[Pkg-freeradius-maintainers] Bug#1089629: Freeradius memory leak after upgrade to Debian 12

ATIC Sistemas Rede atic.sistemas.rede at usc.gal
Wed Jan 8 12:04:22 GMT 2025 

Hi,

We've tested with freeradius 3.2.6 in preproduction enviroment.
We've installed these packages from bookworm-backports target release (*).
In debug mode (freeradius -X) we could see several warnings like this (**).
Authentication EAP-TTLS-PAP seems to work fine.
We could make an effort and test in production next week.
The memory issue manifests after several weeks; we need a guarantee of proper functionality during this time.
The warning seems serious. Could you give us any advice about this?

Thanks

(*)

         ii  freeradius 3.2.6+dfsg-2~bpo12+1           amd64        high-performance and highly configurable RADIUS server
         ii  freeradius-common 3.2.6+dfsg-2~bpo12+1           all          FreeRADIUS common files
         ii  freeradius-config 3.2.6+dfsg-2~bpo12+1           amd64        FreeRADIUS default config files
         ii  freeradius-ldap 3.2.6+dfsg-2~bpo12+1           amd64        LDAP module for FreeRADIUS server
         ii  freeradius-utils 3.2.6+dfsg-2~bpo12+1           amd64        FreeRADIUS client utilities
         ii  libfreeradius3 3.2.6+dfsg-2~bpo12+1           amd64        FreeRADIUS shared library

(**)

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! libldap is using GnuTLS, while FreeRADIUS is using OpenSSL
!! There may be random issues with TLS connections due to this conflict.
!! The server may also crash.
!! See https://wiki.freeradius.org/modules/Rlm_ldap for more information.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


El 6/1/25 a las 15:58, Bernhard Schmidt escribió:
> [No suele recibir correo electrónico de berni at debian.org. Descubra por qué esto es importante en https://aka.ms/LearnAboutSenderIdentification ]
>
> Hi,
>
> >
>> Our RADIUS service primarily provides authentication for a Wi-Fi network
>> that uses the EAP-TTLS-PAP method.
>> Used modules include, among others, eap, ldap, linelog, pap, and sql_log.
>> Over 13K different users are authenticated daily.
>> In Debian 11, freeradius service had stable memory consumption.
>> After performing a dist-upgrade to Debian 12, freeradius consumes memory
>> without limit.
>
> You are the first to report it, but that does not make it wrong.
>
> Could you test with the 3.2.6 upstream version in bookworm-backports as
> well? This is the current upstream version, if it happens there as well
> we might have a change of upstream taking care of it.
>
> Bernhard

-- 
Subdirección de Infraestruturas - Sistemas de rede
Área de Tecnoloxías da Información e Comunicacións

Universidade de Santiago de Compostela
15782 Santiago de Compostela
http://www.usc.es/atic/sistemas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeradius-maintainers/attachments/20250108/b4b42892/attachment.htm>

More information about the Pkg-freeradius-maintainers mailing list