FreeRADIUS keeps crashing, but wifi clients can still connect!?



  • Hello everyone

    I have just realized that my radiusd keeps crashing, which I am using to authenticate my wifi client against. One thing that worries me: Why are my clients still able to connect to the wifi? How is that possible?

    Please let me know if you need any further information. Thanks in advance for your feedback!

    versions:

    freeradius2 2.1.12_1/2.2.0 pkg v1.6.7_2
    latest stable pfsense version running on x86 (2.1-RELEASE)

    general log:

    […]
    Oct 28 18:18:12 kernel: pid 17160 (php), uid 0, was killed: out of swap space
    Oct 28 18:18:12 kernel: pid 14708 (php), uid 0, was killed: out of swap space
    Oct 28 18:18:12 kernel: pid 14815 (php), uid 0, was killed: out of swap space
    Oct 28 18:18:12 kernel: pid 28178 (radiusd), uid 0, was killed: out of swap space
    Oct 28 18:18:12 kernel: swap_pager_getswapspace(2): failed
    Oct 28 18:18:11 kernel: swap_pager: out of swap space
    […]

    ==> i have plenty of swap space left according to the dashboard

    gateways log:

    Sep 18 21:03:01 apinger: SIGHUP received, reloading configuration.
    Sep 18 21:02:47 apinger: Starting Alarm Pinger, apinger(30243)
    Sep 18 20:35:24 apinger: SIGHUP received, reloading configuration.
    Sep 18 20:34:48 apinger: Starting Alarm Pinger, apinger(47774)

    resolver log:

    Oct 28 18:19:09 dnsmasq[49466]: read /etc/hosts - 15 addresses
    Oct 28 18:19:09 dnsmasq[49466]: read /etc/hosts - 15 addresses
    Oct 28 18:19:09 dnsmasq[49466]: ignoring nameserver 127.0.0.1 - local interface
    Oct 28 18:19:09 dnsmasq[49466]: using nameserver 62.2.17.60#53
    Oct 28 18:19:09 dnsmasq[49466]: using nameserver 62.2.24.162#53
    Oct 28 18:19:09 dnsmasq[49466]: using nameserver 62.2.17.61#53
    Oct 28 18:19:09 dnsmasq[49466]: using nameserver 62.2.24.158#53
    Oct 28 18:19:09 dnsmasq[49466]: reading /etc/resolv.conf
    Oct 28 18:18:33 dnsmasq[49466]: read /etc/hosts - 15 addresses
    Oct 28 18:18:30 dnsmasq[49466]: ignoring nameserver 127.0.0.1 - local interface
    Oct 28 18:18:30 dnsmasq[49466]: using nameserver 62.2.17.60#53
    Oct 28 18:18:30 dnsmasq[49466]: using nameserver 62.2.24.162#53
    Oct 28 18:18:30 dnsmasq[49466]: using nameserver 62.2.17.61#53
    Oct 28 18:18:30 dnsmasq[49466]: using nameserver 62.2.24.158#53
    Oct 28 18:18:30 dnsmasq[49466]: reading /etc/resolv.conf
    Oct 28 18:17:01 dnsmasq[49466]: read /etc/hosts - 15 addresses
    Oct 28 18:16:59 dnsmasq[49466]: ignoring nameserver 127.0.0.1 - local interface
    Oct 28 18:16:59 dnsmasq[49466]: using nameserver 62.2.17.60#53
    Oct 28 18:16:59 dnsmasq[49466]: using nameserver 62.2.24.162#53
    Oct 28 18:16:59 dnsmasq[49466]: using nameserver 62.2.17.61#53
    Oct 28 18:16:59 dnsmasq[49466]: using nameserver 62.2.24.158#53
    Oct 28 18:16:59 dnsmasq[49466]: reading /etc/resolv.conf
    Oct 28 18:16:57 dnsmasq[49466]: no servers found in /etc/resolv.conf, will retry
    Oct 27 22:00:31 dnsmasq[49466]: read /etc/hosts - 15 addresses




