS authentication server
>> I am curious what happens if the freeRADIUS server dies. Does hostapd
>> (somehow) disassociate all clients who then have to re-connect and
> hostapd does not even know that the RADIUS server died until there is a
> need for a new authentication.. No clients are disconnect or forced to
> re-authenticate in case of RADIUS issues.
That's what I figured. Thanks for clarifying it.
>> I am seeing clients dropping off the network around the same time the
>> freeRADIUS server is dying (still investigating that problem) and I am
>> curious about the connection between the two events.
> You should be able to find more details on what happened from the
> hostapd debug log, but unless you've configured the system to require
> frequent re-authentication with the RADIUS server, there should not
> really be any connection between these two events as far as clients that
> had already successfully connected to the network are concerned.
It turns out that the freeRADIUS server was crashing because the
underlying openSSL library was not compiled in a threadsafe manner. I
updated the makefile for openSSL and don't see freeRADIUS crashes any
I still don't know why the two events (all clients dropping and
freeRADIUS crashing) were occurring around the same time but I am off
to looking at other issues now.
More information about the Hostap