Re: Version 2.0 is a lot closer to reality...
Alan DeKok wrote:
Alan DeKok wrote:
I've just committed massive changes to the server core. The "diff" is
about 3k lines, and doesn't include deleted or added files.
More code changes today:
Multiple requests are proxied to a home server. If the home server is
marked dead while the NAS is retransmitting the packets, the current
code (1.x) keeps sending the retransmissions to the dead home server.
In the CVS head, it now discovers that the home server is dead, and
picks a live one from the appropriate server_pool. When coupled with
the support for checking if a dead home server has come back to life,
the server should be MUCH more robust in the event of home server failure.
i.e. With the current code, many proxied requests can get rejected,
even if there is a home server for the realm that is live. With the new
code, all possible efforts are made to minimize the number of requests
that get rejected.
No other server can do better than this.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
attr_filter: Matched entry jrs at line 74
modcall[pre-proxy]: module "attr_filter.pre-proxy" returns updated for
request 13
radius_xlat: '/usr/local/freeradius/var/log//20070410/pre-proxy-detail'
rlm_detail: /usr/local/freeradius/var/log//%Y%m%d/pre-proxy-detail
expands to /usr/local/freeradius/var/log//20070410/pre-proxy-detail
radius_xlat: 'Tue Apr 10 14:06:34 2007'
modcall[pre-proxy]: module "pre_proxy_log" returns ok for request 13
modcall: group pre-proxy returns updated for request 13
Sending Access-Request of id 122 to 194.83.56.249 port 1812
Service-Type := Authenticate-Only
User-Name = "ac221@brighton.ac.uk"
NAS-IP-Address = 139.184.8.1
Proxy-State = 0x313239
Proxying request 13 to realm jrs, home server 194.83.56.249 port 1812
Sending Access-Request of id 122 to 194.83.56.249 port 1812
Service-Type := Authenticate-Only
User-Name = "ac221@brighton.ac.uk"
NAS-IP-Address = 139.184.8.1
Proxy-State = 0x313239
Going to the next request
Cleaning up request 9 ID 125 with timestamp +60
Cleaning up request 10 ID 126 with timestamp +61
Cleaning up request 11 ID 127 with timestamp +62
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 81.6.252.244 port 3341,
id=129, length=72
Sending duplicate proxied request to home server 194.83.56.249 port 1812
- ID: 122
Sending Access-Request of id 122 to 194.83.56.249 port 1812
Service-Type := Authenticate-Only
User-Name = "ac221@brighton.ac.uk"
NAS-IP-Address = 139.184.8.1
Proxy-State = 0x313239
Waking up in 1 seconds...
Cleaning up request 12 ID 128 with timestamp +63
Waking up in 15 seconds...
rad_recv: Access-Request packet from host 81.6.252.244 port 3341,
id=129, length=72
Sending duplicate proxied request to home server 194.83.56.249 port 1812
- ID: 122
Sending Access-Request of id 122 to 194.83.56.249 port 1812
Service-Type := Authenticate-Only
User-Name = "ac221@brighton.ac.uk"
NAS-IP-Address = 139.184.8.1
Proxy-State = 0x313239
Waking up in 13 seconds...
rad_recv: Access-Request packet from host 81.6.252.244 port 3341,
id=129, length=72
Sending duplicate proxied request to home server 194.83.56.249 port 1812
- ID: 122
Sending Access-Request of id 122 to 194.83.56.249 port 1812
Service-Type := Authenticate-Only
User-Name = "ac221@brighton.ac.uk"
NAS-IP-Address = 139.184.8.1
Proxy-State = 0x313239
Waking up in 10 seconds...
rad_recv: Access-Request packet from host 81.6.252.244 port 3341,
id=129, length=72
FAILURE: Home server 194.83.56.249 port 1812 is dead.
RETRY: Proxying request 13 to different home server 194.82.174.185 port 1812
Sending Access-Request of id 8 to 194.82.174.185 port 1812
Service-Type := Authenticate-Only
User-Name = "ac221@brighton.ac.uk"
NAS-IP-Address = 139.184.8.1
Proxy-State = 0x313239
Waking up in 7 seconds...
rad_recv: Access-Request packet from host 81.6.252.244 port 3341,
id=129, length=72
RETRY: Proxying request 13 to different home server 194.82.174.185 port 1812
Sending Access-Request of id 179 to 194.82.174.185 port 1812
Service-Type := Authenticate-Only
User-Name = "ac221@brighton.ac.uk"
NAS-IP-Address = 139.184.8.1
Proxy-State = 0x313239
Waking up in 4 seconds...
rad_recv: Access-Request packet from host 81.6.252.244 port 3341,
id=129, length=72
radiusd(24731) malloc: *** Deallocation of a pointer not malloced:
0x5d4e80; This could be a double free(), or free() called with the
middle of an allocated block; Try setting environment variable
MallocHelp to see tools to help debug
RETRY: Proxying request 13 to different home server 194.82.174.185 port 1812
Sending Access-Request of id 89 to 194.82.174.185 port 1812
Service-Type := Authenticate-Only
User-Name = "ac221@brighton.ac.uk"
NAS-IP-Address = 139.184.8.1
Proxy-State = 0x313239
Waking up in 1 seconds...
Rejecting request 13 due to lack of any response from home server
194.82.174.185 port 1812
Sending Access-Reject of id 129 to 81.6.252.244 port 3341
Tunnel-Type = VLAN
Tunnel-Medium-Type = IEEE-802
Tunnel-Private-Group-Id = "134"
Service-Type = Framed-User
Waking up in 4 seconds...
Cleaning up request 13 ID 129 with timestamp +65
radiusd(24731) malloc: *** Deallocation of a pointer not malloced:
0x5d4e80; This could be a double free(), or free() called with the
middle of an allocated block; Try setting environment variable
MallocHelp to see tools to help debug
Waking up in 24 seconds...
Didn't do that before :S
---
Arran
This archive was generated by a fusion of
Pipermail (Mailman edition) and
MHonArc.