Alan DeKok пишет:
Alexander Serkin <[EMAIL PROTECTED]> wrote:
May be someone could give an advice how to debug the problem while the
server will not be in production?
Attach to it with gdb, and see what it's doing.
Got some debugs on this. The problem does not depend on solaris version
- both 9 and 10 have the same effects.
The effect rises up when the request is proxied to other server and this
server does not answer:
rad_recv: Access-Request packet from host 127.0.0.1:34653, id=69, length=81
User-Name = "mobile"
User-Password = "internet"
Calling-Station-Id = "999999999999999"
Framed-Protocol = PPP
Service-Type = Framed-User
NAS-IP-Address = 212.119.97.85
rad_lowerpair: User-Name now 'mobile'
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
rlm_realm: No '@' in User-Name = "mobile", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "mobile"
rlm_realm: Proxying request from user mobile to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 0
users: Matched entry DEFAULT at line 156
modcall[authorize]: module "files" returns ok for request 0
radius_xlat: 'mobile'
rlm_sql (sqlauth): sql_set_user escaped user --> 'mobile'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'mobile' ORDER BY id'
rlm_sql (sqlauth): Reserving sql socket id: 4
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE (usergroup.Username = 'mobile' or
usergroup.CLID = '999999999999999') AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY usergroup.PRIORITY,radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = 'mobile' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE (usergroup.Username = 'mobile' OR
usergroup.CLID = '999999999999999') AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sqlauth): Released sql socket id: 4
modcall[authorize]: module "sqlauth" returns ok for request 0
modcall[authorize]: module "mschap" returns noop for request 0
modcall: leaving group authorize (returns ok) for request 0
Sending Access-Request of id 0 to 212.119.96.99 port 1812
User-Name = "mobile"
User-Password = "internet"
Calling-Station-Id = "999999999999999"
Framed-Protocol = PPP
Service-Type = Framed-User
NAS-IP-Address = 212.119.97.85
Proxy-State = 0x3639
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 0 seconds...
After that the srings Walking/Waking rapidly appear during dead_time
configured in proxy.conf and at the same time the process takes about
50% of CPU on slow netra 1120 (2x440MHz) and up to 99% on Netra-240
(1x1GHz). After dead_time we see:
Waking up in 0 seconds...
--- Walking the entire request list ---
Rejecting request 0 due to lack of any response from home server
localhost:34653
Server rejecting request 0.
Waking up in 0 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 69 to 127.0.0.1 port 34653
Cleaning up request 0 ID 69 with timestamp 45596c9d
Nothing to do. Sleeping until we see a request.
--- Walking the entire request list ---
Nothing to do. Sleeping until we see a request.
I do not understand why it says "home server localhost" while the
request was proxied to home server 212.119.96.99?
May be i have some incorrect configuration in the proxy.conf?
proxy.conf:
Proxy server {
synchronous = no
retry_delay = 5
retry_count = 3
dead_time = 15
default_fallback = no
}
realm DUMMY {
type = radius
authhost = 212.119.96.99:1812
accthost = 212.119.96.99:1813
secret = secret
nostrip
}
--
Sincerely Yours,
Alexander
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html