Re: Freeradius hangs
If you had said this at the start, and posted the debug log, youwould have solved the problem a long time ago.This is even in the FAQ: http://wiki.freeradius.org/FAQ#The_NAS_seems_to_ignore_the_reply_of_the_radius_serverAlan DeKok. Alan, As you said, I tried with the option -i : radiusd --i ip_address_radius server -X But still i get the below error message at the radius server end, only one NIC is active now on the server. --- Walking the entire request list ---Waking up in 6 seconds...rad_recv: Access-Request packet from host 192.168.0.1:4754 , id=119,length=151Sending duplicate reply to client dlink:4754 - ID: 119Re-sending Access-Accept of id 219 to 192.168.0.1 port 4754 On the client side MSVPN dialer interface, i see the error message: Error 718:the connection was terminated becasue theremote computer didnt respond in timely manner. Thanks for your patience and co-operation. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius hangs
Karthik R [EMAIL PROTECTED] wrote: But still i get the below error message at the radius server end, only one NIC is active now on the server. Then the problem isn't in the RADIUS server, is it? The server is responding to the NAS, but for some reason, the NAS isn't receiving the packet, or is discarding the packet. It's time to start using 'tcpdump' to see where the packets are going. Also look at firewall rules. But there's nothing more you can do to FreeRADIUS to fix the problem. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius hangs
Karthik R [EMAIL PROTECTED] wrote: When I was observing the radius log, i was typing correct username and password sometime it says access was denied because username\password invalid on the domain. I didnt see anything going wrong in the log message but i didnt understand why i got the above error message. bash3.0#radiusd -X -AWhich doesn't show that access denied message, and doesn't showthe server hanging.I don't understand why posting this debug log would help solve the problem. It does NOT show the problem, and therefore is NOT useful.Alan DeKok Alan, Sorry i missed this part. I mean when i try to connect to remote vpn gateway using MS-VPN dialer interface, on the dialer interface i get this error message ie. access was denied because username\passwordinvalid on the domain. But when i checked the radius log i didnt find anything weird as attached before. Sometimes it hangs in btwauthentication process, so i couldnt caputre the data of it and helpless here. can you help me now... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius hangs
Karthik R [EMAIL PROTECTED] wrote: Sorry i missed this part. I mean when i try to connect to remote vpn gateway using MS-VPN dialer interface, on the dialer interface i get this error message ie. access was denied because username\password invalid on the domain. Does the RADIUS server return Access-Accept for that session? You still haven't said... If the RADIUS server returns Access-Accept, then the problem is that the NAS (or vpn gateway) doesn't like the response. Go read its documentation to see why. But when i checked the radius log i didnt find anything weird as attached before. Sometimes it hangs in btw authentication process, so i couldnt caputre the data of it and helpless here. Again, *specifics* matter. it hangs in btw authentication... WHAT hangs? FreeRADIUS? The client? The NAS? I don't understand why you're so resistant to describing your problem as anything other than it hangs.. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius hangs
Karthik R [EMAIL PROTECTED] wrote: yes, the RADIUS server returned Access-accept for the session requested from NAS. But it again receives the access-request from NAS and sending duplicate reply. If you had said this at the start, and posted the debug log, you would have solved the problem a long time ago. This is even in the FAQ: http://wiki.freeradius.org/FAQ#The_NAS_seems_to_ignore_the_reply_of_the_radius_server Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius hangs
