Log says "duplicate requests", CPU maxing out

Chhaya, Harshal hchhaya at ti.com
Tue Mar 10 21:51:39 CET 2009


Alan,
>  Find out which module is blocking the server, and why.

Okay, here is a newbie question: How do I do this?

The embedded network controller is should be able to 
support upto 50 concurrent wireless clients using WPA2-PEAP.


Here is my config:
(One thing that struck me as I was copying the config here 
is that I probably need to disable proxying because the set up
does not proxy any requests)


=========   clients.conf ===============

client localhost {
	ipaddr 	= 127.0.0.1
	secret	= testing123
	require_message_authenticator = no
	nastype 	= other
}

client 192.168.0.232/24 {
	secret		= testing123
	shortname	= test-net
}



=========   radiusd.conf =========   

prefix = /usr
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = /tmp
sbindir = ${exec_prefix}/sbin
logdir = ${localstatedir}
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
name = radiusd

#  Location of config and logfiles.
confdir = ${raddbdir}
run_dir = ${localstatedir}

# Should likely be ${localstatedir}/lib/radiusd
db_dir = ${raddbdir}

libdir = ${exec_prefix}/lib
pidfile = ${run_dir}/${name}.pid
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
listen {
	type = auth
	ipaddr = *
	port = 0
}
listen {
	ipaddr = *
	port = 0
	type = acct
}


hostname_lookups = no

#  Core dumps are a bad thing.  This should only be set to 'yes'
#  if you're debugging a problem with the server.
#
#  allowed values: {no, yes}
#
allow_core_dumps = no

#  Regular expressions
#
#  These items are set at configure time.  If they're set to "yes",
#  then setting them to "no" turns off regular expression support.
#
#  If they're set to "no" at configure time, then setting them to "yes"
#  WILL NOT WORK.  It will give you an error.
#
regular_expressions	= yes
extended_expressions	= yes

#
#  Logging section.  The various "log_*" configuration items
#  will eventually be moved here.
#
log {
	destination = files
	file = ${logdir}/radius.log
	syslog_facility = daemon
	stripped_names = no
	auth = no
	auth_badpass = no
	auth_goodpass = no
}

#  The program to execute to do concurrency checks.
checkrad = ${sbindir}/checkrad


security {
	max_attributes = 200
	reject_delay = 1
	status_server = yes
}

proxy_requests  = yes
$INCLUDE proxy.conf


$INCLUDE clients.conf

thread pool {
	start_servers = 5
	max_servers = 64
	min_spare_servers = 3
	max_spare_servers = 10
	max_requests_per_server = 0
}

modules {
	$INCLUDE ${confdir}/modules/
	$INCLUDE eap.conf
}

instantiate {
	exec
	expr
	expiration
	logintime

}

$INCLUDE policy.conf

$INCLUDE sites-enabled/



=========   eap.conf =========   

	eap {
		default_eap_type = peap
		timer_expire     = 60
		ignore_unknown_eap_types = no
		cisco_accounting_username_bug = no
		max_sessions = 2048

		md5 {
		}

		leap {
		}

		gtc {
			challenge = "Password: "
		}

		tls {
			certdir = ${confdir}/certs
			cadir = ${confdir}/certs

			private_key_password = whatever
			private_key_file = ${certdir}/server.pem

			certificate_file = ${certdir}/server.pem

			CA_file = ${cadir}/ca.pem

			dh_file = ${certdir}/dh
			random_file = ${certdir}/random

			cipher_list = "DEFAULT"

			make_cert_command = "${certdir}/bootstrap"

			cache {
			      enable = no
			      lifetime = 24 # hours
			      max_entries = 255
			}
		}

		ttls {
			default_eap_type = md5
			copy_request_to_tunnel = no
			use_tunneled_reply = no
			virtual_server = "inner-tunnel"
		}

		peap {
			default_eap_type = mschapv2
			copy_request_to_tunnel = no
			use_tunneled_reply = no
			virtual_server = "inner-tunnel"
		}

		mschapv2 {
		}
	}



More information about the Freeradius-Users mailing list