Freeradius crash during EAP-TTLS authentication

Thomas Fagart tfagart at brozs.net
Tue Mar 6 10:19:39 CET 2012


Hello,

Since more than a year we're doing EAP-TTLS to authenticate Wimax Users 
on Alcatel and Huawei NASes.

Last week we've migrate Motorola authentication on freeradius. (no more 
radiator :-) ).

But then we've experienced freeradius crash.

Informations :
Software : Freeradius 2.1.12
OS : Freebsd8.0p4 64bits
Users :
Huawei = 500 users -> 0,5 requests per second
Alcatel = 1500 users -> 2 requests per second
Motorola = 8000 users -> 5 requests per second


The crash usually happen when home servers (ISP radius) does not 
respond, then the radius load goes up to 50/60 requests per second and 
after 40/50 minutes the radius crash.


Logs :
Tue Mar  6 00:40:17 2012 : Info: [eap_moto] Request found, released 
from the list
Tue Mar  6 00:40:17 2012 : Info: [eap_moto] EAP/ttls
Tue Mar  6 00:40:17 2012 : Info: [eap_moto] processing type ttls
Tue Mar  6 00:40:17 2012 : Info: [ttls] Authenticate
Tue Mar  6 00:40:17 2012 : Info: [ttls] processing EAP-TLS
Tue Mar  6 00:40:17 2012 : Info: [ttls] eaptls_verify returned 7
Tue Mar  6 00:40:17 2012 : Info: [ttls] Done initial handshake
Tue Mar  6 00:40:17 2012 : Info: [ttls]     (other): before/accept 
initialization
Tue Mar  6 00:40:17 2012 : Info: [ttls]     TLS_accept: before/accept 
initialization
Tue Mar  6 00:40:17 2012 : Info: [ttls] <<< TLS 1.0 Handshake [length 
0053], ClientHello
Tue Mar  6 00:40:17 2012 : Info: [ttls]     TLS_accept: SSLv3 read 
client hello A
Tue Mar  6 00:40:17 2012 : Info: [ttls] >>> TLS 1.0 Handshake [length 
002a], ServerHello
Tue Mar  6 00:40:17 2012 : Info: [ttls]     TLS_accept: SSLv3 write 
server hello A
Tue Mar  6 00:40:17 2012 : Info: [ttls] >>> TLS 1.0 Handshake [length 
0b56], Certificate
Tue Mar  6 00:40:17 2012 : Info: [ttls]     TLS_accept: SSLv3 write 
certificate A
Tue Mar  6 00:40:17 2012 : Info: [ttls] >>> TLS 1.0 Handshake [length 
018d], ServerKeyExchange
Tue Mar  6 00:40:17 2012 : Info: [ttls]     TLS_accept: SSLv3 write key 
exchange A
Tue Mar  6 00:40:17 2012 : Info: [ttls] >>> TLS 1.0 Handshake [length 
0004], ServerHelloDone
Tue Mar  6 00:40:17 2012 : Info: [ttls]     TLS_accept: SSLv3 write 
server done A
Tue Mar  6 00:40:17 2012 : Info: [ttls]     TLS_accept: SSLv3 flush 
data
Tue Mar  6 00:40:17 2012 : Info: [ttls]     TLS_accept: Need to read 
more data: SSLv3 read client certificate A
Tue Mar  6 00:40:17 2012 : Debug: In SSL Handshake Phase
Tue Mar  6 00:40:17 2012 : Debug: In SSL Accept mode  Tbash: [65774: 2 
(255)] tcsetattr: Interrupted system call
Killed: 9

It seems this is more related to SSL issue ?

Could you confirm this idea is correct ?

I can compile the radius in gdb to get more information if this is 
usefull.

Thanks

Thomas







More information about the Freeradius-Users mailing list