Alan, yes,the RADIUS server returned Access-accept for the session requested from NAS. But it again receives the access-request from NAS and sending duplicate reply. Does it mean NAS unable to process theresponse receivedfrom Freeradius.Below is the reponse snap where i see access-accept and access-request happened several time at same instant.On the NAS end, its pretty plain configuration (configured radius ip and secret passwd) and no logging is available. The NAS documentation doesnt talk aboutradius error codes. Sending Access-Accept of id 219 to 192.168.0.1 port 4754 MS-CHAP2-Success = 0x9f533d4144303343353841384530373345413237304530304341364531383431433344383938383938 MS-MPPE-Recv-Key = 0xdc882e2dfa10109679e37fe4bafba95d MS-MPPE-Send-Key = 0xf3e3e6a91f2d6e4b64b8b2e5add4bdad MS-MPPE-Encryption-Policy = 0x0002 MS-MPPE-Encryption-Types = 0x0004 Finished request 12Going to the next request --- Walking the entire request list ---Waking up in 6 seconds...rad_recv: Access-Request packet from host 192.168.0.1:4754 , id=219, length=151Sending duplicate reply to client dlink:4754 - ID: 219 Re-sending Access-Accept of id 219 to 192.168.0.1 port 4754Waking up in 6 seconds...rad_recv: Access-Request packet from host 192.168.0.1:4754 , id=219, length=151Sending duplicate reply to client dlink:4754 - ID: 219Re-sending Access-Accept of id 219 to 192.168.0.1 port 4754 Waking up in 6 seconds... so when i have thislog message at radius srv end,at the client dialer interfacei get thiserror message asaccess was denied because username\password invalid on the domain. But am sure the logon credentials are correct. Also freeradius servicehangs sometime during authentication process whileprocessing request which camefrom NAS box. sorry about vague reply. Kartthik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius hangs
sigh That's the message on the NAS. And you're simply repeatingyour earlier comment that it doesn't work.Again, what is the RADIUS server doing? You can't expect tounderstand what the RADIUS server is doing by looking at the NAS. You
have to look at the RADIUS server.
Alan,
When Iwas observing theradius log, i was typingcorrect username and password sometime it says access was denied because username\password invalid on the domain. I didnt see anything going wrong in the log message but i didnt understand why i got the above error message.
bash3.0#radiusd -X -AStarting - reading configuration files ...reread_config: reading radiusd.confConfig: including file: /usr/local/etc/raddb/proxy.confConfig: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.confConfig: including file: /usr/local/etc/raddb/eap.confConfig: including file: /usr/local/etc/raddb/sql.confmain: prefix = /usr/localmain: localstatedir = /usr/local/var
main: logdir = /usr/local/var/log/radiusmain: libdir = /usr/local/libmain: radacctdir = /usr/local/var/log/radius/radacctmain: hostname_lookups = nomain: max_request_time = 30
main: cleanup_delay = 5main: max_requests = 1024main: delete_blocked_requests = 0main: port = 0main: allow_core_dumps = nomain: log_stripped_names = nomain: log_file = /usr/local/var/log/radius/radius.log
main: log_auth = nomain: log_auth_badpass = nomain: log_auth_goodpass = nomain: pidfile = /usr/local/var/run/radiusd/radiusd.pidmain: user = (null)main: group = (null)
main: usercollide = nomain: lower_user = nomain: lower_pass = nomain: nospace_user = nomain: nospace_pass = nomain: checkrad = /usr/local/sbin/checkrad
main: proxy_requests = yesproxy: retry_delay = 5proxy: retry_count = 3proxy: synchronous = noproxy: default_fallback = yesproxy: dead_time = 120proxy: post_proxy_authorize = noproxy: wake_all_if_all_dead = no
security: max_attributes = 200security: reject_delay = 1security: status_server = nomain: debug_level = 0read_config_files: reading dictionaryread_config_files: reading naslistUsing deprecated naslist file. Support for this will go away soon.
