We're in process of rebuilding a couple web filter boxes on Centos 4.5 running Squid 2.5.STABLE14 (latest from yum) using squid_radius_auth 1.09 for authentication with the following config:
auth_param basic program /usr/local/squid/libexec/squid_radius_auth -f /usr/local/squid/etc/squid_radius_auth.conf auth_param basic children 30 auth_param basic realm Filtered Web Service auth_param basic credentialsttl 4 hours auth_param basic casesensitive off We're seeing an odd issue where radius authentication will start failing sometime after the machine has been in production for a variable amount of time. The issue appears to arise only after at least 6 hours, but sometimes as long as 10 or 11 hours. If the machine is not in production and is only receiving test authentications the issues does not appear to arise. The failures show up as a long lag after correct credentials are issued and an eventual re-request for credentials. When this happens the squid access logs show denies for web traffic from these IPs passing account names that had previously authenticated. This lag is the same behavior we see if the radius server is unreachable, but I can log into the machine and manually run squid_radius_auth from the command line and authenticate without issue while the problem is occurring. During these failures we do no see the authentication requests hitting our Radius servers. However, if I issue a reconfig the problem goes away for another 6+ hours or so. I feels like the child processes are wedging somehow, but I'm not sure how or why. Additionally the old filter servers are running older versions of CentOS, Squid and v106 of squid_radius_auth and they are not seeing the issue. * Has anyone else seen similar behavior? * Is there any additional logging or debugging I can run to hopefully see what is happening? For now we have put in place an hourly cron to issue the reconfig, but this is a pretty cludgy work around. Thank you in advance. Matt Ruzicka Sr. Systems Engineer [EMAIL PROTECTED] www.cisp.com www.yocolo.com 419.724.5300 : tel 419.867.6913 : fax
