Re: Problem with Cisco WLC probes in FR 2.2.1

2013-10-06 Thread Bruce Nunn 
Thanks for the heads-up. I will look for this this coming weekend when I get 
2.2.2 in production. 

Jonathan Gazeley  wrote:

>We've recently upgraded our radius servers from 2.1.12 (CentOS 6 
>packaged default) to 2.2.1 (latest stable from FR, built by hand).
>
>A config that used to work under 2.1.12 no longer appears to work the 
>same way under 2.2.1. Our Cisco WLCs send periodic probes in the form of 
>a test authentication. There is a snippet of config that intercepts 
>these authentication requests:
>
># /etc/raddb/conf.d/wism-checks.conf
>if (Service-Type == "NAS-Prompt-User") {
>  if (NAS-IP-Address =~ /^172\.17\.107\./) {
>   if (User-Name =~ /^wisms\-testing/) {
>update control {
> Auth-Type := Accept
>}
>updated
>   }
>   else {
> reject
>   }
>  }
>updated = return
>}
>
>
>This config is included in every virtual server's outer config:
>
># /etc/raddb/sites-enabled/eduroamlocal
>authorize {
>   $INCLUDE conf.d/wism-checks.conf
>}
>
>
>Looking at the output from radiusd -XC the wism-checks.conf file is 
>being included in multiple places, yet when the server is running there 
>is no record of these test probe packets being processed. This means the 
>WLCs think the radius server is dead, and stop using it. I've had to 
>roll back to 2.1.12 to restore stable wireless service for our users.
>
>I can only assume this code block is being skipped over for some reason. 
>At present I'm unable to drop production radius servers into debug mode 
>since they can't handle the load while debugging, and while I do have 
>some development radius servers, our WLCs won't sent it these probe 
>packets unless it is an active production radius server.
>
>Does anyone have any tips for debugging this in a minimally disruptive 
>way? At the moment we don't have any development WLCs but we might have 
>to get some so we can have a separate environment for testing. In the 
>meantime I'm trying to get this code block to work so we can use the 
>newer version of FR.
>
>Thanks, and happy Friday
>Jonathan
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: What does FR 2.2.2 fix?

2013-10-06 Thread Alan DeKok 
a.l.m.bu...@lboro.ac.uk wrote:
> interesting..the culprit may have been found. put HEAD onto server this 
> afternoon...
> the logs had plenty of  messages but look
...
> no 'bad logs' since that restart logged.

  Good.  It's the problem I thought it was, but the earlier fixes
weren't complete

  The odd thing is that code hadn't changed from 2.2.0.  So it looks
like there were two bugs.  One which hid the second one.  When I fixed
the first one, the second one caused this issue.

> clarification/agreement from Stefan or others?

  If everyone's in favor, I'll release 2.2.2 on Monday.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: What does FR 2.2.2 fix?

2013-10-06 Thread A . L . M . Buxey 
Hi,

>   More debug output would help.  The last patch came from output sent by 
> Stefan. The patch seems to help. But there's an underlying issue which is 
> harder to debug.  It looks like a Linux specific IPv6 problem.  I don't see 
> any issue with v4. 

interesting..the culprit may have been found. put HEAD onto server this 
afternoon...
the logs had plenty of  messages but look

Sun Oct  6 15:13:55 2013 : Error: WARNING: Unresponsive child for request 
1821224, in component  module 
Sun Oct  6 15:13:56 2013 : Error: WARNING: Unresponsive child for request 
1821229, in component  module 
Sun Oct  6 15:13:56 2013 : Info: WARNING: Child is hung for request 1821224 in 
component  module .
Sun Oct  6 15:13:57 2013 : Info: WARNING: Child is hung for request 1821229 in 
component  module .
Sun Oct  6 15:13:58 2013 : Info: WARNING: Child is hung for request 1821224 in 
component  module .
Sun Oct  6 15:13:58 2013 : Info: WARNING: Child is hung for request 1821229 in 
component  module .
Sun Oct  6 15:14:00 2013 : Info: WARNING: Child is hung for request 1821224 in 
component  module .
Sun Oct  6 15:14:00 2013 : Info: WARNING: Child is hung for request 1821229 in 
component  module .
Sun Oct  6 15:14:03 2013 : Info: WARNING: Child is hung for request 1820598 in 
component  module .
Sun Oct  6 15:14:04 2013 : Info: WARNING: Child is hung for request 1821224 in 
component  module .
Sun Oct  6 15:14:04 2013 : Info: WARNING: Child is hung for request 1821229 in 
component  module .
Sun Oct  6 15:14:09 2013 : Info: WARNING: Child is hung for request 1821224 in 
component  module .
Sun Oct  6 15:14:09 2013 : Info: WARNING: Child is hung for request 1821229 in 
component  module .

Sun Oct  6 15:14:18 2013 : Info: Ready to process requests.

no 'bad logs' since that restart logged.

clarification/agreement from Stefan or others?

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html