Error logs on freeradius 2.1.8
Andrew Hood
freeradius at andyhood.net
Thu Apr 29 01:08:23 CEST 2010
Alan DeKok wrote:
> Oninz Unix wrote:
>
>> I know some os the thread almost similar to my problem, but let
>>me send some logs from my freeradius logs.
>>
>>Tue Apr 27 17:59:44 2010 : Info: WARNING: Child is hung for request 383.
>>Tue Apr 27 17:59:44 2010 : Info: WARNING: Child is hung for request 382.
>>Tue Apr 27 17:59:45 2010 : Info: WARNING: Child is hung for request 379.
>>Tue Apr 27 17:59:46 2010 : Info: WARNING: Child is hung for request 383.
>>Tue Apr 27 17:59:48 2010 : Info: WARNING: Child is hung for request 377.
>
> ...
>
>>Error: WARNING: Unresponsive child for request 384, in module
>>sql2_redundant component accounting
>
> ...
>
>>I hope you could help me were to start to debug and solve the problem.
>
>
> You have a firewall between the RADIUS server and database. The
> firewall is dropping the RADIUS -> database TCP connections.
>
> I have *no* idea why anyone thinks this is a good idea. The firewall
> (if any) should be configured to allow ANY TCP (RADIUS -> DB : port).
> But many people create rules allowing only "established" TCP
> connections, and then the firewall helpfully loses track of which
> sessions are established.
>
> Stop breaking your network.
Somewhat off topic, but relevant.
This is a generic problem with firewalls, and there appears to be no
solution which the security paranoid will accept. If you think this is
bad, try working with a mob who insist on dropping all ICMP traffic
(including frag required) at some or all firewalls.
Firewalls are normally configured to drop any established connection
from the tables where no traffic is sent for a configurable time. This
is to stop the tables growing uncontrollably.
If you are in this unfortunate position your only solution is to enable
TCP keepalive on all connections, and reduce the TCP keepalive timer to
below the firewall's connection drop timer.
--
REALITY.SYS not found: Universe halted.
More information about the Freeradius-Users
mailing list