TLS failover behaviour and a backtrace if want it.

Wed Nov 20 14:21:07 CET 2019

That worked fine.

Please say if you need the full pre-crash output, I've chopped it to what I thought was needed.
The crash happens when you get to the "no more servers available", be that the only 1 server in the pool that's down, or 2 that are both down etc.  Hopefully unlikely in production anyway!
Using radsec exclusively for forwarding, just in case it's relevant, no tried with udp/tcp.

By the way, not worth another mail I don't think; I noticed something else tiny in the output that might need sorting, a typo really:

In the warning message about not setting the tls version to 1.2 for radsec, it says :

Please set: min_tls_version = "1.2"

But then I think configuration line seems to be tls_min_version not min_tls_version

listen {
        ..
  tls {
        ..
        tls_max_version = ""
        tls_min_version = "1.0"
..

?

Anyway the crash, hope it's more use this time..

GDB output:

(1) ERROR: Failed to find live home server: Cancelling proxy
(1) WARNING: No home server selected
(1) Clearing existing &reply: attributes
(1) Found Post-Proxy-Type Fail-Authentication

Thread 4 "freeradius" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffea203700 (LWP 22404)]
process_proxy_reply (request=request at entry=0x555555bdc400, reply=reply at entry=0x0) at src/main/process.c:2483
(gdb) bt
#0  process_proxy_reply (request=request at entry=0x555555bdc400, reply=reply at entry=0x0) at src/main/process.c:2483
#1  0x000055555558e61a in request_running (request=0x555555bdc400, action=<optimized out>)
    at src/main/process.c:1648
#2  0x0000555555586a75 in request_handler_thread (arg=0x555555bcd310) at src/main/threads.c:826
#3  0x00007ffff6bde6db in start_thread (arg=0x7fffea203700) at pthread_create.c:463
#4  0x00007ffff644b88f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Kind Regards
Andy

-----Original Message-----
From: Matthew Newton <mcn at freeradius.org>
Sent: 19 November 2019 17:38
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Cc: FRANKS, Andy (SHREWSBURY AND TELFORD HOSPITAL NHS TRUST) <andy.franks1 at nhs.net>
Subject: Re: TLS failover behaviour and a backtrace if want it.

On Tue, 2019-11-19 at 14:44 +0000, FRANKS, Andy (SHREWSBURY AND TELFORD HOSPITAL NHS TRUST) via Freeradius-Users wrote:
>   Still occurs in 3.0.20, so I'll build from source asap (as the
> network radius Ubuntu package binary seems to have no symbols)

Install the freeradius-dbg package?

--
Matthew

********************************************************************************************************************

This message may contain confidential information. If you are not the intended recipient please inform the
sender that you have received the message in error before deleting it.
Please do not disclose, copy or distribute information in this e-mail or take any action in relation to its contents. To do so is strictly prohibited and may be unlawful. Thank you for your co-operation.

NHSmail is the secure email and directory service available for all NHS staff in England and Scotland. NHSmail is approved for exchanging patient data and other sensitive information with NHSmail and other accredited email services.

For more information and to find out how you can switch, https://portal.nhs.net/help/joiningnhsmail