Hello all, We have the same problem, not only on mschap, but also with ttls+pap and peap+pap. The problem was seen from the wheezy version of freeradius [1], but when upgraded to wheezy-backports [2] (freeradius 2.2.5) the issue was not seen anymore, even with logrotate doing a daemon reload (20 times, for now).
So, a workaround to this issue is to upgrade freeradius to wheezy-backports. Pay attention to openssl Heartbleed check, because from 2014.04.08 [3], freeradius refuse to start when find a supposedly vulnerable version (actually it is not, because was fixed on 1.0.1e-2+deb7u17). Then you need to change radiusd.conf and include: diff --git a/freeradius/radiusd.conf b/freeradius/radiusd.conf index 8feb3e2..cd5d18d 100644 --- a/freeradius/radiusd.conf +++ b/freeradius/radiusd.conf @@ -524,6 +524,9 @@ security { # See also raddb/sites-available/status # status_server = yes + + + allow_vulnerable_openssl = yes } # PROXY CONFIGURATION Regards, Italo [1] versions of freeradius before update (with problem) ii freeradius 2.1.12+dfsg-1.2 amd64 high-performance and highly configurable RADIUS server ii freeradius-common 2.1.12+dfsg-1.2 all FreeRADIUS common files ii freeradius-ldap 2.1.12+dfsg-1.2 amd64 LDAP module for FreeRADIUS server ii freeradius-utils 2.1.12+dfsg-1.2 amd64 FreeRADIUS client utilities ii libfreeradius2 2.1.12+dfsg-1.2 amd64 FreeRADIUS shared library [2] upgraded freeradius to wheezy-backports ii freeradius 2.2.5+dfsg-0.1~bpo70+1 amd64 high-performance and highly configurable RADIUS server ii freeradius-common 2.2.5+dfsg-0.1~bpo70+1 all FreeRADIUS common files ii freeradius-ldap 2.2.5+dfsg-0.1~bpo70+1 amd64 LDAP module for FreeRADIUS server ii freeradius-utils 2.2.5+dfsg-0.1~bpo70+1 amd64 FreeRADIUS client utilities ii libfreeradius2 2.2.5+dfsg-0.1~bpo70+1 amd64 FreeRADIUS shared library [3] http://freeradius.org/security.html