Unresponsive Child Crashing Server 1.1.6
Reynolds, Walter
waltr at umich.edu
Fri Sep 28 14:39:16 CEST 2007
I have not seen any answers and strangly enough I did not even find in
the archive so I thought I would resend it. Thanks.
---
Walt Reynolds
Principal Systems Security Development Engineer
Information Technology Central Services
University of Michigan
(734) 615-9438
> -----Original Message-----
> From: Reynolds, Walter
> Sent: Friday, September 21, 2007 10:37 AM
> To: 'freeradius-users at lists.freeradius.org'
> Subject: Unresponsive Child Crashing Server 1.1.6
>
>
> I am having a problem where my Freeradius service is crashing several
> times a day. It will follow an alert in the log with Unresponsive
> Child which I know is usually doe to a slow back end authentication
> method (usually SQL). Well I am using Kerberos as the back end and
> every time I debug the Kerberos server responds very quickly. I have
> no programming or database queries to slow things down. Even stranger
> is that this is a beta server and the load on it is really very light.
>
> Last three days however have lots of problems:
>
> Tue Sep 18 00:37:03 2007 : Error: WARNING: Unresponsive child (id
> 1210108256) for request 487
> Tue Sep 18 07:27:18 2007 : Error: WARNING: Unresponsive child (id
> 1210108256) for request 672
> Tue Sep 18 10:46:27 2007 : Error: WARNING: Unresponsive child (id
> 1189128544) for request 173
> Tue Sep 18 12:07:55 2007 : Error: WARNING: Unresponsive child (id
> 1231087968) for request 127
> Tue Sep 18 12:55:55 2007 : Error: WARNING: Unresponsive child (id
> 1210108256) for request 72
> Tue Sep 18 14:59:33 2007 : Error: WARNING: Unresponsive child (id
> 1220598112) for request 86
> Tue Sep 18 15:53:20 2007 : Error: WARNING: Unresponsive child (id
> 1220598112) for request 102
> Tue Sep 18 17:04:41 2007 : Error: WARNING: Unresponsive child (id
> 1220598112) for request 104
> Tue Sep 18 21:06:26 2007 : Error: WARNING: Unresponsive child (id
> 1189128544) for request 305
> Wed Sep 19 07:51:26 2007 : Error: WARNING: Unresponsive child (id
> 1231087968) for request 502
> Wed Sep 19 12:26:59 2007 : Error: WARNING: Unresponsive child (id
> 1231087968) for request 80
> Wed Sep 19 14:24:48 2007 : Error: WARNING: Unresponsive child (id
> 1101056352) for request 76
> Wed Sep 19 16:31:49 2007 : Error: WARNING: Unresponsive child (id
> 1356966240) for request 282
> Thu Sep 20 12:47:59 2007 : Error: WARNING: Unresponsive child (id
> 1252067680) for request 368
> Thu Sep 20 16:35:10 2007 : Error: WARNING: Unresponsive child (id
> 1252067680) for request 336
> Thu Sep 20 20:55:50 2007 : Error: WARNING: Unresponsive child (id
> 1084229984) for request 256
> Fri Sep 21 01:37:58 2007 : Error: WARNING: Unresponsive child (id
> 1325496672) for request 503
> Fri Sep 21 10:13:03 2007 : Error: WARNING: Unresponsive child (id
> 1398925664) for request 766
>
> Running in debug has not really shown anything as it has not shown
that
> error or crashed, so I am unsure of how to proceed.
