<html><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:14pt"><div><span>Hi Thomas,</span></div><div><br><span></span></div><div><span>How did manage to configure Freeradius with Huawei NAS, its a big challenge to me, have still failed.<br></span></div><div> </div><div>Eric M<br></div> <div style="font-family: times new roman,new york,times,serif; font-size: 14pt;"> <div style="font-family: times new roman,new york,times,serif; font-size: 12pt;"> <div dir="ltr"> <font face="Arial" size="2"> <hr size="1"> <b><span style="font-weight: bold;">From:</span></b> Thomas Fagart <tfagart@brozs.net><br> <b><span style="font-weight: bold;">To:</span></b> freeradius-users@lists.freeradius.org <br> <b><span style="font-weight: bold;">Sent:</span></b> Tuesday, March 6, 2012 12:19 PM<br> <b><span style="font-weight: bold;">Subject:</span></b> Freeradius crash during EAP-TTLS
authentication<br> </font> </div> <br>
Hello,<br><br>Since more than a year we're doing EAP-TTLS to authenticate Wimax Users on Alcatel and Huawei NASes.<br><br>Last week we've migrate Motorola authentication on freeradius. (no more radiator :-) ).<br><br>But then we've experienced freeradius crash.<br><br>Informations :<br>Software : Freeradius 2.1.12<br>OS : Freebsd8.0p4 64bits<br>Users :<br>Huawei = 500 users -> 0,5 requests per second<br>Alcatel = 1500 users -> 2 requests per second<br>Motorola = 8000 users -> 5 requests per second<br><br><br>The crash usually happen when home servers (ISP radius) does not respond, then the radius load goes up to 50/60 requests per second and after 40/50 minutes the radius crash.<br><br><br>Logs :<br>Tue Mar 6 00:40:17 2012 : Info: [eap_moto] Request found, released from the list<br>Tue Mar 6 00:40:17 2012 : Info: [eap_moto] EAP/ttls<br>Tue Mar 6 00:40:17 2012 : Info: [eap_moto] processing type ttls<br>Tue Mar 6 00:40:17
2012 : Info: [ttls] Authenticate<br>Tue Mar 6 00:40:17 2012 : Info: [ttls] processing EAP-TLS<br>Tue Mar 6 00:40:17 2012 : Info: [ttls] eaptls_verify returned 7<br>Tue Mar 6 00:40:17 2012 : Info: [ttls] Done initial handshake<br>Tue Mar 6 00:40:17 2012 : Info: [ttls] (other): before/accept initialization<br>Tue Mar 6 00:40:17 2012 : Info: [ttls] TLS_accept: before/accept initialization<br>Tue Mar 6 00:40:17 2012 : Info: [ttls] <<< TLS 1.0 Handshake [length 0053], ClientHello<br>Tue Mar 6 00:40:17 2012 : Info: [ttls] TLS_accept: SSLv3 read client hello A<br>Tue Mar 6 00:40:17 2012 : Info: [ttls] >>> TLS 1.0 Handshake [length 002a], ServerHello<br>Tue Mar 6 00:40:17 2012 : Info: [ttls] TLS_accept: SSLv3 write server hello A<br>Tue Mar 6 00:40:17 2012 : Info: [ttls] >>> TLS 1.0 Handshake [length 0b56],
Certificate<br>Tue Mar 6 00:40:17 2012 : Info: [ttls] TLS_accept: SSLv3 write certificate A<br>Tue Mar 6 00:40:17 2012 : Info: [ttls] >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange<br>Tue Mar 6 00:40:17 2012 : Info: [ttls] TLS_accept: SSLv3 write key exchange A<br>Tue Mar 6 00:40:17 2012 : Info: [ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone<br>Tue Mar 6 00:40:17 2012 : Info: [ttls] TLS_accept: SSLv3 write server done A<br>Tue Mar 6 00:40:17 2012 : Info: [ttls] TLS_accept: SSLv3 flush data<br>Tue Mar 6 00:40:17 2012 : Info: [ttls] TLS_accept: Need to read more data: SSLv3 read client certificate A<br>Tue Mar 6 00:40:17 2012 : Debug: In SSL Handshake Phase<br>Tue Mar 6 00:40:17 2012 : Debug: In SSL Accept mode Tbash: [65774: 2 (255)] tcsetattr: Interrupted system call<br>Killed:
9<br><br>It seems this is more related to SSL issue ?<br><br>Could you confirm this idea is correct ?<br><br>I can compile the radius in gdb to get more information if this is usefull.<br><br>Thanks<br><br>Thomas<br><br><br><br><br><br>-<br>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html<br><br><br> </div> </div> </div></body></html>