server crashes with eap/tls after crl update
Hello, this week I updated to freeradius 1.1.6. We use eap/tls with a crl from a Microsoft CA, which is downloaded and converted by a shell script every hour or has to be updated manually. If it changes, I have to reload the server config, right? Since the update the server crashes with a seg fault about a minute after the config reload - but only if the crl changed. For now I changed the reload (SIGHUP) to a complete restart as a work around. Before we used freeradius 1.1.4. --- debug info --- # ./radiusd -X ... --- Walking the entire request list --- Nothing to do. Sleeping until we see a request. Reloading configuration files. reread_config: reading radiusd.conf Config: including file: /opt/freeradius/etc/raddb/proxy.conf Config: including file: /opt/freeradius/etc/raddb/clients.conf Config: including file: /opt/freeradius/etc/raddb/snmp.conf Config: including file: /opt/freeradius/etc/raddb/eap.conf Config: including file: /opt/freeradius/etc/raddb/sql.conf main: prefix = /opt/freeradius main: localstatedir = /opt/freeradius/var main: logdir = /opt/freeradius/var/log/radius main: libdir = /opt/freeradius/lib main: radacctdir = /opt/freeradius/var/log/radius/radacct main: hostname_lookups = no main: snmp = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /opt/freeradius/var/log/radius/radius.log main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = no main: pidfile = /opt/freeradius/var/run/radiusd/radiusd.pid main: user = (null) main: group = (null) main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /opt/freeradius/sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms Thu Apr 19 19:07:23 2007 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none? Thu Apr 19 19:07:23 2007 : Error: radiusd.conf[1683] Auth-Type PAP already configured - skipping Thu Apr 19 19:07:23 2007 : Error: radiusd.conf[1692] Auth-Type CHAP already configured - skipping Thu Apr 19 19:07:23 2007 : Error: radiusd.conf[1698] Auth-Type MS-CHAP already configured - skipping Thu Apr 19 19:07:23 2007 : Info: radiusd.conf Auth-Type System already configured - skipping Thu Apr 19 19:07:23 2007 : Info: rlm_eap_tls: Loading the certificate file as a chain Thu Apr 19 19:07:24 2007 : Info: radiusd.conf Auth-Type eap already configured - skipping Thu Apr 19 19:07:24 2007 : Info: rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked Thu Apr 19 19:07:24 2007 : Info: rlm_sql (sql): Attempting to connect to XXXremovedXXX Thu Apr 19 19:07:24 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #0 Thu Apr 19 19:07:24 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #1 Thu Apr 19 19:07:24 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #2 Thu Apr 19 19:07:24 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #3 Thu Apr 19 19:07:24 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #4 Thu Apr 19 19:07:24 2007 : Info: Ready to process requests. Segmentation fault --- debug info --- Does anyone have the same problem? Thanks! bye Daniel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: server crashes with eap/tls after crl update
On 4/20/07, Fiederling, Daniel [EMAIL PROTECTED] wrote: Hello, this week I updated to freeradius 1.1.6. We use eap/tls with a crl from a Microsoft CA, which is downloaded and converted by a shell script every hour or has to be updated manually. If it changes, I have to reload the server config, right? Since the update the server crashes with a seg fault about a minute after the config reload - but only if the crl changed. For now I changed the reload (SIGHUP) to a complete restart as a work around. Before we used freeradius 1.1.4. my test setup is: freeradius 1.1.6 compiled against openssll 0.9.8e. the system is RedHat EL4 with the latest updates and kernel 2.6.9-22.ELsmp EAP-TLS is implemented and works fine, so does the CRL. My problem is as follows: the HUP works but radiusd segfaults at the first authentication after the HUP. Now I'm in the process of performance and stability testing. if this version shows the same outstanding level of performance shown by the bleeding edge I'll keep it, otherwise I'll consider taking the risk of CVS. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
AW: server crashes with eap/tls after crl update
Hi, it's possible that the radiusd crashes on the next authentication - i only noticed that it runs for a few seconds up to some minutes and then crashes with a seg fault. But I wondering why I don't see any incoming requests when running radiusd -X before the seg fault. That would imply that radiusd crashes before it writes the first debug message. bye Daniel -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von inverse Gesendet: Freitag, 20. April 2007 10:36 An: FreeRadius users mailing list Betreff: Re: server crashes with eap/tls after crl update On 4/20/07, Fiederling, Daniel [EMAIL PROTECTED] wrote: Hello, this week I updated to freeradius 1.1.6. We use eap/tls with a crl from a Microsoft CA, which is downloaded and converted by a shell script every hour or has to be updated manually. If it changes, I have to reload the server config, right? Since the update the server crashes with a seg fault about a minute after the config reload - but only if the crl changed. For now I changed the reload (SIGHUP) to a complete restart as a work around. Before we used freeradius 1.1.4. my test setup is: freeradius 1.1.6 compiled against openssll 0.9.8e. the system is RedHat EL4 with the latest updates and kernel 2.6.9-22.ELsmp EAP-TLS is implemented and works fine, so does the CRL. My problem is as follows: the HUP works but radiusd segfaults at the first authentication after the HUP. Now I'm in the process of performance and stability testing. if this version shows the same outstanding level of performance shown by the bleeding edge I'll keep it, otherwise I'll consider taking the risk of CVS. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: server crashes with eap/tls after crl update
inverse wrote: EAP-TLS is implemented and works fine, so does the CRL. My problem is as follows: the HUP works but radiusd segfaults at the first authentication after the HUP. The server doesn't handle HUP that well. You're *much* better off just killing it and re-starting it. Now I'm in the process of performance and stability testing. if this version shows the same outstanding level of performance shown by the bleeding edge I'll keep it, otherwise I'll consider taking the risk of CVS. The CVS head doesn't handle HUP much better in some cases. I should have fixes in the next few weeks. At that point, I think 2.0 can be released. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html