read_config_files: reading clientsread_config_files: reading realmsradiusd: entering modules setupModule: Library search path is /usr/local/libModule: Loaded execexec: wait = yesexec: program = (null)
exec: input_pairs = requestexec: output_pairs = (null)exec: packet_type = (null)rlm_exec: Wait=yes but no output defined. Did you mean output=none?Module: Instantiated exec (exec)
Module: Loaded exprModule: Instantiated expr (expr)Module: Loaded MS-CHAPmschap: use_mppe = yesmschap: require_encryption = yesmschap: require_strong = yesmschap: with_ntdomain_hack = yesmschap: passwd = (null)
mschap: authtype = MS-CHAPmschap: ntlm_auth = /usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name} --domain=%{mschap:NT-Domain} --challenge=%{mschap:Challenge} --nt-response=%{mschap:NT-Response}
Module: Instantiated mschap (mschap)Module: Loaded PAPpap: encryption_scheme = cryptModule: Instantiated pap (pap)Module: Loaded CHAPModule: Instantiated chap (chap)Module: Loaded System
unix: cache = nounix: passwd = (null)unix: shadow = (null)unix: group = (null)unix: radwtmp = /usr/local/var/log/radius/radwtmpunix: usegroup = no
unix: cache_reload = 600Module: Instantiated unix (unix)Module: Loaded eapeap: default_eap_type = peapeap: timer_expire = 60eap: ignore_unknown_eap_types = noeap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5rlm_eap: Loaded and initialized type leapgtc: challenge = Password: gtc: auth_type = PAPrlm_eap: Loaded and initialized type gtctls: rsa_key_exchange = no
tls: dh_key_exchange = yestls: rsa_key_length = 512tls: dh_key_length = 512tls: verify_depth = 0tls: CA_path = (null)tls: pem_file_type = yestls: private_key_file = /usr/local/etc/raddb/secert/cert-
srv.pemtls: certificate_file = /usr/local/etc/raddb/secert/cert-srv.pemtls: CA_file = /usr/local/etc/raddb/secert/root.pemtls: private_key_password = removed
tls: dh_file = /usr/local/etc/raddb/secert/dhtls: random_file = /usr/local/etc/raddb/secert/randomtls: fragment_size = 1024tls: include_length = yestls: check_crl = notls: check_cert_cn = (null)
rlm_eap_tls: Loading the certificate file as a chainrlm_eap: Loaded and initialized type tlspeap: default_eap_type = mschapv2peap: copy_request_to_tunnel = nopeap: use_tunneled_reply = no
peap: proxy_tunneled_request_as_eap = yesrlm_eap: Loaded and initialized type peapmschapv2: with_ntdomain_hack = norlm_eap: Loaded and initialized type mschapv2Module: Instantiated eap (eap)Module: Loaded preprocess
preprocess: huntgroups = /usr/local/etc/raddb/huntgroupspreprocess: hints = /usr/local/etc/raddb/hintspreprocess: with_ascend_hack = nopreprocess: ascend_channels_per_line = 23preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = nopreprocess: with_cisco_vsa_hack = noModule: Instantiated preprocess (preprocess)Module: Loaded realmrealm: format =
Re: Freeradius hangs
Karthik R [EMAIL PROTECTED] wrote: When I was observing the radius log, i was typing correct username and password sometime it says access was denied because username\password invalid on the domain. I didnt see anything going wrong in the log message but i didnt understand why i got the above error message. bash3.0#radiusd -X -A Which doesn't show that access denied message, and doesn't show the server hanging. I don't understand why posting this debug log would help solve the problem. It does NOT show the problem, and therefore is NOT useful. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius hangs
Karthik R [EMAIL PROTECTED] wrote: Am running Freeradius ver 1.1.1 on a RHEL 3 box which keeps hanging frequently. So everytime i need to restart the freeradius service. Is this version is stable one ?Yes. Where is it hanging? What is going wrong? Do you have anyadditional information? Alan DeKok. Alan, Have configured dlink f/w for remote users login which authenticatesusers against AD using freeradius. When users tries to connect it says verifying username and password and it doesnt proceed further. Unless i restart the radius service. I made the radius service to run on the background and this happens intermittently. Kartthik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius hangs
