Rejected proxy requests not making it to the client

Ti Leggett leggett at mcs.anl.gov
Wed Jul 3 18:19:22 CEST 2013 

Ok. I'll be firing up gdb and adding more logging. Before I did that I added a post_proxy detail log to see what the proxy server saw in that phase and for Access-Rejected packets they never get to the post_proxy section. Not sure if that sheds any more light on this.

Anyway, so I know where to focus my debugging, I want to make sure I understand how a proxied packet makes its way through the system. Is the path:

authorize -> pre_proxy -> post_proxy

That's how it looks from the debug logs. Do the authenticate sections ever get hit? Any other sections I should look into?


On Jul 2, 2013, at 3:33 PM, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:

> 
> On 2 Jul 2013, at 19:28, Ti Leggett <leggett at mcs.anl.gov> wrote:
> 
>> I'm not seeing a spin lock, but I'm running a 2.2.1 branch version that I believe you pointed me at to fix an rlm_krb5 issue I was seeing earlier this year. Is there an update for that branch or should I be moving to some other version/branch?
>> 
>> On Jul 2, 2013, at 1:03 PM, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:
>> 
>>> 
>>> On 2 Jul 2013, at 18:51, Alan DeKok <aland at deployingradius.com> wrote:
>>> 
>>>> Ti Leggett wrote:
>>>>> I'm not sure how the script could be blocking the server after it's already ran and returned the updated packet so the proxying can take place which does happen:
>>>> 
>>>> I don't know.  All I know is that the default configuration doesn't
>>>> have child threads blocking when sending Access-Reject.
>>>> 
>>>> The problem is due to a local change on your system.
>>> 
>>> There was a bug in rlm_perl which caused it to go into an infinite loop processing reply attributes. Check if radiusd is using 100% cpu, if it is, upgrade.
> 
> Then it's not the same issue.
> 
> Break out GDB, set relevant breakpoints, and see where it's hanging, that's all I can suggest.
> 
> Arran Cudbard-Bell <a.cudbardb at freeradius.org>
> FreeRADIUS Development Team
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list