Unresponsive child problem

Tue, 17 Oct 2006 02:24:46 -0700 

Hi,
We use Freeradius to authenticate users on our Wireless Network with EAP-TTLS/PAP. Users credentials are stored in an Openldap directory. 


We use a FreeBSD 6.1 for both Openldap (version 2.3.21) and Freeradius 
(version 1.1.3) servers.


Here's the problem :

Sometimes Freeradius seems to freeze, by the way nobody can authenticate.

When the problem happens we always get this kind of logs :

----------------------------------------------------------------------------------------------

Mon Oct 16 14:37:55 2006 : Error: WARNING: Unresponsive child (id 
138254336) for request 193144
Mon Oct 16 14:37:56 2006 : Auth: Login OK: [anonymous] (from client wds1 
port 81519 cli 0012.f085.47b6)
Mon Oct 16 14:37:56 2006 : Auth: Login incorrect (rlm_ldap: User not 
found): [mitschi] (from client localhost port 226570 cli 0016.cbf6.f173)
Mon Oct 16 14:37:56 2006 : Error: rlm_eap: Either EAP-request timed out 
OR EAP-response to an unknown EAP-request
Mon Oct 16 14:37:56 2006 : Auth: Login incorrect: [anonymous] (from 
client wds3 port 385187 cli 0013.027d.7685)
Mon Oct 16 14:37:57 2006 : Info: rlm_radutmp: Login entry for NAS 
sceco-ap10 port 5125 duplicate
Mon Oct 16 14:37:57 2006 : Error: WARNING: Unresponsive child (id 
142451200) for request 193148
Mon Oct 16 14:37:57 2006 : Auth: Login incorrect: [anonymous] (from 
client wds4 port 226570 cli 0016.cbf6.f173)
Mon Oct 16 14:37:57 2006 : Error: WARNING: Unresponsive child (id 
141391360) for request 193161
Mon Oct 16 14:37:58 2006 : Error: WARNING: Unresponsive child (id 
136836608) for request 193160
Mon Oct 16 14:37:58 2006 : Error: WARNING: Unresponsive child (id 
142492672) for request 193168

Mon Oct 16 14:37:58 2006 : Error: TLS Alert write:fatal:bad record mac

Mon Oct 16 14:37:58 2006 : Error:     TLS_accept:error in SSLv3 read 
certificate verify A
Mon Oct 16 14:37:58 2006 : Error: rlm_eap: SSL error error:1408F455:SSL 
routines:SSL3_GET_RECORD:decryption failed or bad record mac
Mon Oct 16 14:37:58 2006 : Error: rlm_eap_tls: SSL_read failed in a 
system call (-1), TLS session fails.
Mon Oct 16 14:37:58 2006 : Error: WARNING: Unresponsive child (id 
143504384) for request 193170
Mon Oct 16 14:37:58 2006 : Error: WARNING: Unresponsive child (id 
136609280) for request 193169

