Failure to reconnect to ldaps server after idle_timeout
Alan DeKok
aland at deployingradius.com
Tue Mar 10 20:47:40 CET 2015
On Mar 10, 2015, at 1:36 PM, Graham Leggett <minfrin at sharp.fm> wrote:
> I have a freeradius v3.0.7 server running in a test setup that uses the rlm_ldap module to verify users and groups against an LDAPS server (ie LDAP with SSL enabled).
>
> With radius -X the server starts up, successfully connects to the LDAPS server, and successfully returns the correct results to requests.
> ...
> TLS: could not shutdown NSS - error -8053:NSS could not shutdown. Objects are still in use..
Ugh. You’re using a version of libldap which was built against NSS. Don’t do that. Switch to one which uses OpenSSL.
The server uses OpenSSL for everything. Mixing OpenSSL and NSS is probably not a good idea.
> With NSS in a broken state, all subsequent reconnection attempts break.
>
> Is this a known issue in v3.0.7?
It’s a known issue with NSS.
Alan DeKok.
More information about the Freeradius-Users
mailing list