Karthik R [EMAIL PROTECTED] wrote: Have configured dlink f/w for remote users login which authenticates users against AD using freeradius. When users tries to connect it says verifying username and password and it doesnt proceed further. sigh That's the message on the NAS. And you're simply repeating your earlier comment that it doesn't work. Again, what is the RADIUS server doing? You can't expect to understand what the RADIUS server is doing by looking at the NAS. You have to look at the RADIUS server. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius hangs, using 98% CPU
For some time we've had an intermittent problem where freeradius becomes unresponsive, consuming at least 98% of the CPU. A 'kill -TERM' will sometimes kill the daemon, but usually a 'kill -9' is needed. This always seems to happen right about when we reload the config (with a HUP), or stop and restart the daemon. We're using freeradius 1.0.5 on FreeBSD 5.5-PRERELEASE, but we also saw this problem with FR 1.0.1 on FreeBSD 5.3 and 5.4. We recently added an authorization step (using LDAP and perl) to our Kerberos-authenticated wireless service, and this might offer some clues about the timing of the problem. A sample from our radius.log is attached. At 14:12:04, two users (user1 and user2) connect at about the same time, are authorized by rlm_perl, and then authenticated with Kerberos. Then, at 14:12:06, user3 connects just as the daemon gets the HUP signal. User3 is authorized, but never gets authenticated; the daemon reloads, but is unresponsive until I kill and restart it at 14:30:01 I'm guessing that the daemon can hang if it gets a signal just as the rlm_krb5 module is called. It's marked RLM_TYPE_THREAD_UNSAFE, so it gets a mutex, and attaching gdb to the hung daemon showed: [Switching to LWP 100171] 0x28205940 in pthread_mutexattr_init () from /usr/lib/libpthread.so.1 (gdb) where #0 0x28205940 in pthread_mutexattr_init () from /usr/lib/libpthread.so.1 Is anyone aware of any freeradius thread problems (especially related to the FreeBSD thread libraries) that might explain this? Any suggestions for avoiding the problem or tracking it down in more detail? Thanks, -- George C. Kaplan[EMAIL PROTECTED] Communication Network Services510-643-0496 University of California at Berkeley Tue Mar 7 14:12:04 2006 : rlm_perl: [user1] EMPLOYEE-TYPE-ACADEMIC OK Tue Mar 7 14:12:04 2006 : rlm_perl: [user2] STUDENT-TERM-SPRING OK Tue Mar 7 14:12:04 2006 : Auth: Login OK: [user1] (from client wireless-gw1 port 3002 cli 000e35a87f43) Tue Mar 7 14:12:04 2006 : Auth: Login OK: [user2] (from client wireless-gw1 port 1002 cli 00904b5de43b) Tue Mar 7 14:12:06 2006 : rlm_perl: [user3] STUDENT-TERM-SPRING OK Tue Mar 7 14:12:06 2006 : Info: Reloading configuration files. Tue Mar 7 14:12:06 2006 : Info: Using deprecated naslist file. Support for this will go away soon. Tue Mar 7 14:12:06 2006 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none? Tue Mar 7 14:12:06 2006 : Auth: rlm_krb5: krb5_init ok Tue Mar 7 14:12:06 2006 : Info: rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no Tue Mar 7 14:12:06 2006 : Info: rlm_passwd: nfields: 6 keyfield 0(User-Name) listable: no Tue Mar 7 14:12:06 2006 : Info: rlm_passwd: nfields: 2 keyfield 0(User-Name) listable: no Tue Mar 7 14:12:07 2006 : Info: Ready to process requests. Tue Mar 7 14:30:01 2006 : Error: WARNING: Unresponsive child (id 136453120) for request 31420 Tue Mar 7 14:30:03 2006 : Info: Using deprecated naslist file. Support for this will go away soon. Tue Mar 7 14:30:03 2006 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none? Tue Mar 7 14:30:03 2006 : Auth: rlm_krb5: krb5_init ok Tue Mar 7 14:30:03 2006 : Info: rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no Tue Mar 7 14:30:03 2006 : Info: rlm_passwd: nfields: 6 keyfield 0(User-Name) listable: no Tue Mar 7 14:30:03 2006 : Info: rlm_passwd: nfields: 2 keyfield 0(User-Name) listable: no Tue Mar 7 14:30:03 2006 : Info: Ready to process requests. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius hangs, using 98% CPU