Mon Oct 16 14:37:58 2006 : Error: TLS Alert write:fatal:bad record mac

Mon Oct 16 14:37:58 2006 : Error:     TLS_accept:error in SSLv3 read 
certificate verify A
Mon Oct 16 14:37:58 2006 : Error: rlm_eap: SSL error error:1408F455:SSL 
routines:SSL3_GET_RECORD:decryption failed or bad record mac
Mon Oct 16 14:37:58 2006 : Error: rlm_eap: SSL error 
error:00000000:lib(0):func(0):reason(0)
Mon Oct 16 14:37:58 2006 : Error: rlm_eap: Either EAP-request timed out 
OR EAP-response to an unknown EAP-request
Mon Oct 16 14:37:58 2006 : Error: rlm_eap_tls: SSL_read failed in a 
system call (-1), TLS session fails.
Mon Oct 16 14:37:58 2006 : Auth: Login incorrect: [anonymous] (from 
client wds1 port 81519 cli 0012.f085.47b6)
Mon Oct 16 14:37:59 2006 : Error: Discarding duplicate request from 
client wds3:1645 - ID: 60 due to unfinished request 193267
Mon Oct 16 14:38:00 2006 : Error: rlm_eap: Either EAP-request timed out 
OR EAP-response to an unknown EAP-request
Mon Oct 16 14:38:00 2006 : Auth: Login incorrect: [anonymous] (from 
client wds3 port 385200 cli 0016.6f1d.95ab)
Mon Oct 16 14:38:00 2006 : Error: WARNING: Unresponsive child (id 
138869248) for request 193183
Mon Oct 16 14:38:00 2006 : Error: rlm_radutmp: Logout for NAS eost-ap8 
port 30871, but no Login record
Mon Oct 16 14:38:00 2006 : Error: rlm_eap: Either EAP-request timed out 
OR EAP-response to an unknown EAP-request
Mon Oct 16 14:38:00 2006 : Auth: Login incorrect: [anonymous] (from 
client wds4 port 226570 cli 0016.cbf6.f173)
Mon Oct 16 14:38:00 2006 : Error: rlm_eap: Either EAP-request timed out 
OR EAP-response to an unknown EAP-request
Mon Oct 16 14:38:00 2006 : Auth: Login incorrect: [anonymous] (from 
client wds4 port 226571 cli 0012.f084.8584)
Mon Oct 16 14:38:01 2006 : Info: rlm_radutmp: Login entry for NAS 
atrium-ap4 port 2330 duplicate
Mon Oct 16 14:38:01 2006 : Error: WARNING: Unresponsive child (id 
143503360) for request 193188
Mon Oct 16 14:38:02 2006 : Error: WARNING: Unresponsive child (id 
141392384) for request 193192
Mon Oct 16 14:38:03 2006 : Error: WARNING: Unresponsive child (id 
138870272) for request 193201
Mon Oct 16 14:38:03 2006 : Error: WARNING: Unresponsive child (id 
138002944) for request 193191
Mon Oct 16 14:38:03 2006 : Error: WARNING: Unresponsive child (id 
141391872) for request 193194
Mon Oct 16 14:38:03 2006 : Error: WARNING: Unresponsive child (id 
138741248) for request 193193
Mon Oct 16 14:38:03 2006 : Error:     TLS_accept:error in SSLv3 read 
client certificate A
Mon Oct 16 14:38:03 2006 : Error: rlm_eap: SSL error 
error:00000000:lib(0):func(0):reason(0)
Mon Oct 16 14:38:05 2006 : Error:     TLS_accept:error in SSLv3 read 
client certificate A
Mon Oct 16 14:38:05 2006 : Error: rlm_eap: SSL error 
error:00000000:lib(0):func(0):reason(0)
Mon Oct 16 14:38:06 2006 : Error: WARNING: Unresponsive child (id 
143275008) for request 193217
Mon Oct 16 14:38:06 2006 : Error:     TLS_accept:error in SSLv3 read 
client certificate A
Mon Oct 16 14:38:06 2006 : Error: rlm_eap: SSL error 
error:00000000:lib(0):func(0):reason(0)
Mon Oct 16 14:38:07 2006 : Error: WARNING: Unresponsive child (id 
137878528) for request 193208
Mon Oct 16 14:38:07 2006 : Error:     TLS_accept:error in SSLv3 read 
client certificate A
Mon Oct 16 14:38:07 2006 : Error: rlm_eap: SSL error 
error:00000000:lib(0):func(0):reason(0)
Mon Oct 16 14:38:07 2006 : Error: WARNING: Unresponsive child (id 
136836096) for request 193230
Mon Oct 16 14:38:07 2006 : Error: Discarding duplicate request from 
client wds3:1645 - ID: 67 due to unfinished request 193295
