freeradius server module unresponsive

Alan DeKok aland at deployingradius.com
Sat Aug 25 00:05:45 CEST 2018


> On Aug 24, 2018, at 5:05 PM, Timothy A. Holtzen <tah at NebrWesleyan.edu> wrote:
> This morning our freeradius server that is doing authentication for our
> wireless network suddenly started generating the following messages. 
> Our users hare having trouble authenticating to the wireless.  It would
> appear to me that something is stalling and possibly causing
> authentication to time out.

  It's usually the database.

>  Radius is configured to use our LDAP
> (389ds) servers as the back end database.  Initially I thought that the
> radius server was having trouble talking to the LDAP servers but I'm
> able query the LDAP servers from the command line using ldapsearch.  In
> addition we have 4 load balanced servers and from what I can tell it is
> not stalling on the LDAP queries and neither are any of the other
> services that use LDAP.  The log messages seem to suggest that the
> rlm_radutmp module is the one blocking.     I've deleted and the radius
> server has recreated the radutmp file as well as the radwtmp and radacct
> directories.

  If you're not using those files, just comment out the modules.

>  The radius server is supporting about 650 Wireless access
> points serving about 2000-3000 end user devices.  So I though perhaps we
> were simply overloading the server resources.  So I doubled the CPU
> cores and quadrupled the available memory with no change.

  This kind of problem is usually lock contention, or maybe waiting for an external resource.

>  The system
> has been functioning correctly for several months but we are a school
> and the students came back this week so the load would have increased.

  Sounds like lock contention,

> We are running version 3.0.15  under RHEL 7.5. 
> 
> Fri Aug 24 15:07:16 2018 : Error: (20216) Ignoring duplicate packet from
> client wireless-aps port 60569 - ID: 138 due to unfinished request in
> component <core> module <queue>

  The server isn't making progress.  Input packets are stuck in the input queue, and aren't being serviced.

> Fri Aug 24 15:07:17 2018 : WARNING: (19230) WARNING: Module rlm_radutmp
> became unblocked

  Likely because of lock issues.

  If the radutmp file is large, it can cause problems.

  To be honest, you should just comment it out, and not use the module.

  Alan DeKok.




More information about the Freeradius-Users mailing list