On Mar 10, 2015, at 1:36 PM, Graham Leggett <minfrin@sharp.fm> wrote:
I have a freeradius v3.0.7 server running in a test setup that uses the rlm_ldap module to verify users and groups against an LDAPS server (ie LDAP with SSL enabled).
With radius -X the server starts up, successfully connects to the LDAPS server, and successfully returns the correct results to requests. ... TLS: could not shutdown NSS - error -8053:NSS could not shutdown. Objects are still in use..
Ugh. You’re using a version of libldap which was built against NSS. Don’t do that. Switch to one which uses OpenSSL. The server uses OpenSSL for everything. Mixing OpenSSL and NSS is probably not a good idea.
With NSS in a broken state, all subsequent reconnection attempts break.
Is this a known issue in v3.0.7?
It’s a known issue with NSS. Alan DeKok.