  • After rebooting the firewall the log shows

    Oct 28 19:51:08 php: rc.bootup: Creating rrd update script
    Oct 28 19:51:06 php: rc.start_packages: The command '/usr/local/etc/rc.d/radiusd.sh stop' returned exit code '1', the output was 'radiusd not running?'
    Oct 28 19:51:03 php: rc.start_packages: The command '/usr/local/etc/rc.d/radiusd.sh stop' returned exit code '1', the output was 'radiusd not running?'
    Oct 28 19:51:00 php: rc.start_packages: The command '/usr/local/etc/rc.d/radiusd.sh stop' returned exit code '1', the output was 'radiusd not running?'
    Oct 28 19:50:56 php: rc.start_packages: The command '/usr/local/etc/rc.d/radiusd.sh stop' returned exit code '1', the output was 'radiusd not running?'
    Oct 28 19:50:52 php: rc.start_packages: The command '/usr/local/etc/rc.d/radiusd.sh stop' returned exit code '1', the output was 'radiusd not running?'
    Oct 28 19:50:51 php: rc.start_packages: The command '/usr/local/etc/rc.d/radiusd.sh stop' returned exit code '1', the output was 'radiusd not running?'
    Oct 28 19:50:49 php: rc.start_packages: The command '/usr/local/etc/rc.d/radiusd.sh stop' returned exit code '1', the output was 'radiusd not running?'
    Oct 28 19:50:48 php: rc.start_packages: The command '/usr/local/etc/rc.d/radiusd.sh stop' returned exit code '1', the output was 'radiusd not running?'
    Oct 28 19:50:41 php: rc.start_packages: Restarting/Starting all packages.

    But this time the radius is running? I just don't get it…  :o Maybe this log entries are not even related to my problem. Calling "/usr/local/etc/rc.d/radiusd.sh {start|stop}" manually via shell works perfectly btw.



  • Hi,

    I don't see anything in you first post which is related to freeradius.

    What you post in your second post is quite normal in general. This happens after reboot because the package needs to configure the different files and restart service. This could happen fast after another and so this "error" will be shown in your log.

    The last output of freeradius should be:
    Ready to process requests.



  • Thanks for replying. I think I was not clear in the way i was asking my question:

    1.)
    Why are my wifi clients still able to connect to my wifi even if the freeradius server is not running anymore (has crashed)?

    Eap.conf is configured to only use EAP-TLS (other options are commented)

    2.)
    Why did it keep crashing? (rebooting seems to have fixed it in the meantime). The log messages in my first post contain all I could see at that moment.

    and 3.) new question:
    Will reinstalling the package overwrite my configuration?



  • @sammy2ooo:

    Thanks for replying. I think I was not clear in the way i was asking my question:

    1.)
    Why are my wifi clients still able to connect to my wifi even if the freeradius server is not running anymore (has crashed)?

    Eap.conf is configured to only use EAP-TLS (other options are commented)

    2.)
    Why did it keep crashing? (rebooting seems to have fixed it in the meantime). The log messages in my first post contain all I could see at that moment.

    and 3.) new question:
    Will reinstalling the package overwrite my configuration?

    1. + 3.:
    If you edited the files manually then these files will be overwritten everytime you do any changes on the GUI. A reboot will do the same. So you need to edit this file to make changes persitent even if you reboot or do changes on GUI:

    /usr/local/pkg/freeradius.inc
    

    Further if a client is authenticated then it doesn't matter if the RADIUS server is still reachable or not. It depends on your wifi hardware what will happen. If you wifi hardware caches the authentication for some time there is no new authentication against freeradius. And if a client is connected and authenticated and does not disconnect it will stay connected even if the RADIUS server is not reachable.

    2.:
    As I said in my previous post. It probably tries to rstart the freeradius service to fast after another because of the many different parts and config files which need a freeradius restart. This doesn't matter if the last output of freeradius is:

    Ready to precess requests
    

Log in to reply