Problems with Samba

Alan DeKok aland at deployingradius.com
Fri May 28 15:17:32 CEST 2021


On May 28, 2021, at 8:44 AM, Klemen forneci <forneci at gmail.com> wrote:
> I hope someone can shine a light on my problem with Freeradius 3 and
> mschap (running on centos7 with samba/winbind)
> So long story short, I notice that every ~5 minutes there is a problem
> with NTLM_AUTH. Even with testing with radtest -t mscahp at the same
> time, I get:
> ...
> Child PID 5238 is taking too much time: forcing failure and killing child.

  This isn't a FreeeRADIUS issue.

  Something is blocking the script, and it's not FreeRADIUS.  Fix whatever is blocking the script, and it will be fixed.

> I know this may not be a radius issue, beause of the fact that
> in-between the system works as expected and the line: Child PID 5238
> is taking too much time: forcing failure and killing child, but I have
> my hopes up someone can point me in the right direction.

  It could be just about anything.  Some other system crashes, transient network issues, etc.

> On the backend there is a Windows AD, multiple DC (tried setting only
> 1 in samba, same issue), the server is domain joined.
> I have multiple servers with the same issue (in the same environment)

  Look at the Samba logs to see what's going on.  The ntlm_auth program basically just calls Samba.  So if ntlm_auth doesn't return... blame Samba.  And look at Samba to see what's happening.

> What allso puzzles me, are the logs:
> Server 1:
> Fri May 28 14:35:27 2021 : ERROR: (59476) mschap_thor: ERROR: Failed
> to read from child output
> Fri May 28 14:35:31 2021 : ERROR: (59508) mschap_loki: ERROR: Failed
> to read from child output
> Fri May 28 14:35:35 2021 : ERROR: (59534) mschap_loki: ERROR: Failed
> to read from child output
> Fri May 28 14:40:03 2021 : ERROR: (60960) mschap_loki: ERROR: Failed
> to read from child output
> Fri May 28 14:40:08 2021 : ERROR: (60993) mschap_loki: ERROR: Failed
> to read from child output
> Fri May 28 14:40:12 2021 : ERROR: (61017) mschap_loki: ERROR: Failed
> to read from child output
> Fri May 28 14:40:14 2021 : ERROR: (61030) mschap_loki: ERROR: Failed
> to read from child output
> Fri May 28 14:40:15 2021 : ERROR: (61040) mschap_loki: ERROR: Failed
> to read from child output
> 
> Server 2:
> Fri May 28 14:38:29 2021 : ERROR: (4) mschap_thor: ERROR: Failed to
> read from child output
> Fri May 28 14:38:44 2021 : ERROR: (5) mschap_thor: ERROR: Failed to
> read from child output
> 
> It's like a blinker. One works, the other doesnt.

  It's Samba and/or AD and/or some local networking issue.

  Alan DeKok.




More information about the Freeradius-Users mailing list