coova / coova-chilli

CoovaChilli is an open-source software access controller for captive portal hotspots.
Other
518 stars 260 forks source link

Rescheduling RADIUS request ... #188

Closed carcabot closed 8 years ago

carcabot commented 8 years ago

Hello,

I'm running same version of coova on 2 same servers (centos 6.7) , but in one of servers I have an error and application cannot start because of that

[root@localhost ~]# chilli --fg --debug
coova-chilli[27405]: (Re)processing options [/var/run/chilli.27405.cfg.bin]
coova-chilli[27406]: running chilli_opt on /var/run/chilli.27405.cfg.bin
coova-chilli[27405]: PID 27405 rereading binary file /var/run/chilli.27405.cfg.bin
coova-chilli[27405]: PID 27405 reloaded binary options file
coova-chilli[27405]: CoovaChilli 1.3.1.3. Copyright 2002-2005 Mondru AB. Licensed under GPL. Copyright 2006-2012 David Bird (Coova Technologies). Licensed under GPL. See http://coova.github.io/ for details.
coova-chilli[27405]: clock realtime sec 1452006921 nsec 776617548
coova-chilli[27405]: clock monotonic sec 7614 nsec 159578105
coova-chilli[27405]: TX queue length set to 100
coova-chilli[27405]: Running /etc/chilli/up.sh
coova-chilli[27405]: Hashlog 8 253 256
coova-chilli[27405]: Net SNDBUF 124928
coova-chilli[27405]: Net RCVBUF 124928
coova-chilli[27405]: device eth0 ifindex 3
coova-chilli[27405]: lo  address family: 17 (AF_PACKET)
coova-chilli[27405]: eth2  address family: 17 (AF_PACKET)
coova-chilli[27405]: eth0  address family: 17 (AF_PACKET)
coova-chilli[27405]: lo  address family: 2 (AF_INET)
coova-chilli[27405]: eth2  address family: 2 (AF_INET)
coova-chilli[27405]: tun0  address family: 2 (AF_INET)
coova-chilli[27405]: lo  address family: 10 (AF_INET6)
coova-chilli[27405]: eth2  address family: 10 (AF_INET6)
coova-chilli[27405]: eth0  address family: 10 (AF_INET6)
coova-chilli[27405]: address: <fe80>
coova-chilli[27405]: hash table size 64 (56)
coova-chilli[27405]: GARP: Replying to broadcast
coova-chilli[27405]: dhcpif (eth0) IPv6 address fe80>
coova-chilli[27405]: RADIUS client 0.0.0.0:0
coova-chilli[27405]: Waiting for client request...
coova-chilli[27405]: net select count: 1
coova-chilli[27405]: net select count: 2
coova-chilli[27405]: net select count: 3
coova-chilli[27405]: net select count: 4
coova-chilli[27405]: net select count: 5
coova-chilli[27405]: net select count: 6
coova-chilli[27405]: net select count: 7
coova-chilli[27405]: net select count: 8
coova-chilli[27405]: caught 17 via selfpipe
coova-chilli[27405]: child 27410 terminated
coova-chilli[27405]: Rescheduling RADIUS request id=0 idx=0
coova-chilli[27405]: Rescheduling RADIUS request id=0 idx=0
coova-chilli[27405]: Rescheduling RADIUS request id=0 idx=0
coova-chilli[27405]: RADIUS queue-out id=0 idx=0

And it stays here .... What can be the problem ? I've checked everything that I could and I still couldn't find the problem.

Thanks.

sevan commented 8 years ago

On the server having issues, are you able to get answers from your RADIUS server using a separate client without using coova? (checking your RADIUS server config)

carcabot commented 8 years ago

I can connect using radtest... as i said, I have 2 servers all with same configuration and both uses same radius server (external).

muratbeser commented 8 years ago

Hi @carcabot Have you checkout your firewall rules, also netstat -ln maybe radius does not listen correct port or it may be have add your nas to radius

also I don't think its coova issue.

carcabot commented 8 years ago

Hello @muratbeser , I've also verified firewall rules, everything is fine.

tcp        0      0 192.168.182.1:4990          0.0.0.0:*                   LISTEN      5701/chilli
tcp        0      0 192.168.182.1:3990          0.0.0.0:*                   LISTEN      5701/chilli
udp        0      0 0.0.0.0:55002               0.0.0.0:*                               5701/chilli

Maybe it's from server... something unidentified it's doing some bad things...

muratbeser commented 8 years ago

Could you run radius server on debug mode, you should see some information about your NAS device (which is coova)

carcabot commented 8 years ago

Here's the request in Radius debug

rad_recv: Accounting-Request packet from host <public ip> port 52148, id=0, length=182
        ChilliSpot-Version = "1.3.1.3"
        ChilliSpot-Attr-10 = 0x00000002
        Event-Timestamp = "Jan  8 2016 16:35:46 EET"
        Acct-Status-Type = Accounting-On
        NAS-Port-Type = Wireless-802.11
        Calling-Station-Id = "00-00-00-00-00-00"
        Called-Station-Id = "90-E2-BA-81-1E-76"
        NAS-IP-Address = 192.168.182.1
        NAS-Identifier = "1"
        WISPr-Location-ID = "isocc=,cc=,ac=,network=network,"
        WISPr-Location-Name = "BUCH"
# Executing section preacct from file /etc/freeradius/sites-enabled/default
+group preacct {
[exec]  expand: %{NAS-Identifier} -> 1
[exec]  expand: %{Calling-Station-Id} -> 00-00-00-00-00-00
[exec]  expand: %{ChilliSpot-Version} -> 1.3.1.3
Exec output: Auth-Type: Reject
Exec plaintext: Auth-Type: Reject
[exec] Exec: program returned: 0
++[exec] = ok
++update control {
        expand: %{reply:Auth-Type} ->
++} # update control = noop
++[preprocess] = ok
[acct_unique] WARNING: Attribute NAS-Port was not found in request, unique ID MAY be inconsistent
[acct_unique] WARNING: Attribute Acct-Session-Id was not found in request, unique ID MAY be inconsistent
[acct_unique] WARNING: Attribute User-Name was not found in request, unique ID MAY be inconsistent
[acct_unique] Hashing ',NAS-Identifier = "1",NAS-IP-Address = 192.168.182.1,,'
[acct_unique] Acct-Unique-Session-ID = "ac7c914e54d7c42a".
++[acct_unique] = ok
+} # group preacct = ok
# Executing section accounting from file /etc/freeradius/sites-enabled/default
+group accounting {
++[exec] = noop
++update control {
        expand: %{reply:Auth-Type} ->
++} # update control = noop
[attr_filter.accounting_response]       expand: %{User-Name} ->
++[attr_filter.accounting_response] = noop
+} # group accounting = noop
Finished request 31.
Cleaning up request 31 ID 0 with timestamp +330
Going to the next request
Ready to process requests.

This request it is similar with the other server. I don't think this problem can be from here because radius server has been unchanged this period.

muratbeser commented 8 years ago

Okey, Which version is this freeradius also there is "Auth-Type:Reject" could you check your section ?

" Rescheduling RADIUS request" only happens with "wrong radiuss address " or with a Reject message.

from this debug they are in communication.

sevan commented 8 years ago

@carcabot any feedback on the question by @muratbeser or can this question be closed?

carcabot commented 8 years ago

This question can be closed, I still have same problem and the only solution found is to re-install OS.

thanks