4.x wont listen/quit when run in '-fxx -lstdout' mode #1694

Open
alanbuxey opened this Issue Aug 28, 2016 · 10 comments

Projects

None yet

2 participants

@alanbuxey
Member

with 4.x code 4.0.0 (git #c5f0397) , if the server is run in

radiusd -X

then the server listens to local auths sent via eapol_test (and to remote auths from remote clients).

when run with

radiusd -fxx -l stdout

the server does not handle/receive/acknowledge RADIUS packets even from local eapol_test
(the server also fails to act on CTRL-C - very much my previous 3.x issue. taking number of
ldap servers down to just 1 doesn't help either (with 3.1.x if I had more than 2 LDAP servers
defined then it wouldn't act on RADIUS packets - same behaviour... and it wouldn't quit)

@arr2036
Member
arr2036 commented Aug 28, 2016

You're going to have to help narrow it down. It works fine with the old code (there's currently two types of radius state machine), for me, with radius -fxx -lstdout.

CTRL-C works ok too.

@alanbuxey
Member

how do i change between the two types of radius state machines?

@alanbuxey
Member
alanbuxey commented Aug 28, 2016 edited

this server is opening up many connections - just grepping the debug for 'connection' I have:

Debug : rlm_ldap (ldap1) - Initialising connection pool
Debug : rlm_ldap (ldap1) - Opening additional connection (0), 1 of 128 pending slots used
Debug : rlm_ldap (ldap1) - Opening additional connection (1), 1 of 127 pending slots used
Debug : rlm_ldap (ldap1) - Opening additional connection (2), 1 of 126 pending slots used
Debug : rlm_ldap (ldap1) - Opening additional connection (3), 1 of 125 pending slots used
...
@arr2036
Member
arr2036 commented Aug 28, 2016 edited

By default it'll use the old state machine.

To switch add namespace = radius to the virtual server, and swap your section names.

i.e.

server default {
        namespace = radius

        listen {
                type = auth
                ipaddr = *
                port = 1812
        }

        recv Access-Request {
                ok
        }

        process Access-Request {
                ok
        }

        send Access-Accept {
                ok
        }

        send Access-Reject {
                ok
        }
}
@arr2036
Member
arr2036 commented Aug 28, 2016

For v4.0.x the number of connections, and number of threads should be equal to the number of cores you have available. We're likely going to set a hard limit on the number of worker threads once all the blocking I/O is removed, to stop people doing silly things.

@arr2036
Member
arr2036 commented Aug 28, 2016

Worth noting that the new state machine is extremely "fresh".

@alanbuxey
Member

PS the "Please change attribute reference to" messages only appear in -Xx (or above) and -fxx modes) - not just in -X mode - so many people in 3.0.x/3.1.x might be missing the hints...

@arr2036
Member
arr2036 commented Aug 28, 2016

Hm ok

@alanbuxey
Member

all server pools have

    start = ${thread[pool].start_servers}
    min = ${thread[pool].min_spare_servers}
    max = ${thread[pool].max_servers}
    spare = ${thread[pool].max_spare_servers}

so are constrained by the options of the main server

start_servers = 64
max_servers = 128
min_spare_servers = 16
max_spare_servers = 16
max_requests_per_server = 0
auto_limit_acct = no

just going through the files to verify new/old things. PS I note

======== ========
Old Name New Name


authorize recv Access-Request
authenticate process
post-auth send Access-Accept

preacct recv Accounting-Request
accounting send Access-Accept

shouldnt that be

accounting send Accounting ACK ? or somesuch..as

post-auth - sends Access-Accept and Access-Reject...

@arr2036
Member
arr2036 commented Aug 28, 2016

Accounting-Response :p

On 28 Aug 2016, at 19:55, Alan Buxey notifications@github.com wrote:

all server pools have

start = ${thread[pool].start_servers}
min = ${thread[pool].min_spare_servers}
max = ${thread[pool].max_servers}
spare = ${thread[pool].max_spare_servers}

so are constrained by the options of the main server

start_servers = 64
max_servers = 128
min_spare_servers = 16
max_spare_servers = 16
max_requests_per_server = 0
auto_limit_acct = no
just going through the files to verify new/old things. PS I note

======== ========
Old Name New Name

authorize recv Access-Request
authenticate process
post-auth send Access-Accept

preacct recv Accounting-Request
accounting send Access-Accept

shouldnt that be

accounting send Accounting ACK ? or somesuch..as

post-auth - sends Access-Accept and Access-Reject...


You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment