[RADIATOR] Could not bind Server TACACSPLUS socket: Address already in use

Hartmaier Alexander alexander.hartmaier at t-systems.at
Tue Jan 7 07:15:58 CST 2014 

On 2014-01-07 13:43, Heikki Vatiainen wrote:
> On 01/03/2014 01:32 PM, Hartmaier Alexander wrote:
>
>> we had the issue that our Radiator process was running but the TACACS
>> socket on port 49 wasn't listening.
>> It turned out that a restart caused this because either debians
>> start-stop-daemon or the init script doesn't wait until the process is
>> really gone and Radiator is started while the old process still has the
>> socket open.
>> A quick fix is a sleep 1; between stop and start in restart but I find
>> that ugly.
>> Do you have a better suggestion?
> The current version of init.d script uses '--retry 6' option with
> start-stop-daemon. The start-stop-daemon manual says about --retry and
> single option (timeout):
>
>    If timeout is specified instead of schedule, then the schedule
>    signal/timeout/KILL/timeout is used, where signal is  the  signal
>    specified with --signal.
>
> Default --signal is TERM. So the current init.d script should instruct
> start-stop-daemon to go as far as this (it should poll and exit as soon
> as the program exits):
>
>    kill -TERM $pid; sleep 6; kill -KILL $pid; sleep 6
>
> Does your script use --retry option? I'd think --retry should take care
> of the problem.
>
>> Radiator logged 'ERR: Could not bind Server TACACSPLUS socket: Address
>> already in use' to its logfile but still started, I'd suggest that such
>> a fatal startup error results in Radiator dieing with this error message.
>>
>> What do you thing about that change?
> It sounds reasonable. I'll check about patching this.
>
> Thanks,
> Heikki
>
The current script on the affected box is
# $Id: linux-radiator.init,v 1.19 2011/05/18 23:49:34 mikem Exp $
from Radiator 4.9 which doesn't have the --retry option.

On our main radius server its
# $Id: linux-radiator.init,v 1.24 2012/12/11 22:17:43 mikem Exp mikem $
from Radiator 4.11 which has the --retry 6 start-stop-daemon option.

Good to know that it's already fixed.

I'll look into updating Radiator as I really like the 4.12 changes
regarding IPv6 and logging!


*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
Notice: This e-mail contains information that is confidential and may be privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*

More information about the radiator mailing list