│ ├─┬◆ 65437 root sshd: root@pts/4 (sshd)
│ │ └─┬◆ 65440 root -bash (bash)
│ │ └─┬◆ 76322 freeradius radiusd -s -X -xx -f
│ │ └─┬─ 76421 freeradius /bin/sh /usr/local/bin/ntlm_auth_wrapper --request-nt-key --domain=DFKI --username=jan --challenge=xxx --nt-response=xxx
So, yes :)
The wrapper logged PID and time (real,sys,user) of ntlm_auth
To speed up the debugging, I introduced a sleep of varying duration in the ntlm_auth_wrapper.
I found that freeradius kills the ntlm stuff if it takes longer than ten seconds to complete.
My suggestion is that we introduce a configuration variable ntlm_auth_retries so that freerad kills the process,
but then tries again until the retry-count is reached. This would greatly improve reliability in stress/high load/failover
scenarios :)
What do you think, Alan? Anyone else?