"Error: rlm_ldap: All ldap connections are in use"

Angus JIANG Jian ajiang at ouhk.edu.hk
Mon Jun 13 17:19:38 CEST 2011 

Hi Phil,

All authentication was stopped at 18:59:36 2011 : Error: TLS Alert write:fatal:bad record mac


Tue Jun  7 18:59:34 2011 : Auth: Login OK: [s9540746] (from client localhost port 0) Tue Jun  7 18:59:35 2011 : Auth: Login OK: [s0182695] (from client localhost port 0)

Tue Jun  7 18:59:35 2011 : Auth: Login OK: [s9540746] (from client AP1840-7 port 0 cli 8C-7B-9D-AC-DE-88) Tue Jun
7 18:59:35 2011 : Auth: Login OK: [s0182695] (from client wlan2_phy port 0 cli 8C-7B-9D-C5-1D-A5)

Tue Jun  7 18:59:36 2011 : Error: TLS Alert write:fatal:bad record mac

Tue Jun  7 18:59:36 2011 : Error: rlm_eap: SSL error error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac

Tue Jun  7 18:59:36 2011 : Error: rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
Tue Jun  7 18:59:36 2011 : Auth: Login incorrect: [s1017761/<no User-Password attribute>] (from client wlan2_phy port 0 cli 8C-7B-9D-9C-29-21)

Tue Jun  7 18:59:36 2011 : Error: TLS Alert write:fatal:bad record mac Tue Jun  7 18:59:36 2011 : Error: rlm_eap: SSL error error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac Tue Jun  7 18:59:36 2011 : Error: rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
Tue Jun  7 18:59:36 2011 : Auth: Login incorrect: [s1001903/<no User-Password attribute>] (from client AP1840-6 port 0 cli 8C-7B-9D-A4-95-AE) Tue Jun  7 18:59:36 2011 : Info: rlm_eap_mschapv2: Issuing Challenge Tue Jun  7 18:59:36 2011 : Info: rlm_eap_mschapv2: Issuing Challenge Tue Jun  7 18:59:36 2011 : Error: TLS Alert write:fatal:bad record mac Tue Jun  7 18:59:36 2011 : Error: rlm_eap: SSL error error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac Tue Jun  7 18:59:36 2011 : Error: rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.


Regards
Angus
ITU Systems
Ext: 6551


-----Original Message-----
From: freeradius-users-bounces+ajiang=ouhk.edu.hk at lists.freeradius.org [mailto:freeradius-users-bounces+ajiang=ouhk.edu.hk at lists.freeradius.org] On Behalf Of Angus JIANG Jian
Sent: Monday, June 13, 2011 10:53 PM
To: FreeRadius users mailing list
Subject: RE: "Error: rlm_ldap: All ldap connections are in use"

Hi,

       Our ldap server is Novell edirectory 8.6 , the radius is taking with edirectory8.6.


Regards
Angus
ITU Systems
Ext: 6551

-----Original Message-----
From: freeradius-users-bounces+ajiang=ouhk.edu.hk at lists.freeradius.org [mailto:freeradius-users-bounces+ajiang=ouhk.edu.hk at lists.freeradius.org] On Behalf Of Phil Mayers
Sent: Monday, June 13, 2011 10:12 PM
To: freeradius-users at lists.freeradius.org
Subject: Re: "Error: rlm_ldap: All ldap connections are in use"

On 13/06/11 14:44, Angus JIANG Jian wrote:
> we found the following error messages in the RADIUS log "Error:
> rlm_ldap: All ldap connections are in use" on redhat workstation 5 OS.
>
> "Error: Discarding duplicate request from client AP1840-4:1031 - ID:
> 72 due to unfinished request 1017" 7:05pm - Tried to restarted the
> RADIUS daemon but the problem still exist 7:08pm - Tried to increase
> the ldap_connection limit from 15 to 50 but got other error message
> "Info: The maximum number of threads (32) are active, cannot spawn
> new thread to handle request" -          Resume the ldap_connection
> limit, the problem still exist

Your LDAP server is taking too long. It's too slow.

Ensure your LDAP database is indexed correctly.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html





<<Email Disclaimer>>
This e-mail and its attachments, if any, are confidential and contain information for an intended recipient. The Open University of Hong Kong (OUHK) disclaims any liability for any loss or damage if this e-mail is received by any person who is not the intended recipient. E-mail transmissions cannot be guaranteed to be completely secure, error or virus free. No responsibility is accepted by the OUHK for any loss or damage arising in any way from receipt or use thereof. Arrangements or statements appearing to bind OUHK are not binding upon OUHK unless made in accordance with OUHK's constitution and duly authorised. OUHK staff are expressly prohibited from breaching applicable law, infringing third party rights, making defamatory statements and committing tortious acts by e-mail communications.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html





<<Email Disclaimer>>
This e-mail and its attachments, if any, are confidential and contain information for an intended recipient. The Open University of Hong Kong (OUHK) disclaims any liability for any loss or damage if this e-mail is received by any person who is not the intended recipient. E-mail transmissions cannot be guaranteed to be completely secure, error or virus free. No responsibility is accepted by the OUHK for any loss or damage arising in any way from receipt or use thereof. Arrangements or statements appearing to bind OUHK are not binding upon OUHK unless made in accordance with OUHK's constitution and duly authorised. OUHK staff are expressly prohibited from breaching applicable law, infringing third party rights, making defamatory statements and committing tortious acts by e-mail communications.

More information about the Freeradius-Users mailing list