George C. Kaplan [EMAIL PROTECTED] wrote: I'm guessing that the daemon can hang if it gets a signal just as the rlm_krb5 module is called. It's marked RLM_TYPE_THREAD_UNSAFE, so it gets a mutex, and attaching gdb to the hung daemon showed: That's bad. Is anyone aware of any freeradius thread problems (especially related to the FreeBSD thread libraries) that might explain this? Any suggestions for avoiding the problem or tracking it down in more detail? I'd suggest trying 1.1.0, which has a number of fixes in general, but I don't know that it would fix this problem. Then, at 14:12:06, user3 connects just as the daemon gets the HUP signal. Hmm... there are issues with HUP handling that got fixed in 1.1.0. Maybe that will help. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius hangs after a HUP
I was tired of trying to find a quick way to fix this so I ended up basically formatting the box and reinstalling. Everything works fine now. Not sure what the problem was but it's now resolved. Joe H. On Fri, 28 Jan 2005, Joe H wrote: On Thu, 27 Jan 2005, Alan DeKok wrote: Joe H [EMAIL PROTECTED] wrote: I am new to using gdb so if I did something wrong let me know. See doc/bugs I did read the bugs and it looked like it was only for core files, this doesn't generate a core file. Type 'bt' in gdb, which will tell you where in the code it's currently executing. After your suggestion, I ran a bt on the radiusd process before and after the restart and both showed: #0 0x10250654 in __sys_poll () from /usr/lib/libc_r.so.4 #1 0x1024fb39 in _thread_kern_sched_state_unlock () from /usr/lib/libc_r.so.4 #2 0x1024f4ee in _thread_kern_scheduler () from /usr/lib/libc_r.so.4 #3 0x0 in ?? () Joe H. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius hangs after a HUP
On Thu, 27 Jan 2005, Alan DeKok wrote: Joe H [EMAIL PROTECTED] wrote: I am new to using gdb so if I did something wrong let me know. See doc/bugs I did read the bugs and it looked like it was only for core files, this doesn't generate a core file. Type 'bt' in gdb, which will tell you where in the code it's currently executing. After your suggestion, I ran a bt on the radiusd process before and after the restart and both showed: #0 0x10250654 in __sys_poll () from /usr/lib/libc_r.so.4 #1 0x1024fb39 in _thread_kern_sched_state_unlock () from /usr/lib/libc_r.so.4 #2 0x1024f4ee in _thread_kern_scheduler () from /usr/lib/libc_r.so.4 #3 0x0 in ?? () Joe H. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius hangs after a HUP
I have tried running the gdb program and it didn't mean much to me. Here is the output I got: (gdb) attach 53964 Attaching to program: /usr/local/sbin/radiusd, process 53964 Symbols already loaded for /usr/lib/libcrypt.so.2 Symbols already loaded for /usr/lib/libcipher.so.2 Symbols already loaded for /usr/lib/libcrypto.so.3 Symbols already loaded for /usr/lib/libssl.so.3 Symbols already loaded for /usr/local/lib/libradius-1.0.1.so Symbols already loaded for /usr/local/lib/libltdl.so.4 Symbols already loaded for /usr/lib/libc_r.so.4 Symbols already loaded for /usr/lib/libc.so.4 Symbols already loaded for /usr/local/lib/libldap_r.so Symbols already loaded for /usr/local/lib/liblber-2.2.so.7 Symbols already loaded for /usr/local/lib/libsasl.so Symbols already loaded for /usr/local/lib/libdb3.so.3 Symbols already loaded for /usr/lib/libpam.so.1 Symbols already loaded for /usr/local/lib/compat/pkg/libldap.so.2 Symbols already loaded for /usr/local/lib/compat/pkg/liblber.so.2 Symbols already loaded for /usr/lib/libssl.so.2 Symbols already loaded for /usr/lib/libcrypto.so.2 Symbols already loaded for /usr/local/lib/rlm_ldap-1.0.1.so Symbols already loaded for /usr/local/lib/rlm_preprocess-1.0.1.so Symbols already loaded for /usr/local/lib/rlm_realm-1.0.1.so Symbols already loaded for /usr/local/lib/rlm_files-1.0.1.so Symbols already loaded for /usr/local/lib/rlm_detail-1.0.1.so Symbols already loaded for /usr/libexec/ld-elf.so.1 0x10250654 in __sys_poll () from /usr/lib/libc_r.so.4 (gdb) cont Continuing. ** this is where I issued the restart ** Error accessing memory address 0x1029430c: No such process. I am new to using gdb so if I did something wrong let me know. Joe H. On Wed, 26 Jan 2005, Alan DeKok wrote: Joe H [EMAIL PROTECTED] wrote: The total controls that we use for dialup access seem to make one connection to the radius server and hold it. RADIUS is UDP. There is no connection. Seems like it's waiting for the connection to end before it closes. Find out *where* in the code it's waiting. That will tell you *why*. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius hangs after a HUP
Joe H [EMAIL PROTECTED] wrote: I am new to using gdb so if I did something wrong let me know. See doc/bugs Type 'bt' in gdb, which will tell you where in the code it's currently executing. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius hangs after a HUP
Is it possible that an active connection to the radius server could hold the radius process from stopping or restarting properly? The total controls that we use for dialup access seem to make one connection to the radius server and hold it. I'm wondering if this could be causing the problem with what looks like looping. Seems like it's waiting for the connection to end before it closes. If this is the case, is there a way to make it force the close of the connection, kind of like how a kill -9 does, only more graceful. Joe H. On Tue, 25 Jan 2005 [EMAIL PROTECTED] wrote: Joe H schrieb: I updated all the server to freebsd 4.10 (snipp) Program received signal SIGTERM, Terminated. 0x10250654 in __sys_poll () from /usr/lib/libc_r.so.4 I'm not sure how helpful that will be to anyone but it's all the information it showed. Sounds like it's telling you that everything is OK... Some very wild guessing: I'm wondering if there might be some problem with signal handling. IIRC there are some subtle differences between BSD and System V signal handling. Maybe ignoring the TERM signal during cleanup doesn't work quite as intended or something similar? Doing some experiments with other signal processing functions (sigprocmask,sigaction) to replace signal(SIGTERM, SIG_IGN); or adding some output to the signal handling functions so you do see when they are called during shutdown might turn up something... HTH, Stefan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius hangs after a HUP
Hi ; How can I send all these information to a Mysql Database ?? Does anyone have any ideia that can help me ?? Thanks Fabio Mon Aug 30 14:38:18 2004 NAS-IP-Address = 192.168.115.4 Cisco-NAS-Port = CAS 1:0 NAS-Port-Type = Async User-Name = 351289767299 Called-Station-Id = 17863045678 Calling-Station-Id = 351212362299 Acct-Status-Type = Stop Service-Type = Login-User h323-gw-id = h323-gw-id=Test0909 Cisco-AVPair = h323-incoming-conf-id=D397A0 F9CA11D8 9519C3E7 31564DA6 h323-call-origin = h323-call-origin=originate h323-call-type = h323-call-type=Telephony h323-setup-time = h323-setup-time=14:45:00.680 GMT Mon Aug 30 2004 h323-connect-time = h323-connect-time=14:45:23.482 GMT Mon Aug 30 2004 h323-disconnect-time = h323-disconnect-time=14:46:06.352 GMT Mon Aug 30 2004 h323-disconnect-cause = h323-disconnect-cause=10 h323-voice-quality = h323-voice-quality=0 h323-conf-id = h323-conf-id=D397A0 F9CA11D8 9519C3E7 31564DA6 Acct-Session-Id = EDD9 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius hangs after a HUP
