What exactly do error messages like:

Sep 30 12:56:36 newdvlanb radiusd[10152]: rlm_eap: No EAP session matching the State variable. Sep 30 12:00:21 dvlanc radiusd[16053]: WARNING: Child is hung for request 782076 in component authenticate module peap. Sep 30 12:57:08 newdvlanb radiusd[10152]: Discarding duplicate request from client resnet1-WiSM-A port 32770 - ID: 126 due to unfinished request 187554 Sep 30 12:58:24 newdvlanb radiusd[10152]: Discarding conflicting packet from client Rich-core-WiSM-E port 32769 - ID: 155 due to recent request 207181.

mean?

I have attmpted to rectify by seeing if modifying the following configuration options within eap.conf get rid of these.

#  A list is maintained to correlate EAP-Response
        #  packets with EAP-Request packets.  After a
        #  configurable length of time, entries in the list
        #  expire, and are deleted.
        #
        timer_expire     = 120

    #
        #  Help prevent DoS attacks by limiting the number of
        #  sessions that the server is tracking.  Most systems
        #  can handle ~30 EAP sessions/s, so the default limit
        #  of 4096 should be OK.
        max_sessions = 16384

I have even gotten EAP caching (using the Cached-Session-Policy) to two hours now.

These error messages especially appear to occur en masse at or near the hour and then seem to abruptly stop:

Sep 30 12:59:30 newdvlana radiusd[18407]: rlm_eap: No EAP session matching the State variable. Sep 30 12:59:30 newdvlana radiusd[18407]: rlm_eap: No EAP session matching the State variable. Sep 30 12:59:30 newdvlana radiusd[18407]: rlm_eap: No EAP session matching the State variable. Sep 30 12:59:30 newdvlana radiusd[18407]: rlm_eap: No EAP session matching the State variable. Sep 30 12:59:30 newdvlana radiusd[18407]: rlm_eap: No EAP session matching the State variable. Sep 30 12:59:30 newdvlana radiusd[18407]: rlm_eap: No EAP session matching the State variable. Sep 30 12:59:30 newdvlana radiusd[18407]: rlm_eap: No EAP session matching the State variable. Sep 30 12:59:30 newdvlana radiusd[18407]: rlm_eap: No EAP session matching the State variable. Sep 30 12:59:30 newdvlana radiusd[18407]: rlm_eap: No EAP session matching the State variable.
[ SNIPPED ]
Sep 30 13:01:37 newdvlana radiusd[18407]: rlm_eap: No EAP session matching the State variable. Sep 30 13:01:37 newdvlana radiusd[18407]: rlm_eap: No EAP session matching the State variable. Sep 30 13:01:37 newdvlana radiusd[18407]: rlm_eap: No EAP session matching the State variable. Sep 30 13:01:38 newdvlana radiusd[18407]: rlm_eap: No EAP session matching the State variable. Sep 30 13:01:38 newdvlana radiusd[18407]: rlm_eap: No EAP session matching the State variable. Sep 30 13:01:38 newdvlana radiusd[18407]: rlm_eap: No EAP session matching the State variable. Sep 30 13:01:38 newdvlana radiusd[18407]: rlm_eap: No EAP session matching the State variable.

Which appear in conjunction with:

Sep 30 12:57:08 newdvlanb radiusd[10152]: Discarding duplicate request from client resnet1-WiSM-A port 32770 - ID: 126 due to unfinished request 187554 Sep 30 12:58:24 newdvlanb radiusd[10152]: Discarding conflicting packet from client Rich-core-WiSM-E port 32769 - ID: 155 due to recent request 207181. Sep 30 12:58:52 newdvlanb radiusd[10152]: Discarding conflicting packet from client Rich-core-WiSM-E port 32769 - ID: 234 due to recent request 213661.

As well as sometimes:

Sep 30 12:00:21 dvlanc radiusd[16053]: WARNING: Child is hung for request 782076 in component authenticate module peap. Sep 30 12:01:04 dvlanc radiusd[16053]: WARNING: Child is hung for request 789836 in component authenticate module peap. Sep 30 12:01:07 dvlanc radiusd[16053]: WARNING: Child is hung for request 789836 in component authenticate module peap.

An oddity is that the issues appear cross server at about the same times:

Sep 30 11:57:25 dvlanc radiusd[16053]: WARNING: Child is hung for request 754502 in component authenticate module peap. Sep 30 11:57:36 newdvlanb radiusd[11924]: WARNING: Child is hung for request 828962 in component authenticate module peap.

Any one have any similar battle scars that I can learn from (server performance tweaks, optimizations, etc?). I've optimized as best I can the SQL component. This all seems related to the samba/winbind/ntlm_auth.

- John Douglass, Sr. Systems IT/Architect, Georgia Institute of Technology
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to