Re: sizelimit on user record?
Alan DeKok wrote: Nils-Henner Krueger [EMAIL PROTECTED] wrote: We're observing segfaults of freeradius 0.9.1 on Solaris 8 immediatly after delivering large user records (that means many reply items per user) to the client. That's bad. Is there any kind of limit on the maximum number of reply items, expressed in bytes or no of items? Nope. Are you using Ascend data filter attributes? There's a patch pending to fix some issues with them. That may help. We are using large amounts of cisco-avpair lines to set user-based acls, resulting in user records with more than 100 lines and more than 6000 bytes. It seems to us that there could be a limit around 4kb, that means radiusd gets killed after sending user records exceeding 4kb, but that's more blind guessing than accurate debugging. radiusd -X only says bus error, nothing usefull. Anybody else whith large user records and similar problems? nhk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sizelimit on user record?
Nils-Henner Krueger [EMAIL PROTECTED] wrote: It seems to us that there could be a limit around 4kb, that means radiusd gets killed after sending user records exceeding 4kb, but that's more blind guessing than accurate debugging. radiusd -X only says bus error, nothing usefull. Ah, yes. I know exactly what the problem is, and how to fix it. I'll commit a fix to he CVS head later today. The problem is that the fix will prevent bus errors, but it still won't do what you want. The RADIUS RFC's define the maximum size of a RADIUS packet as 4k. So if you're trying to send more data than that, it just won't work. I suggest that you look for an alternate way to get those large ACL's to the NAS. RADIUS simply isn't good enoug for what you're trying to do. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sizelimit on user record?
Nils-Henner Krueger [EMAIL PROTECTED] wrote: We're observing segfaults of freeradius 0.9.1 on Solaris 8 immediatly after delivering large user records (that means many reply items per user) to the client. That's bad. Is there any kind of limit on the maximum number of reply items, expressed in bytes or no of items? Nope. Are you using Ascend data filter attributes? There's a patch pending to fix some issues with them. That may help. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html