Mon Oct 16 14:38:08 2006 : Info: rlm_radutmp: Login entry for NAS 
eost-ap7 port 4634 duplicate
Mon Oct 16 14:38:09 2006 : Error:     TLS_accept:error in SSLv3 read 
client certificate A
Mon Oct 16 14:38:09 2006 : Error: rlm_eap: SSL error 
error:00000000:lib(0):func(0):reason(0)
Mon Oct 16 14:38:09 2006 : Error:     TLS_accept:error in SSLv3 read 
client certificate A
Mon Oct 16 14:38:09 2006 : Error: rlm_eap: SSL error 
error:00000000:lib(0):func(0):reason(0)
Mon Oct 16 14:38:09 2006 : Error: WARNING: Unresponsive child (id 
135813632) for request 193228
Mon Oct 16 14:38:09 2006 : Error: rlm_eap: SSL error 
error:00000000:lib(0):func(0):reason(0)
Mon Oct 16 14:38:09 2006 : Auth: Login OK: [4struluc] (from client 
localhost port 385199 cli 0013.ce16.6432)
Mon Oct 16 14:38:09 2006 : Error:     TLS_accept:error in SSLv3 read 
client certificate A
Mon Oct 16 14:38:09 2006 : Error: rlm_eap: SSL error 
error:00000000:lib(0):func(0):reason(0)
Mon Oct 16 14:38:10 2006 : Error: WARNING: Unresponsive child (id 
137993216) for request 193231
Mon Oct 16 14:38:10 2006 : Error: WARNING: Unresponsive child (id 
137992192) for request 193235
Mon Oct 16 14:38:10 2006 : Error: WARNING: Unresponsive child (id 
137992704) for request 193233
Mon Oct 16 14:38:10 2006 : Auth: Login OK: [anonymous] (from client wds3 
port 385199 cli 0013.ce16.6432)
Mon Oct 16 14:38:11 2006 : Error: WARNING: Unresponsive child (id 
141528064) for request 193237
Mon Oct 16 14:38:11 2006 : Error: rlm_eap: Either EAP-request timed out 
OR EAP-response to an unknown EAP-request
Mon Oct 16 14:38:11 2006 : Auth: Login incorrect: [anonymous] (from 
client wds3 port 385201 cli 0013.0212.0e66)
Mon Oct 16 14:38:11 2006 : Error:     TLS_accept:error in SSLv3 read 
client certificate A
Mon Oct 16 14:38:11 2006 : Error: rlm_eap: SSL error 
error:00000000:lib(0):func(0):reason(0)
Mon Oct 16 14:38:12 2006 : Error: WARNING: Unresponsive child (id 
139014144) for request 193239
Mon Oct 16 14:38:13 2006 : Error: rlm_eap: Either EAP-request timed out 
OR EAP-response to an unknown EAP-request
Mon Oct 16 14:38:13 2006 : Auth: Login incorrect: [anonymous] (from 
client wds3 port 385199 cli 0013.ce16.6432)
Mon Oct 16 14:38:13 2006 : Error: WARNING: Unresponsive child (id 
138217472) for request 193241
Mon Oct 16 14:38:14 2006 : Error: WARNING: Unresponsive child (id 
142135808) for request 193250
Mon Oct 16 14:38:15 2006 : Error: WARNING: Unresponsive child (id 
135814144) for request 193252
Mon Oct 16 14:38:16 2006 : Error:     TLS_accept:error in SSLv3 read 
client certificate A
Mon Oct 16 14:38:16 2006 : Error: rlm_eap: SSL error 
error:00000000:lib(0):func(0):reason(0)
Mon Oct 16 14:38:17 2006 : Error: WARNING: Unresponsive child (id 
138721280) for request 193258
Mon Oct 16 14:38:18 2006 : Info: rlm_radutmp: Login entry for NAS 
eost-ap7 port 4634 duplicate
Mon Oct 16 14:38:19 2006 : Error: Discarding duplicate request from 
client wds4:1645 - ID: 140 due to unfinished request 193328
Mon Oct 16 14:38:19 2006 : Error: WARNING: Unresponsive child (id 
139077632) for request 193262
Mon Oct 16 14:38:20 2006 : Error: rlm_eap: SSL error 
error:00000000:lib(0):func(0):reason(0)
Mon Oct 16 14:38:21 2006 : Error: WARNING: Unresponsive child (id 
138864128) for request 193264
Mon Oct 16 14:38:21 2006 : Error: rlm_radutmp: Login entry for NAS 
sceco-ap10 port 5125 wrong order
Mon Oct 16 14:38:21 2006 : Error:     TLS_accept:error in SSLv3 read 
client certificate A
Mon Oct 16 14:38:22 2006 : Error: rlm_eap: SSL error 
error:00000000:lib(0):func(0):reason(0)

