'Error: [ldap] unable to create filter' after SIGHUP

Albrecht Dreß albrecht.dress at arcor.de
Sun Dec 1 13:54:17 CET 2013 

Hi all,

I run Freeradius on a Debian Wheezy (7.2) x86_64 system:

<snip>
root at srv-vpn:/etc/freeradius# dpkg -l | grep radius
ii  freeradius		2.1.12+dfsg-1.2	amd64	high-performance and highly configurable RADIUS server
ii  freeradius-common	2.1.12+dfsg-1.2	all 	FreeRADIUS common files
ii  freeradius-ldap	2.1.12+dfsg-1.2	amd64	LDAP module for FreeRADIUS server
ii  freeradius-utils	2.1.12+dfsg-1.2	amd64	FreeRADIUS client utilities
ii  libfreeradius2	2.1.12+dfsg-1.2	amd64	FreeRADIUS shared library
</snip>

It is configured using the LDAP backend through mschapv2/peap (for WLan and Strongswan access), plus a "static" user for checking the daemon by Nagios.

*Sometimes*, re-starting the daemon by calling '/etc/init.d/freeradius reload' from logrotate fails:

<snip>
Sun Dec  1 06:24:11 2013 : Auth: Login OK: [nagios/<snipped>] (from client <snipped> port 0)
Sun Dec  1 06:31:10 2013 : Info: Received HUP signal.
Sun Dec  1 06:31:10 2013 : Info: HUP - Re-reading configuration files
--- new log file starts here ---
Sun Dec  1 06:31:11 2013 : Info: HUP - loading modules
Sun Dec  1 06:31:11 2013 : Info:  Module: Reloaded module "detail"
Sun Dec  1 06:31:11 2013 : Info:  Module: Reloaded module "attr_filter.access_reject"
Sun Dec  1 06:31:11 2013 : Info:  Module: Reloaded module "attr_filter.accounting_response"
Sun Dec  1 06:31:11 2013 : Info:  Module: Reloaded module "radutmp"
Sun Dec  1 06:31:11 2013 : Info:  Module: Reloaded module "pap"
Sun Dec  1 06:31:11 2013 : Info:  Module: Reloaded module "files"
Sun Dec  1 06:31:11 2013 : Info:  Module: Reloaded module "mschap"
Sun Dec  1 06:31:11 2013 : Info:  Module: Reloaded module "suffix"
Sun Dec  1 06:31:11 2013 : Info: Loaded virtual server <default>
Sun Dec  1 06:31:11 2013 : Info: Loaded virtual server inner-tunnel
Sun Dec  1 06:34:11 2013 : Error:   [ldap] unable to create filter.
Sun Dec  1 06:34:11 2013 : Auth: Invalid user: [nagios/<snipped>] (from client <snipped> port 0)
</snip>

Note that 'nagios' is the local "static" user, i.e. LDAP is *not* involved here - apparently, the LDAP error seems to block freeradius completely.

Re-starting the daemon again brings the operation back to normal.

Any help for fixing this issue would be highly appreciated!

Thanks in advance,
Albrecht.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20131201/e6c61913/attachment.pgp>

More information about the Freeradius-Users mailing list