Looks like someone needs to read the rules. Don't steal my thread, start your own. On Wed, 26 Jan 2005, [iso-8859-1] Fabio Viração wrote: Hi ; How can I send all these information to a Mysql Database ?? Does anyone have any ideia that can help me ?? Thanks Fabio Mon Aug 30 14:38:18 2004 NAS-IP-Address = 192.168.115.4 Cisco-NAS-Port = CAS 1:0 NAS-Port-Type = Async User-Name = 351289767299 Called-Station-Id = 17863045678 Calling-Station-Id = 351212362299 Acct-Status-Type = Stop Service-Type = Login-User h323-gw-id = h323-gw-id=Test0909 Cisco-AVPair = h323-incoming-conf-id=D397A0 F9CA11D8 9519C3E7 31564DA6 h323-call-origin = h323-call-origin=originate h323-call-type = h323-call-type=Telephony h323-setup-time = h323-setup-time=14:45:00.680 GMT Mon Aug 30 2004 h323-connect-time = h323-connect-time=14:45:23.482 GMT Mon Aug 30 2004 h323-disconnect-time = h323-disconnect-time=14:46:06.352 GMT Mon Aug 30 2004 h323-disconnect-cause = h323-disconnect-cause=10 h323-voice-quality = h323-voice-quality=0 h323-conf-id = h323-conf-id=D397A0 F9CA11D8 9519C3E7 31564DA6 Acct-Session-Id = EDD9 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius hangs after a HUP
Joe H [EMAIL PROTECTED] wrote: The total controls that we use for dialup access seem to make one connection to the radius server and hold it. RADIUS is UDP. There is no connection. Seems like it's waiting for the connection to end before it closes. Find out *where* in the code it's waiting. That will tell you *why*. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius hangs after a HUP
Joe H schrieb: I updated all the server to freebsd 4.10 (snipp) Program received signal SIGTERM, Terminated. 0x10250654 in __sys_poll () from /usr/lib/libc_r.so.4 I'm not sure how helpful that will be to anyone but it's all the information it showed. Sounds like it's telling you that everything is OK... Some very wild guessing: I'm wondering if there might be some problem with signal handling. IIRC there are some subtle differences between BSD and System V signal handling. Maybe ignoring the TERM signal during cleanup doesn't work quite as intended or something similar? Doing some experiments with other signal processing functions (sigprocmask,sigaction) to replace signal(SIGTERM, SIG_IGN); or adding some output to the signal handling functions so you do see when they are called during shutdown might turn up something... HTH, Stefan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius hangs after a HUP
I updated all the server to freebsd 4.10 with the latest patch release, rebuilt world and kernel and I am still having the same issue when I attempt to restart or HUP the radiusd process. It seems to be looping as Alan said. I did do the gdb and when it I issue the radiusd.sh restart command, it prints this to the screen and stops. Program received signal SIGTERM, Terminated. 0x10250654 in __sys_poll () from /usr/lib/libc_r.so.4 I'm not sure how helpful that will be to anyone but it's all the information it showed. Let me know if this rings any bells. Joe H. On Wed, 19 Jan 2005, Alan DeKok wrote: Joe H [EMAIL PROTECTED] wrote: With my situation, doing the restart of the process causes radius to stop working and the radius process climbs to about 90% CPU usage. It sounds like it's in a busy loop. My suggestion is to use gdb to attach to the running process, and see where in the source it's busy-looping. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius hangs when sql-server does not answer
I run freeradius 1.0.1 on redhat linux as3.2
I do accounting to a mysql-database. In radiusd.conf I have:
accounting {
detail
redundant {
sql
ok
}
}
To test failure of sql-server I block incoming packets from sql-server
with iptables.
If packets are blocked freeradius hangs and does not answer
incoming requests - even authorisation requests which do not need
sql-server.
Output from radiusd -X stops after showing the sql-statement send
to mysql-server.
Output continues normally after I release the iptables filter.
