freeradius memory leak
Alexander Clouter
alex at digriz.org.uk
Fri Jun 10 14:47:32 CEST 2011
Alan DeKok <aland at deployingradius.com> wrote:
>
>> Well, it looks like something in the accounting side of things.
>>
>> /me goes back to pondering
>
> What accounting modules are you using?
>
All the interesting bits included below:
----
server lanwarden {
...
preacct {
preprocess
suffix
}
accounting {
# detail.lanwarden
rewrite.quirk.wlc
rewrite.called_station_id
rewrite.calling_station_id
client-info <--- just policy
update request {
Operator-Name := "1%{config:local.MY.realm}"
}
# Reject Calling-Station-Id-less authentications
if (!(Calling-Station-Id)) {
update reply {
Reply-Message := "No Calling-Station-Id"
}
reject
}
if (!(User-Name)) {
update reply {
Reply-Message := "No User-Name"
}
reject
}
validate_username <--- just policy
# picked up by dot1x.decoupled-accounting
detail.dot1x.acct
attr_filter.eduroam-acct
}
...
}
server eduroam {
...
preacct {
preprocess
suffix
}
accounting {
# detail.eduroam
attr_filter.eduroam-acct
rewrite.called_station_id
rewrite.calling_station_id
# Reject Calling-Station-Id-less authentications
if (!(Calling-Station-Id)) {
update reply {
Reply-Message := "No Calling-Station-Id"
}
reject
}
if (!(User-Name)) {
update reply {
Reply-Message := "No User-Name"
}
reject
}
validate_username
# Reject realm's authentications that are not for us early
if (Realm != "%{config:local.MY.realm}") {
update reply {
Reply-Message := "Not @%{config:local.MY.realm} User-Name"
}
reject
}
# picked up by dot1x.decoupled-accounting
detail.dot1x.acct
}
...
}
# *very* lightly used, I doubt this would be the culprit
server login {
...
preacct {
preprocess
suffix
}
accounting {
# detail.login
attr_filter.soas-acct
if (!(User-Name)) {
update reply {
Reply-Message := "No User-Name"
}
reject
}
if (User-Name !~ /@/) {
update request {
User-Name := "%{User-Name}@%{config:local.MY.realm}"
}
}
# picked up by login.decoupled-accounting
detail.login.acct
}
...
}
server dot1x.decoupled-accounting {
listen {
type = detail
filename = "${radacctdir}/journal/dot1x/detail.acct.*"
load_factor = 10
}
preacct {
preprocess
soas_acct-unique
suffix
}
accounting {
# http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg54994.html
sql.dot1x {
invalid = 2
}
if (invalid) {
ok
}
if (failed) {
# CISCO_ACCOUNTING_HACK fix "stop packet with zero session length. [user 'foobar at example.com', nas '192.0.2.1']"
if (Acct-Status-Type == Stop && (!(Acct-Session-Time) || Acct-Session-Time == 0) && Packet-Transmit-Counter > 5) {
ok
}
}
}
}
server login.decoupled-accounting {
listen {
type = detail
filename = "${radacctdir}/journal/login/detail.acct.*"
load_factor = 10
}
preacct {
preprocess
soas_acct-unique
suffix
}
accounting {
sql.login
}
}
----
detail detail.login.acct {
detailfile = ${radacctdir}/journal/login/detail.acct.%D:%H
detailperm = 0600
header = "%t"
locking = yes
}
detail detail.dot1x.acct {
detailfile = ${radacctdir}/journal/dot1x/detail.acct.%D:%H
detailperm = 0600
header = "%t"
locking = yes
}
----
Let me know if you need anything else.
Cheers
--
Alexander Clouter
.sigmonster says: To be great is to be misunderstood.
-- Ralph Waldo Emerson
More information about the Freeradius-Devel
mailing list