>
> Attached is my radiusd.conf:
> =========================
> prefix = /usr/local
> exec_prefix = ${prefix}
> sysconfdir = ${prefix}/etc
> localstatedir = ${prefix}/var
> sbindir = ${exec_prefix}/sbin
> logdir = ${localstatedir}/log/radius
> raddbdir = ${sysconfdir}/raddb
> radacctdir = ${logdir}/radacct
> confdir = ${raddbdir}
> run_dir = ${localstatedir}/run/radiusd
> log_file = ${logdir}/radius.log
> libdir = ${exec_prefix}/lib
> pidfile = ${run_dir}/radiusd.pid
> user = radius ## Determined by sytem administrator
> group = radius ## Determined by sytem administrator
> max_request_time = 3 #changed from default of 30
> delete_blocked_requests = no
> cleanup_delay = 3
> max_requests = 750000 # recommends 256 per client
> listen {
> ipaddr = *
> port = 1812
> type = auth
> }
> listen {
> ipaddr = *
> port = 1813
> type = acct
> }
> listen {
> ipaddr = *
> port = 1645
> type = auth
> }
> listen {
> ipaddr = *
> port = 1646
> type = acct
> }
>
> hostname_lookups = no
> allow_core_dumps = no
> regular_expressions = yes
> extended_expressions = yes
> log_stripped_names = no
> log_auth = yes
> log_auth_badpass = no
> log_auth_goodpass = no
> usercollide = no
> lower_user = no
> lower_pass = no
> nospace_user = no
> nospace_pass = no
> checkrad = ${sbindir}/checkrad
> security {
> max_attributes = 50 #Default of 200 to high
> reject_delay = 0
> status_server = no
> }
> proxy_requests = yes
> $INCLUDE ${confdir}/proxy.conf
> $INCLUDE ${confdir}/clients.conf
> snmp = no
> $INCLUDE ${confdir}/snmp.conf
> thread pool {
> start_servers = 32
> max_servers = 64
> min_spare_servers = 8
> max_spare_servers = 32
> max_requests_per_server = 500
> }
> modules {
> krb5 {
> keytab = /etc/keytab.radius.wallace
> service_principal = host
> }
> pap {
> auto_header = yes
> }
> $INCLUDE ${confdir}/eap.conf
> realm suffix {
> format = suffix
> delimiter = "@"
> ignore_default = no
> ignore_null = no
> }
> preprocess {
> huntgroups = ${confdir}/huntgroups
> hints = ${confdir}/hints
> with_ascend_hack = no
> ascend_channels_per_line = 23
> with_ntdomain_hack = no
> with_specialix_jetstream_hack = no
> with_cisco_vsa_hack = no
> }
> files {
> usersfile = ${confdir}/users
> acctusersfile = ${confdir}/acct_users
> preproxy_usersfile = ${confdir}/preproxy_users
> compat = no
> }
> detail {
> detailfile = ${radacctdir}/detail-%Y%m%d
> detailperm = 0600
> suppress {
> User-Password
> }
> }
>
> acct_unique {
> key = "User-Name, Acct-Session-Id, NAS-IP-Address,
> Client-IP-Address, NAS-Port"
> }
> radutmp {
> filename = ${logdir}/radutmp
> username = %{User-Name}
> case_sensitive = yes
> check_with_nas = no
> perm = 0600
> callerid = "yes"
> }
> attr_filter {
> attrsfile = ${confdir}/attrs
> }
> counter daily {
> filename = ${raddbdir}/db.daily
> key = User-Name
> count-attribute = Acct-Session-Time
> reset = daily
> counter-name = Daily-Session-Time
> check-name = Max-Daily-Session
> allowed-servicetype = Framed-User
> cache-size = 5000
> }
> always fail {
> rcode = fail
> }
> always reject {
> rcode = reject
> }
> always ok {
> rcode = ok
> simulcount = 0
> mpp = no
> }
> expr {
> }
> digest {
> }
> exec {
> wait = yes
> input_pairs = request
> }
> }
> instantiate {
> exec
> expr
> }
> authorize {
> preprocess
> suffix
> eap
> files
> pap
> }
> authenticate {
> Auth-Type Kerberos {
> krb5
> }
> Auth-Type PAP {
> pap
> }
> eap
> }
> preacct {
> preprocess
> acct_unique
> suffix
> files
> }
> accounting {
> detail
> }
> session {
> }
> post-auth {
> }
> pre-proxy {
> }
> post-proxy {
> eap
> }
> =======================
>
> Users file:
>
> DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1
> User-Name = `%{User-Name}`,
> Fall-Through = yes
>
>
> DEFAULT Auth-Type = Kerberos
> Fall-Through = 1
>
> Can anyone give me any help on what to look at or change. Thanks.
> ---
> Walt Reynolds
> Principal Systems Security Development Engineer
> Information Technology Central Services
> University of Michigan
> (734) 615-9438
More information about the Freeradius-Users
mailing list