Mon Oct 16 14:38:22 2006 : Error: TLS Alert write:fatal:bad record mac

Mon Oct 16 14:38:22 2006 : Error:     TLS_accept:error in SSLv3 read 
certificate verify A
Mon Oct 16 14:38:22 2006 : Error: rlm_eap: SSL error error:0407106B:rsa 
routines:RSA_padding_check_PKCS1_type_2:block type is not 02
Mon Oct 16 14:38:22 2006 : Error: rlm_eap_tls: SSL_read failed in a 
system call (-1), TLS session fails.
Mon Oct 16 14:38:23 2006 : Error: rlm_eap: SSL error 
error:00000000:lib(0):func(0):reason(0)
Mon Oct 16 14:38:23 2006 : Error: WARNING: Unresponsive child (id 
136606720) for request 193269
Mon Oct 16 14:38:23 2006 : Error: WARNING: Unresponsive child (id 
138504704) for request 193266
Mon Oct 16 14:38:23 2006 : Error: WARNING: Unresponsive child (id 
137850880) for request 193274
Mon Oct 16 14:38:23 2006 : Error: Discarding duplicate request from 
client wds3:1645 - ID: 74 due to unfinished request 193334

Mon Oct 16 14:38:24 2006 : Error: TLS Alert write:fatal:bad record mac

Mon Oct 16 14:38:24 2006 : Error:     TLS_accept:error in SSLv3 read 
certificate verify A
Mon Oct 16 14:38:24 2006 : Error: rlm_eap: SSL error error:1408F455:SSL 
routines:SSL3_GET_RECORD:decryption failed or bad record mac
Mon Oct 16 14:38:24 2006 : Error: rlm_radutmp: Login entry for NAS 
atrium-ap4 port 2330 wrong order
Mon Oct 16 14:38:24 2006 : Error: rlm_eap_tls: SSL_read failed in a 
system call (-1), TLS session fails.
Mon Oct 16 14:38:25 2006 : Error: rlm_radutmp: Login entry for NAS 
sceco-ap10 port 5125 wrong order
Mon Oct 16 14:38:25 2006 : Auth: Login OK: [cwang] (from client 
localhost port 385201 cli 0013.0212.0e66)
Mon Oct 16 14:38:25 2006 : Error: rlm_eap: Either EAP-request timed out 
OR EAP-response to an unknown EAP-request
Mon Oct 16 14:38:25 2006 : Auth: Login incorrect: [anonymous] (from 
client wds6 port 38777 cli 0013.cedc.d1b9)
Mon Oct 16 14:38:25 2006 : Error: rlm_radutmp: Logout for NAS sceco-ap10 
port 5125, but no Login record
Mon Oct 16 14:38:26 2006 : Info: rlm_radutmp: Login entry for NAS 
dpt-info-ap5 port 618 duplicate
Mon Oct 16 14:38:26 2006 : Error: rlm_eap: Either EAP-request timed out 
OR EAP-response to an unknown EAP-request
Mon Oct 16 14:38:26 2006 : Auth: Login incorrect: [anonymous] (from 
client wds3 port 385204 cli 0015.0046.7656)
Mon Oct 16 14:38:26 2006 : Error: rlm_eap: Either EAP-request timed out 
OR EAP-response to an unknown EAP-request
Mon Oct 16 14:38:26 2006 : Auth: Login incorrect: [anonymous] (from 
client wds4 port 226564 cli 0009.5b95.74a3)
Mon Oct 16 14:38:27 2006 : Error: rlm_eap: Either EAP-request timed out 
OR EAP-response to an unknown EAP-request
Mon Oct 16 14:38:27 2006 : Auth: Login incorrect: [anonymous] (from 
client wds4 port 226578 cli 0013.02be.2994)
Mon Oct 16 14:38:27 2006 : Error:     TLS_accept:error in SSLv3 read 
client certificate A

----------------------------------------------------------------------------------------------


The only way to get authentication working is to kill and restart 
Freeradius.


Here's the ldap configuration for freeradius :

ldap  LDAP_OSIRIS {
                server = "ldap://bton.u-strasbg.fr";
                basedn = "ou=personnes,o=osiris"


                filter = 
"(&(uid=%{Stripped-User-Name:-%{User-Name}})(radiusProfileWifi=*))"


                start_tls = no
                profile_attribute = radiusProfileWifi

                dictionary_mapping = ${raddbdir}/ldap.attrmap

                ldap_connections_number = 20

                password_attribute = userPassword

                groupname_attribute = radiusGroupNameWifi


                                groupmembership_filter = 
(uid=%{Stripped-User-Name:-%{User-Name}})


                                timeout = 7
                timelimit = 3
                net_timeout = 1


}


When we get the "Unresponsive child" messages the server doesn't seem to 
be very busy ... strange.


The ldap server is only used by Freeradius ...

Any ideas ?

--
---------------------------
Christophe Saillard
Centre Réseau Communication
Université Louis Pasteur
---------------------------
Tél : 03 90 24 03 17
Fax : 03 90 24 03 12
---------------------------

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html





















					Reply via email to