Failure to reconnect to ldaps server after idle_timeout

Alan DeKok aland at
Tue Mar 10 20:47:40 CET 2015

On Mar 10, 2015, at 1:36 PM, Graham Leggett <minfrin at> wrote:
> I have a freeradius v3.0.7 server running in a test setup that uses the rlm_ldap module to verify users and groups against an LDAPS server (ie LDAP with SSL enabled).
> With radius -X the server starts up, successfully connects to the LDAPS server, and successfully returns the correct results to requests.
> ...
> TLS: could not shutdown NSS - error -8053:NSS could not shutdown. Objects are still in use..

  Ugh.  You’re using a version of libldap which was built against NSS.  Don’t do that.  Switch to one which uses OpenSSL.

  The server uses OpenSSL for everything.  Mixing OpenSSL and NSS is probably not a good idea.

> With NSS in a broken state, all subsequent reconnection attempts break.
> Is this a known issue in v3.0.7?

  It’s a known issue with NSS.

  Alan DeKok.

More information about the Freeradius-Users mailing list