It seems to be exactly what is happening. I have noticed a new think. When the radius crash, the database administration interface continue showing the connection to the radius. Using netstat onto the radius server there are no connection to the database SERVER. Is it possible? May be the firewall?
4IT S.r.l. Massimiliano Tarquini | Amministratore unico --------------------------------------------------------- Via Udine 30-36, 00161 Roma Phone +39 06 97601680 Mobile +39 392 9660669 Fax +39 06 97601683 [email protected] www.4it.it Il presente messaggio e gli eventuali allegati sono di natura confidenziale. Qualora vi fosse pervenuto per errore, vi preghiamo di cancellarlo immediatamente dal vostro sistema e di avvisare il mittente. Grazie. This electronic mail transmission and any accompanying attachments contain confidential information. If you have received this communication in error, please immediately delete the E-mail and either notify the sender. Thank you. -----Messaggio originale----- Da: [email protected] [mailto:[email protected]] Per conto di Alan DeKok Inviato: domenica 14 dicembre 2008 19.54 A: FreeRadius users mailing list Oggetto: Re: R: Postgress SQL connections Massimiliano Tarquini wrote: > We are using the same freeradius as a proxy and it works fine running onto a > different machine. > The proxy auth the outer EAP-TTLS then asks to the radius to auth the inner. That still isn't a very clear description of the network configuration. > There is a firewall between the radius and the database (not between the > proxy and the database). May the firewall cause the problem? Yes. I've never understood why people put firewalls between critical network services. And *then* configure the firewalls to time out inactive connections. In this case, what's happening is this: - FreeRADIUS asks the Postgresql client library to open a socket to the server. - it does - 10 minutes later, the firewall decides that the TCP connection is unused, and discards all knowledge of it - FreeRADIUS receives a new request, and asks the postgresql client library to do an SQL query. - the postgresql library believes that the connection is still up, and tries to use it. - the firewall discards ALL packets for the connection - the kernel blocks all reads && writes that the postgresql client library tries to do.. - which then blocks FreeRADIUS. In short, configuring the firewall to discard sessions after 10 minutes or so of idle time is bad. *Especially* because the connections between FreeRADIUS && the DB are idle for longer than that. This is *not* a problem with FreeRADIUS. You have configured your firewall so that *it* is blocking the server. Fix your firewall, or remove it. Nothing else will solve the problem. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Nessun virus nel messaggio in arrivo. Controllato da AVG - http://www.avg.com Versione: 8.0.176 / Database dei virus: 270.9.17/1846 - Data di rilascio: 12/12/2008 18.59 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
