1 Sep
2010
1 Sep
'10
8:51 a.m.
Alan DeKok <aland@deployingradius.com> hat am 31. August 2010 um 13:18 geschrieben: > Jan Zacharias wrote: > > Call me dump, but I have no idea what to look for. > > Neither do I. It's your system... > > > One idea: is ntlm_auth referred to as child? Maybe I sould > > write a wrapper and see how long execution of this "helper program" > > takes, > > Possibly, yes. │ ├─┬◆ 65437 root sshd: root@pts/4 (sshd) │ │ └─┬◆ 65440 root -bash (bash) │ │ └─┬◆ 76322 freeradius radiusd -s -X -xx -f │ │ └─┬─ 76421 freeradius /bin/sh /usr/local/bin/ntlm_auth_wrapper --request-nt-key --domain=DFKI --username=jan --challenge=xxx --nt-response=xxx So, yes :) The wrapper logged PID and time (real,sys,user) of ntlm_auth To speed up the debugging, I introduced a sleep of varying duration in the ntlm_auth_wrapper. I found that freeradius kills the ntlm stuff if it takes longer than ten seconds to complete. My suggestion is that we introduce a configuration variable ntlm_auth_retries so that freerad kills the process, but then tries again until the retry-count is reached. This would greatly improve reliability in stress/high load/failover scenarios :) What do you think, Alan? Anyone else? Best, Jan > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html