On 10/15/2013 09:10 AM, A.L.M.Buxey@lboro.ac.uk wrote:
Hi,
In any case, it's not new in 2.2.1. So I think it's time to release 2.2.2. just got latest 2.x.x HEAD and radiusd dies with this
Tue Oct 15 12:59:45 2013 : Error: ASSERT FAILED rlm_eap.c[369]: request->proxy_reply == NULL
(this was the second time running it..the first time it just went away with no Error msg)
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Earlier messages I posted to the list sound similar: http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg84313.h... and http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg84453.h... But this thread is DEFINITELY what we are experiencing here at Georgia Tech. I was considering moving from using "ntlm_auth" to enabling radius on the AD server and just proxying the auth through radius (getting rid of samba/ntlm_auth altogether) and adding any attributes for my VLAN assignment in the post-auth but other threads on this list indicate there might be an issue with servers that proxy a lot (which has some forward movement to fix soon I believe). With a proxy configuration in test, this appears to work. Unsure if it will improve our issues with load? when we are seeing: Oct 12 06:54:54 newdvlanb radiusd[21299]: WARNING: Child is hung for request 9395584 in component authenticate module peap. Oct 12 06:54:54 newdvlanb radiusd[21299]: WARNING: Child is hung for request 9395597 in component authenticate module peap. Oct 12 06:54:54 newdvlanb radiusd[21299]: WARNING: Child is hung for request 9395607 in component authenticate module peap. Oct 12 06:54:57 newdvlanb radiusd[21299]: WARNING: Child is hung for request 9394889 in component authenticate module peap. Oct 12 06:54:58 newdvlanb radiusd[21299]: WARNING: Unresponsive child for request 9394903, in component authenticate module peap Oct 12 06:54:59 newdvlanb radiusd[21299]: WARNING: Child is hung for request 9394903 in component authenticate module peap. Oct 12 06:55:00 newdvlanb radiusd[21299]: WARNING: Child is hung for request 9394945 in component authenticate module peap. Oct 12 06:56:06 newdvlanb radiusd[21299]: WARNING: Module rlm_eap became unblocked for request 9397816 Periodically through the day. In case others are interested in this approach, I am including the configuration notes from our admins to enable radius services on an AD server. There are examples of proxying within "sites-available" On ad-machine.domain.edu they did the following: added "Network Policy And Access Services" role radius config in the Standard Configuration drop down select "RADIUS server for 802.1X Wireless or Wired Connections" click "Configure 802.1X" Setup "Secure Wireless Connections" added radius client rumble.snacks In the "Configure an Authentication Method" screen, selected "Microsoft Protected EAP (PEAP)" In the "Specify Users Groups" screen, added "domain users In the properties of the newly created network policy unchecked "Enable auto-remediation of client computers" Configured Accounting to Log to a txt file then took the defaults on the remaining screens. I have successfully used that as part of an auth-proxy configuration to bypass the need for ntlm_auth (binary) completely.