LDAP Module stops working after HUP (sometimes)

Matthew Newton mcn4 at leicester.ac.uk
Mon Oct 28 23:19:08 CET 2013


On Mon, Oct 28, 2013 at 10:47:33PM +0100, Rudolph Bott wrote:
> recently we upgraded our FR installation to 2.1.12 (Debian Wheezy
> paket). We are using rlm_ldap in connection with EAP for wireless
> network authentication. However, every morning the logrotate script
> sends a HUP to freeradius after it rotated its log files. Since that
> update, every once in a while the LDAP module fails after that
> reload. It rejects all users with a line like the following:

Sounds similar to the same bug that caused mschap to fail
sometimes after a reload. That is fixed in >2.1.12, but not in the
official Debian package. FreeRADIUS is easy to build new packages
on Debian though; you should be safe with 2.2.0. (Skip 2.2.1, as
2.2.2 will be out soon and should hopefully have the recent bugs
fixed...)

The mschap HUP bug was easy to trip up - just keep sending the
server a HUP until it fails, which in that case wasn't many tries.

The workaround is trivial; update the logrotate script to do a
restart, rather than a reload.

Matthew


-- 
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>


More information about the Freeradius-Users mailing list