Alan DeKok wrote:
Jason Wittlin-Cohen <[EMAIL PROTECTED]> wrote:Over the last few days I've been having a recurring problem. Whenever I start Freeradius either with radiusd in a terminal or as a service in Debian, I can not restart/kill radiusd properly if it's authenticated any clients. Restarting the service says it's successful but the radius log states that port 1812 is already in use. "top" shows 100% cpu usageIt looks like http://bugs.freeradius.org/show_bug.cgi?id=365The solution is to not re-initialize the modules on HUP. It works in *most* cases, because the code handling the HUP tries to wait until all of the modules have stopped. But if your back-end DB's are slow, it doesn't have much choice but to proceed with handling the HUP. Most people don't see it because the modules respond quickly. I'd say the first step to a work-around is to make sure none of the modules you're using are blocking the server. I have discovered the root of the problem. When I enable the "check_cert_cn = %{User-Name}" option in eap.conf and successfully authenticate 1 user , a restart or stop of the radiusd service leads to a zombie process which needs to be killed with "kill -9". If this option is disabled, as is the default setting, radiusd can be restarted normally without issue. This issue does not occur if either a) no users have attempted to authenticate, or b) users have authenticated but were rejected. Is this a known issue?Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Jason Wittlin-Cohen |
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html