Grüße
Hans-Peter Fuchs
Hans-Peter Fuchs - RZKR, Zimmer 20
Zentrum fuer angewandte Informatik - Universitaetsweiter Service RRZK
Universität zu Köln - Tel: 0221-470-6972
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius hangs after a HUP
We have two seemingly identical freeradius servers, for this email lets call them radius-1 and radius-2. Both are FreeBSD 4.9 systems running freeradius 1.0.1 with an Openldap 2.2.18 authentication method. Both machines run freeradius without a problem. When I send a HUP to reload the config files on radius-1, the radiusd process hangs and needs to be killed and started. If I do the same process on radius-2, it reloads fine. I have diffed all the configs and the only thing that is different in them is the listen statements in the radiusd.conf, as they should be. My question is, has anyone seen this before and if so, how was it fixed? Troubleshooting already done: Checked configs for errors. reinstalled freeradius Thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius hangs after a HUP
Message: 8 Date: Wed, 19 Jan 2005 12:17:05 -0500 (EST) From: Joe H [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Subject: Freeradius hangs after a HUP Reply-To: freeradius-users@lists.freeradius.org We have two seemingly identical freeradius servers, for this email lets call them radius-1 and radius-2. Both are FreeBSD 4.9 systems running freeradius 1.0.1 with an Openldap 2.2.18 authentication method. Both machines run freeradius without a problem. When I send a HUP to reload the config files on radius-1, the radiusd process hangs and needs to be killed and started. If I do the same process on radius-2, it reloads fine. I have diffed all the configs and the only thing that is different in them is the listen statements in the radiusd.conf, as they should be. My question is, has anyone seen this before and if so, how was it fixed? Troubleshooting already done: Checked configs for errors. reinstalled freeradius Thanks. --__--__-- We had this problem with two different versions (pre 1) to the point were we just gave up on HUP. we just force a restart each time. the 30 second reload time doesn't affect the users as far as we can see and we ensure we get a clean load each time. BTW, we are/were running this on Sol 8 and now Sol 9. -- Terry J Fike Jr System Administrator MTA Solutions 907-793-4100 [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius hangs after a HUP
Message: 8 Date: Wed, 19 Jan 2005 12:17:05 -0500 (EST) From: Joe H [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Subject: Freeradius hangs after a HUP Reply-To: freeradius-users@lists.freeradius.org We have two seemingly identical freeradius servers, for this email lets call them radius-1 and radius-2. Both are FreeBSD 4.9 systems running freeradius 1.0.1 with an Openldap 2.2.18 authentication method. Both machines run freeradius without a problem. When I send a HUP to reload the config files on radius-1, the radiusd process hangs and needs to be killed and started. If I do the same process on radius-2, it reloads fine. I have diffed all the configs and the only thing that is different in them is the listen statements in the radiusd.conf, as they should be. My question is, has anyone seen this before and if so, how was it fixed? Troubleshooting already done: Checked configs for errors. reinstalled freeradius Thanks. --__--__-- We had this problem with two different versions (pre 1) to the point were we just gave up on HUP. we just force a restart each time. the 30 second reload time doesn't affect the users as far as we can see and we ensure we get a clean load each time. BTW, we are/were running this on Sol 8 and now Sol 9. -- Terry J Fike Jr System Administrator MTA Solutions 907-793-4100 [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html With my situation, doing the restart of the process causes radius to stop working and the radius process climbs to about 90% CPU usage. It just displays the process number over and over. I have let it set for up to a couple minutes with it never actually restarting. Here is what I see: # ./radiusd.sh restart Stopping radiusd. Waiting for PIDS: 366, 366, 366, 366, 366, 366, 366, 366, 366, 366, 366, 366, 366, 366^C This is just an example for about 10 seconds worth of waiting but it does the exact same thing whether I wait 10 seconds or 2 minutes. I am planning to do a fresh reinstall of all the ports along with a source update unless I can figure out a solution for this. We do quite a few changes to the configs so this is becoming a problem. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius hangs after a HUP
Joe H [EMAIL PROTECTED] wrote: With my situation, doing the restart of the process causes radius to stop working and the radius process climbs to about 90% CPU usage. It sounds like it's in a busy loop. My suggestion is to use gdb to attach to the running process, and see where in the source it's busy-looping. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
