Freeradius crash during EAP-TTLS authentication
Mulindwa
meric_l at yahoo.com
Tue Mar 6 10:51:03 CET 2012
Hi Thomas,
How did manage to configure Freeradius with Huawei NAS, its a big challenge to me, have still failed.
Eric M
________________________________
From: Thomas Fagart <tfagart at brozs.net>
To: freeradius-users at lists.freeradius.org
Sent: Tuesday, March 6, 2012 12:19 PM
Subject: Freeradius crash during EAP-TTLS authentication
Hello,
Since more than a year we're doing EAP-TTLS to authenticate Wimax Users on Alcatel and Huawei NASes.
Last week we've migrate Motorola authentication on freeradius. (no more radiator :-) ).
But then we've experienced freeradius crash.
Informations :
Software : Freeradius 2.1.12
OS : Freebsd8.0p4 64bits
Users :
Huawei = 500 users -> 0,5 requests per second
Alcatel = 1500 users -> 2 requests per second
Motorola = 8000 users -> 5 requests per second
The crash usually happen when home servers (ISP radius) does not respond, then the radius load goes up to 50/60 requests per second and after 40/50 minutes the radius crash.
Logs :
Tue Mar 6 00:40:17 2012 : Info: [eap_moto] Request found, released from the list
Tue Mar 6 00:40:17 2012 : Info: [eap_moto] EAP/ttls
Tue Mar 6 00:40:17 2012 : Info: [eap_moto] processing type ttls
Tue Mar 6 00:40:17 2012 : Info: [ttls] Authenticate
Tue Mar 6 00:40:17 2012 : Info: [ttls] processing EAP-TLS
Tue Mar 6 00:40:17 2012 : Info: [ttls] eaptls_verify returned 7
Tue Mar 6 00:40:17 2012 : Info: [ttls] Done initial handshake
Tue Mar 6 00:40:17 2012 : Info: [ttls] (other): before/accept initialization
Tue Mar 6 00:40:17 2012 : Info: [ttls] TLS_accept: before/accept initialization
Tue Mar 6 00:40:17 2012 : Info: [ttls] <<< TLS 1.0 Handshake [length 0053], ClientHello
Tue Mar 6 00:40:17 2012 : Info: [ttls] TLS_accept: SSLv3 read client hello A
Tue Mar 6 00:40:17 2012 : Info: [ttls] >>> TLS 1.0 Handshake [length 002a], ServerHello
Tue Mar 6 00:40:17 2012 : Info: [ttls] TLS_accept: SSLv3 write server hello A
Tue Mar 6 00:40:17 2012 : Info: [ttls] >>> TLS 1.0 Handshake [length 0b56], Certificate
Tue Mar 6 00:40:17 2012 : Info: [ttls] TLS_accept: SSLv3 write certificate A
Tue Mar 6 00:40:17 2012 : Info: [ttls] >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange
Tue Mar 6 00:40:17 2012 : Info: [ttls] TLS_accept: SSLv3 write key exchange A
Tue Mar 6 00:40:17 2012 : Info: [ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
Tue Mar 6 00:40:17 2012 : Info: [ttls] TLS_accept: SSLv3 write server done A
Tue Mar 6 00:40:17 2012 : Info: [ttls] TLS_accept: SSLv3 flush data
Tue Mar 6 00:40:17 2012 : Info: [ttls] TLS_accept: Need to read more data: SSLv3 read client certificate A
Tue Mar 6 00:40:17 2012 : Debug: In SSL Handshake Phase
Tue Mar 6 00:40:17 2012 : Debug: In SSL Accept mode Tbash: [65774: 2 (255)] tcsetattr: Interrupted system call
Killed: 9
It seems this is more related to SSL issue ?
Could you confirm this idea is correct ?
I can compile the radius in gdb to get more information if this is usefull.
Thanks
Thomas
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120306/4970d3bb/attachment-0001.html>
More information about the Freeradius-Users
mailing list