No cleanup for abandoned EAP requests in radiusd

Alan DeKok aland at deployingradius.com
Mon Jun 28 15:50:44 CEST 2010


Kunal Solanki wrote:
> Thanks for replying Alan,
> I have found the issue in my case, I was using external LDAP with
> radius and if LDAP is down then for the same EAP requests multiple
> authentication sessions were getting created. And as the cleanup of eap
> requests is plugged in processing of a reply message, this makes the
> cleanup happen only when a successful EAP request goes through.

  No... the cleanup *also* happens when a new request comes in.  But it
takes 60s to expire old sessions.  See raddb/eap.conf, "timer_expire".

> I am thinking to put a cleanup in session creation path also which
> cleans very old sessions( double of usual timer limit 20 seconds. So I
> guess this will not impact any ongoing EAP request(not making to go to
> "no state variable" state for EAP request, an early delete of an
> handler).

  No... just change the timer_expire to be less.

  Alan DeKok.



More information about the Freeradius-Devel mailing list