Unstable FreeRadius
George C. Kaplan
gckaplan at ack.berkeley.edu
Wed May 17 20:14:24 CEST 2006
Alan DeKok wrote:
> "George C. Kaplan" <gckaplan at ack.berkeley.edu> wrote:
>
>> freeradius 1.1.1, compiled from ports with MIT kerberos support
>> FreeBSD 5.5-PRERELEASE
>>
>>I'll file a bug report once my bugzilla password comes through. In the
>>meantime, suggestions for more detailed troubleshooting here are welcome.
>
>
> I don't run kerberos myself, so I'm unsure as to how to reproduce
> it. Could you attach example krb.conf files, and the "krb5{}" section
> from radiusd.conf?
I put some notes on a minimal radius config in bug report #365. A
bare-bones version of our krb5.conf is attached. Substitute the FQHN of
your system running a dummy kerberos server ('nc -l 88' works) in the
'kdc' line. If you've got it set up right, a 'radtest' will time out
after several seconds with a "Cannot contact any KDC..." message in
radius.log. If you HUP the radiusd before it times out, that should
trigger the lockup.
> Or, you could use gdb to attach to the running process. e.g.
>
> $ radiusd ...
> $ ps -ef | grep radiusd
> $ nice +15 <radiusd-pid>
> <reproduce the problem>
> $ gdb `which radiusd` <radiusd-pid>
>
> $ thread apply all bt full
> $ cont
>
> You may have to do the last two steps a few times to see where the
> server is locked.
OK, I'll try to do this in the next day or so.
--
George C. Kaplan gckaplan at ack.berkeley.edu
Communication & Network Services 510-643-0496
University of California at Berkeley
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: krb5.conf
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060517/c42eb8a3/attachment.ksh>
More information about the Freeradius-Users
mailing list