(RADIATOR) Random crashes with RadSec
Mike McCauley
mikem at open.com.au
Fri Nov 18 21:48:04 CST 2005
Hello Jan,
On Saturday 19 November 2005 09:16, Mike McCauley wrote:
> Hello Jan,
>
> We have had several reports of this problem in the last few days. We are
> now investigating.
It turned out that this problem was caused by interaction between our code and
IO::Socket::SSL as used by perl-ldap with SSL or TLS enabled.
We have uploaded patches that should fix this problem.
We apologise for any inconvenience.
Cheers.
>
> Cheers.
>
> On Saturday 19 November 2005 01:46, Jan Tomasek wrote:
> > I've found 100% way how to crash institution level radiuses. My setup is
> > this:
> >
> > radsec1.eduroam.cz (czech level radius)
> > / \
> > / \
> > radsec1.cesnet.cz \
> > (institution with realm cesnet.cz) \
> > \
> > semik3.cesnet.cz
> > (institution with realm tomasek.cz)
> >
> >
> > Configurations of boxes radsec1.cesnet.cz and semik3.cesnet.cz are
> > identical so only radsec1.ces is attached and of course radsec1.edu is
> > there too.
> >
> > Scenario is simple.
> >
> > Start all servers. Send request by ordinary radius protocol to czech
> > level radius with realm cesnet.cz and with realm tomasek.cz. Terminate
> > czech level radius (16:33:39). Observe how inistitution level radiuses
> > are trying connect to non runing master.. than start master (16:33:59)
> > and ;) Both crashes :))
> >
> >
> >
> > Fri Nov 18 16:33:39 2005: ERR: Stream sysread failed: . Peer probably
> > disconnected.
> > Fri Nov 18 16:33:39 2005: DEBUG: Stream disconnected from
> > radsec1.eduroam.cz:2083
> > Fri Nov 18 16:33:39 2005: ERR: Stream sysread failed: . Peer probably
> > disconnected.
> > Fri Nov 18 16:33:39 2005: DEBUG: Stream disconnected from
> > 195.113.144.248:35011
> > Fri Nov 18 16:33:39 2005: DEBUG: Stream attempting tcp connection to
> > radsec1.eduroam.cz:2083
> > Fri Nov 18 16:33:39 2005: DEBUG: Stream connection in progress to
> > radsec1.eduroam.cz:2083
> > Fri Nov 18 16:33:39 2005: DEBUG: Stream connection to
> > radsec1.eduroam.cz:2083 failed: Connection refused
> > Fri Nov 18 16:33:39 2005: DEBUG: Stream disconnected from
> > radsec1.eduroam.cz:2083
> > Fri Nov 18 16:33:44 2005: DEBUG: Stream attempting tcp connection to
> > radsec1.eduroam.cz:2083
> > Fri Nov 18 16:33:44 2005: DEBUG: Stream connection in progress to
> > radsec1.eduroam.cz:2083
> > Fri Nov 18 16:33:44 2005: DEBUG: Stream connection to
> > radsec1.eduroam.cz:2083 failed: Connection refused
> > Fri Nov 18 16:33:44 2005: DEBUG: Stream disconnected from
> > radsec1.eduroam.cz:2083
> >
> >
> >
> > Fri Nov 18 16:33:49 2005: DEBUG: Stream attempting tcp connection to
> > radsec1.eduroam.cz:2083
> > Fri Nov 18 16:33:49 2005: DEBUG: Stream connection in progress to
> > radsec1.eduroam.cz:2083
> > Fri Nov 18 16:33:49 2005: DEBUG: Stream connection to
> > radsec1.eduroam.cz:2083 failed: Connection refused
> > Fri Nov 18 16:33:49 2005: DEBUG: Stream disconnected from
> > radsec1.eduroam.cz:2083
> >
> >
> >
> >
> >
> > Fri Nov 18 16:33:54 2005: DEBUG: Stream attempting tcp connection to
> > radsec1.eduroam.cz:2083
> > Fri Nov 18 16:33:54 2005: DEBUG: Stream connection in progress to
> > radsec1.eduroam.cz:2083
> > Fri Nov 18 16:33:54 2005: DEBUG: Stream connected to
> > radsec1.eduroam.cz:2083 Fri Nov 18 16:33:54 2005: DEBUG: TLS sessionInit
> > for radsec1.eduroam.cz Fri Nov 18 16:33:54 2005: DEBUG: TLS SSL_connect
> > result: -1, 2, 4384 Fri Nov 18 16:33:54 2005: DEBUG: TLS Client Started
> > for radsec1.eduroam.cz:2083
> > Undefined subroutine &main::0 called at
> > /usr/share/perl5/Radius/StreamTLS.pm line 480, <DATA> line 283.
> >
> > Still running on same systems as yesterday but with Radiator 3.13 and
> > patch 1.597.
> >
> > I hope this will help you fix that, at this moment it isn't much
> > usable:))
> >
> > Best regards
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list