Freeradius daemon terminates with a SIGTERM

classic Classic list List threaded Threaded
3 messages Options
| Threaded
Open this post in threaded view
|

Freeradius daemon terminates with a SIGTERM

Prajosh
Hi,

We are running freeradius 3.0.19 on RedHat 7.6 and trying to run as a
daemon via 'systemctl start freeradiusd.service'. But executable starts
and it is killed immediately. We have the following entries in the log
/var/log/freeradius/radius.log.

Does anyone know why is it getting a signal to terminate? Any help is
appreciated. Upon checking the process with 'strace' output, it shows
that it is terminated with a SIGTERM signal.


Tue Nov 26 15:33:49 2019 : Info: Debugger not attached
Tue Nov 26 15:33:49 2019 : Info: systemd watchdog interval is 30.00 secs
Tue Nov 26 15:33:49 2019 : Info: rlm_ldap: libldap vendor: OpenLDAP,
version: 20444
Tue Nov 26 15:33:49 2019 : Info: Loaded virtual server <default>
Tue Nov 26 15:33:49 2019 : Warning: Ignoring "sql" (see
raddb/mods-available/README.rst)
Tue Nov 26 15:33:49 2019 : Info: Loaded virtual server default
Tue Nov 26 15:33:49 2019 : Info: Loaded virtual server status
Tue Nov 26 15:33:49 2019 : Info: Ready to process requests
Tue Nov 26 15:33:49 2019 : Info: Signalled to terminate
Tue Nov 26 15:33:49 2019 : Info: Exiting normally


But when the executable is run manually, it runs ok (even though with
warning regarding NSS/OpenSSL libraries) and accepts all authentication
requests. We renamed the binary as freeradiusd from radiusd as per our
naming convention. As per
http://lists.freeradius.org/pipermail/freeradius-users/2018-May/091636.html,
the warnings are due to Redhat switching the library to NSS from OpenSSL
in 7.6. Could the SIGTERM that we receive be because of the warning
messages below?


[root@xxxpoc01.st1 system]# /usr/sbin/freeradiusd
TLSMC: MozNSS compatibility interception begins.
tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM configuration
is present.
tlsmc_intercept_initialization: INFO: successfully intercepted TLS
initialization. Continuing with OpenSSL only.
TLSMC: MozNSS compatibility interception ends.
TLSMC: MozNSS compatibility interception begins.
tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM configuration
is present.
tlsmc_intercept_initialization: INFO: successfully intercepted TLS
initialization. Continuing with OpenSSL only.
TLSMC: MozNSS compatibility interception ends.
TLSMC: MozNSS compatibility interception begins.
tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM configuration
is present.
tlsmc_intercept_initialization: INFO: successfully intercepted TLS
initialization. Continuing with OpenSSL only.
TLSMC: MozNSS compatibility interception ends.
TLSMC: MozNSS compatibility interception begins.
tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM configuration
is present.
tlsmc_intercept_initialization: INFO: successfully intercepted TLS
initialization. Continuing with OpenSSL only.
TLSMC: MozNSS compatibility interception ends.
TLSMC: MozNSS compatibility interception begins.
tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM configuration
is present.
tlsmc_intercept_initialization: INFO: successfully intercepted TLS
initialization. Continuing with OpenSSL only.
TLSMC: MozNSS compatibility interception ends.


The contents of the service file
(/etc/systemd/system/freeradiusd.service) is below:


[Unit]
Description=FreeRADIUS multi-protocol policy server
After=network-online.target
Documentation=man:radiusd(8) man:radiusd.conf(5)
http://wiki.freeradius.org/ http://networkradius.com
/doc/

[Service]
Type=notify
WatchdogSec=60
NotifyAccess=all
PIDFile=/var/run/freeradiusd/freeradius.pid
EnvironmentFile=-/etc/sysconfig/radiusd
Environment=HOSTNAME=%H

MemoryLimit=2G

ExecStartPre=/usr/sbin/freeradiusd $FREERADIUS_OPTIONS -Cx -lstdout
ExecStartPre=/usr/bin/chown radiusd:radiusd /var/run/freeradiusd
ExecStart=-/usr/sbin/freeradiusd $FREERADIUS_OPTIONS
Restart=on-failure
RestartSec=10

[Install]
WantedBy=multi-user.target



Thanks,

Prajosh

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Freeradius daemon terminates with a SIGTERM

L. Rose
What does `systemctl status freeradiusd` or `journalctl -eu freeradiusd` say? Is there any additional systemd output?

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Freeradius daemon terminates with a SIGTERM

Prajosh
Hi Rose,

Thanks for the response. The problem is now fixed. The issue was that a
mistake in the PID file path in /etc/systemd/system/freeradiusd.service

It should have been

PIDFile=/var/run/freeradius/freeradius.pid

whereas I had it as (with an extra 'd')

PIDFile=/var/run/freeradiusd/freeradius.pid

I corrected it and it worked :). Previously it didn't hint anything
about it in the systemctl output. There was no additional output in
systemd output.

Now, the output from 'systemctl status freeradiusd' is:

● freeradiusd.service - FreeRADIUS multi-protocol policy server
    Loaded: loaded (/etc/systemd/system/freeradiusd.service; enabled;
vendor preset: disabled)
    Active: active (running) since Tue 2019-11-26 17:47:16 AEDT; 5min ago
      Docs: man:radiusd(8)
            man:radiusd.conf(5)
            http://wiki.freeradius.org/
            http://networkradius.com/doc/
   Process: 19686 ExecStartPre=/usr/bin/chown radiusd:radiusd
/var/run/freeradiusd (code=exited, status=0/SUCCESS)
   Process: 19683 ExecStartPre=/usr/sbin/freeradiusd $FREERADIUS_OPTIONS
-Cx -lstdout (code=exited, status=0/SUCCESS)
  Main PID: 19692 (freeradiusd)
    Memory: 10.2M (limit: 2.0G)
    CGroup: /system.slice/freeradiusd.service
            └─19692 /usr/sbin/freeradiusd

Nov 26 17:47:16 xxxpoc01.st1.optusnet.com.au freeradiusd[19689]: TLSMC:
MozNSS compatibility interception ends.
Nov 26 17:47:16 xxxpoc01.st1.optusnet.com.au freeradiusd[19689]: TLSMC:
MozNSS compatibility interception begins.
Nov 26 17:47:16 xxxpoc01.st1.optusnet.com.au freeradiusd[19689]:
tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM configuration
is present.
Nov 26 17:47:16 xxxpoc01.st1.optusnet.com.au freeradiusd[19689]:
tlsmc_intercept_initialization: INFO: successfully intercepted TLS
initialization. Continuing with OpenSSL only.
Nov 26 17:47:16 xxxpoc01.st1.optusnet.com.au freeradiusd[19689]: TLSMC:
MozNSS compatibility interception ends.
Nov 26 17:47:16 xxxpoc01.st1.optusnet.com.au freeradiusd[19689]: TLSMC:
MozNSS compatibility interception begins.
Nov 26 17:47:16 xxxpoc01.st1.optusnet.com.au freeradiusd[19689]:
tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM configuration
is present.
Nov 26 17:47:16 xxxpoc01.st1.optusnet.com.au freeradiusd[19689]:
tlsmc_intercept_initialization: INFO: successfully intercepted TLS
initialization. Continuing with OpenSSL only.
Nov 26 17:47:16 xxxpoc01.st1.optusnet.com.au freeradiusd[19689]: TLSMC:
MozNSS compatibility interception ends.
Nov 26 17:47:16 xxxpoc01.st1.optusnet.com.au systemd[1]: Started
FreeRADIUS multi-protocol policy server.


Thanks,

Prajosh

On 26/11/19 4:49 pm, L. Rose wrote:
> journalctl -eu freeradiusd
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html