[RADIATOR] Random AuthBy LDAP2 "Undefined subroutine &main::" connect failures

Kevin Schmidt kps at ucsb.edu
Mon Aug 27 11:47:55 CDT 2012


Hi Heikki,

On 08/26/2012 02:40 AM, Heikki Vatiainen wrote:
> On 08/25/2012 02:34 AM, Kevin Schmidt wrote:
>
>> I've been using Radiator in support of a variety of services for years,
>> but I just ran into a really strange bug.  If someone has an idea of
>> what's happening, or a particularly good debugging technique to find the
>> root cause, I'm all ears.
>
> There was one similar case recently. The problem occurred when radiusd
> was sent HUP after configuration change.

Good to know, though I'm not aware of any reason HUPs would be sent to 
this process at the time of the failures.  No relevant cron jobs, no 
reconfig.  The timing is random, though radiator has to be processing an 
access-request to hit this section of code.

>> Briefly stated, at some apparently-random point the radius server
>> attempts to reconnect to the back-end ldap server, but the connection
>> fails with "Undefined subroutine &main:: called at
>> /usr/share/perl5/IO/Socket/SSL.pm line 391."
>
> Yes, this was the same line where the problem occurred previously. We
> got the same backtrace.
>
> This line in IO::Socket::SSL 1.53 as shipped with Ubuntu 12.04 tries to
> call Net::SSLeay::connect() but fails. During debugging IO::Socket::SSL
> was updated to the latest version, but the problem persisted. I think
> the solution was to use restart instead of HUP after reconfiguration.
>
> The problem was seen on RedHat 6.2 with locally compiled Perl 5.14.2.
> When I tried to reproduce the problem I could not do it successfully. I
> also tried Ubuntu 12.04 but that did not help.
>
> Do you see the problem when radiusd is HUPed or does it happen when
> there's a need to reconnect to LDAP server for some other reason?

We are using the IO::Socket::SSL 1.53 default version with Ubuntu 12.04. 
  The failure is happening on reconnect to the LDAP server.

> Also, one idea we discussed here is to try upgrading Net::SSLeay. Can
> you try compiling Net::SSLeay locally and try the latest version?
>
> It does not look like a Radiator problem and with IO::Socket:SSL the
> problem was seen always when Net::SSLeay::connect() was called. It would
> be a good idea to see if upgrading Net::SSLeay helps.

I'll look into installing the latest Net::SSLeay and report back the 
results.  The default installed version is 1.42, latest is 1.48.

Cheers,

Kevin

-- 
Kevin Schmidt
Office of Information Technology
University of California, Santa Barbara
North Hall 2124
Santa Barbara, CA 93106-3201
805-893-7779
kps at ucsb.edu


More information about the radiator mailing list