I've sent all the error log/debug output before .. but Kostas ask me to troubleshoot more.... but i do not know where to start..... I will explain again below:
Problem A ======== - Problem only exist when using FreeBSD 5.1 - with freeradius 0.9.2 & also 0.9.0 (not tested in 0.9.1) - My LDAP server working fine all along(tested using manual ldapsearch when problem happen) i) Error from radius.log Mon Oct 20 18:37:00 2003 : Error: rlm_ldap: uniqueIdentifier=227523,ou=RADIUS,ou=People,dc=com,dc=my bind to x.x.x.x:389 failed: timeout Mon Oct 20 18:37:00 2003 : Error: rlm_ldap: uniqueIdentifier=717710,ou=RADIUS,ou=People,dc=com,dc=my bind to x.x.x.x:389 failed: timeout Mon Oct 20 18:37:03 2003 : Error: rlm_ldap: uniqueIdentifier=983053,ou=RADIUS,ou=People,dc=com,dc=my bind to x.x.x.x:389 failed: timeout ii) From debug output ........... rlm_ldap: performing search in ou=People,dc=jaring,dc=my, with filter (uid=spts) rlm_ldap: checking if remote access for spts is allowed by dialupAccess rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusSessionTimeout as Session-Timeout, value 21600 & op=11 rlm_ldap: Adding radiusFramedCompression as Framed-Compression, value Van-Jacobson-TCP-IP & op=11 rlm_ldap: Adding radiusFramedMTU as Framed-MTU, value 1500 & op=11 rlm_ldap: Adding radiusFramedProtocol as Framed-Protocol, value PPP & op=11 rlm_ldap: Adding radiusServiceType as Service-Type, value Framed-User & op=11 rlm_ldap: user spts authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap1" returns ok for request 561 modcall: group redundant returns ok for request 561 modcall: group authorize returns ok for request 561 rad_check_password: Found Auth-Type LDAP auth: type "LDAP" modcall: entering group Auth-Type for request 561 modcall: entering group redundant for request 561 rlm_ldap: - authenticate rlm_ldap: login attempt by "spts" with password "XXXX" rlm_ldap: user DN: uniqueIdentifier=687130,ou=RADIUS,ou=People,dc=jaring,dc=my rlm_ldap: (re)connect to 61.6.32.201:389, authentication 1 rlm_ldap: bind as uniqueIdentifier=687130,ou=RADIUS,ou=People,dc=jaring,dc=my/spts2003 to 61.6.32 .201:389 rlm_ldap: waiting for bind result ... rlm_ldap: ldap_result() rlm_ldap: uniqueIdentifier=687130,ou=RADIUS,ou=People,dc=jaring,dc=my bind to 61.6.32.201:389 fai led: timeout rlm_ldap: ldap_connect() failed modcall[authenticate]: module "ldap1" returns fail for request 561 rlm_ldap: - authenticate rlm_ldap: login attempt by "spts" with password "XXXX" rlm_ldap: user DN: uniqueIdentifier=687130,ou=RADIUS,ou=People,dc=jaring,dc=my rlm_ldap: (re)connect to 61.6.32.97:389, authentication 1 rlm_ldap: bind as uniqueIdentifier=687130,ou=RADIUS,ou=People,dc=jaring,dc=my/spts2003 to 61.6.32 .97:389 rlm_ldap: waiting for bind result ... rlm_ldap: ldap_result() rlm_ldap: uniqueIdentifier=687130,ou=RADIUS,ou=People,dc=jaring,dc=my bind to 61.6.32.97:389 fail ed: timeout rlm_ldap: ldap_connect() failed modcall[authenticate]: module "ldap2" returns fail for request 561 modcall: group redundant returns fail for request 561 modcall: group Auth-Type returns fail for request 561 auth: Failed to validate the user. Login incorrect: [spts] (from client jhb34 port 239 cli 072270533) Delaying request 561 for 1 seconds Finished request 561 Going to the next request ................. Problem B ======== - ADDED to above problem.. I'm still having "Unresponsive child" problem - LDAP working fine... - not that critical compare to above... i) From radius.log Wed Nov 12 00:59:52 2003 : Error: WARNING: Unresponsive child (id 136795136) for request 322196 Wed Nov 12 01:00:13 2003 : Error: WARNING: Unresponsive child (id 136585216) for request 322292 Wed Nov 12 08:42:48 2003 : Error: WARNING: Unresponsive child (id 135698432) for request 15206 ii) My ldap setting in radiusd.conf - maybe tuning is needed here..... max_request_time = 30 delete_blocked_requests = no cleanup_delay = 5 max_requests = 256000 hostname_lookups = yes allow_core_dumps = no start_servers = 20 max_servers = 1024 min_spare_servers = 10 max_spare_servers = 20 ldap ldap2 { server = "10.1.1.1" identity = "cn=Sysadmin,ou=Applications,dc=jaring,dc=my" password = XXXXXX basedn = "ou=People,dc=jaring,dc=my" filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" start_tls = no access_attr = "dialupAccess" dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 256 timeout = 10 timelimit =10 net_timeout = 5 } Hopefully above info good enough to troubleshoot the problem... --haizam ----- Original Message ----- From: "Alan DeKok" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, November 10, 2003 10:47 PM Subject: Re: Status... > "Rohaizam Abu Bakar" <[EMAIL PROTECTED]> wrote: > > Hopefully in 1.0 release, rlm_ldap can work well with FreeBSD 5.1 > > Currently it has problem.. so i stick with FreeBSD 4.8 (and 4.9) > > Are you willing to tell us what those problems are? > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html