Failed (re-)authentification after some time...

Jan Zacharias janz at dfki.de
Mon Aug 30 18:04:10 CEST 2010 

Hi Alan,




I did more tests (now with two winXP clients and one OSX client),

the problem is still unsolved:


 

Wed Aug 18 18:03:21 2010 : Auth: Login OK: [jan/<via Auth-Type = EAP>] (from
client swba1-00-test port 0 via TLS tunnel)
Wed Aug 18 18:03:21 2010 : Auth: Login OK: [jan/<via Auth-Type = EAP>] (from
client swba1-00-test port 50043 cli 00-08-74-46-34-F7)
Wed Aug 18 18:03:24 2010 : Auth: Login OK: [jan/<via Auth-Type = mschap>] (from
client swba1-00-test port 0 via TLS tunnel)
Wed Aug 18 18:03:24 2010 : Auth: Login OK: [jan/<via Auth-Type = EAP>] (from
client swba1-00-test port 50039 cli 00-16-CB-AA-0F-CB)
Wed Aug 18 18:03:27 2010 : Auth: Login OK: [jan/<via Auth-Type = EAP>] (from
client swba1-00-test port 0 via TLS tunnel)
Wed Aug 18 18:03:27 2010 : Auth: Login OK: [jan/<via Auth-Type = EAP>] (from
client swba1-00-test port 50041 cli 00-1E-37-90-89-D2)
Wed Aug 18 18:03:45 2010 : Error: Child PID 72473 is taking too much time:
forcing failure and killing child.
Wed Aug 18 18:03:45 2010 : Auth: Login incorrect: [jan/<via Auth-Type = EAP>]
(from client swba1-00-test port 0 via TLS tunnel)
Wed Aug 18 18:03:45 2010 : Auth: Login incorrect: [jan/<via Auth-Type = EAP>]
(from client swba1-00-test port 50043 cli 00-08-74-46-34-F7)
Wed Aug 18 18:03:55 2010 : Error: Child PID 72474 is taking too much time:
forcing failure and killing child.
Wed Aug 18 18:03:55 2010 : Auth: Login incorrect: [jan/<via Auth-Type = mschap>]
(from client swba1-00-test port 0 via TLS tunnel)
Wed Aug 18 18:03:55 2010 : Auth: Login incorrect: [jan/<via Auth-Type = EAP>]
(from client swba1-00-test port 50039 cli 00-16-CB-AA-0F-CB)
Wed Aug 18 18:03:55 2010 : Error: rlm_eap: No EAP session matching the State
variable.
Wed Aug 18 18:03:55 2010 : Auth: Login incorrect: [jan/<via Auth-Type = EAP>]
(from client swba1-00-test port 50043 cli 00-08-74-46-34-F7)
Wed Aug 18 18:04:05 2010 : Error: Child PID 72475 is taking too much time:
forcing failure and killing child.
Wed Aug 18 18:04:05 2010 : Auth: Login incorrect: [jan/<via Auth-Type = EAP>]
(from client swba1-00-test port 0 via TLS tunnel)
Wed Aug 18 18:04:05 2010 : Auth: Login incorrect: [jan/<via Auth-Type = EAP>]
(from client swba1-00-test port 50041 cli 00-1E-37-90-89-D2)



 

The strange thing: freeradius is started with the "no childs" option:

 

freeradius 60384  0.0  0.4 11560  9240   4  S    11:57AM   0:49.13
/usr/local/sbin/radiusd -s

 

So why does it complain about childs that take to long?! Btw: The server has a
load of 0.00 and

network IO is only to the ads server. If I block traffic to it, freerad does not
complain about

childs that take to long, so the problem hides elsewhere, I guess.

 

 

Thanks for your help!

 

Best, Jan

 

 

Alan DeKok <aland at deployingradius.com> hat am 17. August 2010 um 09:47
geschrieben:

> Jan Zacharias wrote:
> > Sun Aug 15 10:01:39 2010 : Error: Discarding duplicate request from
> > client swba1-00-test port 1645 - ID: 157 due to unfinished request 125603
>
>   As always, something is blocking the server.
>
> > The entry Sun Aug 15 10:01:39 2010 is interesting as no client was
> > connected to port 1645 at that time
>
>   <shrug>  The server doesn't invent packets.  *Something* sent it a packet.
>
> > My question: can I somehow extend the timeout or do anything else to
> > prevent this from happening?
>
>   Fix is so that nothing is blocking the server.
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100830/f8a1a07a/attachment.html>

More information about the Freeradius-Users mailing list