FreeRadius crashing

["Brooks, Kyle" <Kyle.Brooks@nrc-cnrc.gc.ca>]

Hello,

 

We have been experiencing a weird crashing problem with FreeRadius 1.1.7 on fedora core 7 and was hoping someone would be able to help.

 

The problem is that FreeRadius will crash several times each day and before each crash this error is displayed.

error: rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request

 

Here is part of the log file

Thu Jun 26 08:12:27 2008 : Auth: Login OK: [BaiE/<no User-Password attribute>] (from client localhost port 0)

Thu Jun 26 08:12:27 2008 : Auth: Login OK: [BaiE/<no User-Password attribute>] (from client 10.0.1.11 port 50405 cli 00-08-74-CB-78-BA)

Thu Jun 26 08:13:22 2008 : Error: rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request

Thu Jun 26 08:13:22 2008 : Auth: Login incorrect: [MooresJ/<no User-Password attribute>] (from client 10.0.1.11 port 50108 cli 00-18-8B-79-91-9B)

 

<restart FreeRadius>

Thu Jun 26 08:18:20 2008 : Info: Using deprecated naslist file.  Support for this will go away soon.

Thu Jun 26 08:18:20 2008 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none?

Thu Jun 26 08:18:20 2008 : Info: rlm_eap_tls: Loading the certificate file as a chain

Thu Jun 26 08:18:20 2008 : Info: WARNING: rlm_eap_tls: Unable to set DH parameters.  DH cipher suites may not work!

Thu Jun 26 08:18:20 2008 : Info: Ready to process requests.

Thu Jun 26 08:18:24 2008 : Error: rlm_ldap: could not set LDAP_OPT_X_TLS_REQUIRE_CERT option to allow

Thu Jun 26 08:18:24 2008 : Info: rlm_eap_mschapv2: Issuing Challenge

Thu Jun 26 08:18:24 2008 : Auth: Login OK: [MooresJ/<no User-Password attribute>] (from client localhost port 0)

Thu Jun 26 08:18:24 2008 : Auth: Login OK: [MooresJ/<no User-Password attribute>] (from client 10.0.1.11 port 50108 cli 00-18-8B-79-91-9B)

 

After this error message the log will show that authentication failed due to incorrect login (when it shouldn’t have) and FreeRadius will then stop processing. Upon restart of the demon, it will then successfully authenticate the same user without crashing. FreeRadius is communicating with Active Directory to authenticate users.

 

Thanks,

Kyle