Unstable FreeRadius

George C. Kaplan gckaplan at ack.berkeley.edu
Wed May 17 20:14:24 CEST 2006

Alan DeKok wrote:
> "George C. Kaplan" <gckaplan at ack.berkeley.edu> wrote:
>>   freeradius 1.1.1, compiled from ports with MIT kerberos support
>>I'll file a bug report once my bugzilla password comes through.  In the
>>meantime, suggestions for more detailed troubleshooting here are welcome.
>   I don't run kerberos myself, so I'm unsure as to how to reproduce
> it.  Could you attach example krb.conf files, and the "krb5{}" section
> from radiusd.conf?

I put some notes on a minimal radius config in bug report #365.  A
bare-bones version of our krb5.conf is attached.  Substitute the FQHN of
your system running a dummy kerberos server ('nc -l 88' works) in the
'kdc' line.  If you've got it set up right, a 'radtest' will time out
after several seconds with a "Cannot contact any KDC..." message in
radius.log.  If you HUP the radiusd before it times out, that should
trigger the lockup.

>   Or, you could use gdb to attach to the running process.  e.g.
> $ radiusd ...
> $ ps -ef | grep radiusd
> $ nice +15 <radiusd-pid>
> <reproduce the problem>
> $ gdb `which radiusd` <radiusd-pid>
> $ thread apply all bt full
> $ cont
>   You may have to do the last two steps a few times to see where the
> server is locked.

OK, I'll try to do this in the next day or so.

George C. Kaplan                            gckaplan at ack.berkeley.edu
Communication & Network Services            510-643-0496
University of California at Berkeley
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: krb5.conf
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060517/c42eb8a3/attachment.ksh>

More information about the Freeradius-Users mailing list