No EAP session matching the State variable (and other various messages)

Mon, 30 Sep 2013 10:27:55 -0700 

What exactly do error messages like:
Sep 30 12:56:36 newdvlanb radiusd[10152]: rlm_eap: No EAP session matching the State variable. Sep 30 12:00:21 dvlanc radiusd[16053]: WARNING: Child is hung for request 782076 in component authenticate module peap. Sep 30 12:57:08 newdvlanb radiusd[10152]: Discarding duplicate request from client resnet1-WiSM-A port 32770 - ID: 126 due to unfinished request 187554 Sep 30 12:58:24 newdvlanb radiusd[10152]: Discarding conflicting packet from client Rich-core-WiSM-E port 32769 - ID: 155 due to recent request 207181. 

mean?


I have attmpted to rectify by seeing if modifying the following 
configuration options within eap.conf get rid of these.


#  A list is maintained to correlate EAP-Response
        #  packets with EAP-Request packets.  After a
        #  configurable length of time, entries in the list
        #  expire, and are deleted.
        #
        timer_expire     = 120

    #
        #  Help prevent DoS attacks by limiting the number of
        #  sessions that the server is tracking.  Most systems
        #  can handle ~30 EAP sessions/s, so the default limit
        #  of 4096 should be OK.
        max_sessions = 16384


I have even gotten EAP caching (using the Cached-Session-Policy) to two 
hours now.



These error messages especially appear to occur en masse at or near the 
hour and then seem to abruptly stop:



Sep 30 12:59:30 newdvlana radiusd[18407]: rlm_eap: No EAP session 
matching the State variable.
Sep 30 12:59:30 newdvlana radiusd[18407]: rlm_eap: No EAP session 
matching the State variable.
Sep 30 12:59:30 newdvlana radiusd[18407]: rlm_eap: No EAP session 
matching the State variable.
Sep 30 12:59:30 newdvlana radiusd[18407]: rlm_eap: No EAP session 
matching the State variable.
Sep 30 12:59:30 newdvlana radiusd[18407]: rlm_eap: No EAP session 
matching the State variable.
Sep 30 12:59:30 newdvlana radiusd[18407]: rlm_eap: No EAP session 
matching the State variable.
Sep 30 12:59:30 newdvlana radiusd[18407]: rlm_eap: No EAP session 
matching the State variable.
Sep 30 12:59:30 newdvlana radiusd[18407]: rlm_eap: No EAP session 
matching the State variable.
Sep 30 12:59:30 newdvlana radiusd[18407]: rlm_eap: No EAP session 
matching the State variable.

[ SNIPPED ]

Sep 30 13:01:37 newdvlana radiusd[18407]: rlm_eap: No EAP session 
matching the State variable.
Sep 30 13:01:37 newdvlana radiusd[18407]: rlm_eap: No EAP session 
matching the State variable.
Sep 30 13:01:37 newdvlana radiusd[18407]: rlm_eap: No EAP session 
matching the State variable.
Sep 30 13:01:38 newdvlana radiusd[18407]: rlm_eap: No EAP session 
matching the State variable.
Sep 30 13:01:38 newdvlana radiusd[18407]: rlm_eap: No EAP session 
matching the State variable.
Sep 30 13:01:38 newdvlana radiusd[18407]: rlm_eap: No EAP session 
matching the State variable.
Sep 30 13:01:38 newdvlana radiusd[18407]: rlm_eap: No EAP session 
matching the State variable.


Which appear in conjunction with:


Sep 30 12:57:08 newdvlanb radiusd[10152]: Discarding duplicate request 
from client resnet1-WiSM-A port 32770 - ID: 126 due to unfinished 
request 187554
Sep 30 12:58:24 newdvlanb radiusd[10152]: Discarding conflicting packet 
from client Rich-core-WiSM-E port 32769 - ID: 155 due to recent request 
207181.
Sep 30 12:58:52 newdvlanb radiusd[10152]: Discarding conflicting packet 
from client Rich-core-WiSM-E port 32769 - ID: 234 due to recent request 
213661.


As well as sometimes:


Sep 30 12:00:21 dvlanc radiusd[16053]: WARNING: Child is hung for 
request 782076 in component authenticate module peap.
Sep 30 12:01:04 dvlanc radiusd[16053]: WARNING: Child is hung for 
request 789836 in component authenticate module peap.
Sep 30 12:01:07 dvlanc radiusd[16053]: WARNING: Child is hung for 
request 789836 in component authenticate module peap.


An oddity is that the issues appear cross server at about the same times:


Sep 30 11:57:25 dvlanc radiusd[16053]: WARNING: Child is hung for 
request 754502 in component authenticate module peap.
Sep 30 11:57:36 newdvlanb radiusd[11924]: WARNING: Child is hung for 
request 828962 in component authenticate module peap.



Any one have any similar battle scars that I can learn from (server 
performance tweaks, optimizations, etc?). I've optimized as best I can 
the SQL component. This all seems related to the samba/winbind/ntlm_auth.


- John Douglass, Sr. Systems IT/Architect, Georgia Institute of Technology
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html






















					Reply via email to