Description of problem: System Hangs System hangs with Apache SSL mod_auth_radius sending authentication information to a radius - mysql server. Hi everyone, I am having a problem with my apache web server hanging and am looking for help. I have check the log files and am finding nothing to indicate the cause of the system hangs. The web server which hangs is Fedora Core 4 The Radius - Mysql server is Redhat EL4 httpd.conf excerpts. LoadModule cgi_module modules/mod_cgi.so LoadModule radius_auth_module /usr/lib/httpd/modules/mod_auth_radius-2.0.so #</IfModule> # End of proxy directives. ###################################################################### # # Add to the BOTTOM of httpd.conf # If we're using mod_auth_radius, then add it's specific # configuration options. # <IfModule mod_auth_radius-2.0.c> # # AddRadiusAuth server[:port] <shared-secret> [ timeout [ : retries ]] # Use localhost, the old RADIUS port, secret 'testing123', # time out after 5 seconds, and retry 3 times. AddRadiusAuth imp-dell-21:1812 password 5:3 # ServerName RadiusPassword in clients.conf file # # AuthRadiusBindAddress <hostname/ip-address> # # Bind client (local) socket to this local IP address. # The server will then see RADIUS client requests will come from # the given IP address. # # By default, the module does not bind to any particular address, # and the operating system chooses the address to use. # # # AddRadiusCookieValid <minutes-for-which-cookie-is-valid> # # the special value of 0 (zero) means the cookie is valid forever. # AddRadiusCookieValid 5 </IfModule> /var/www/html/.htaccess file is unchanged ###################################################################### # # A sample per-directory access-control configuration, to be used # as a '.htacces' file. # # # Use basic password authentication. # AuthType Digest won't work with RADIUS authentication. # AuthType Basic # # Tell the user the realm to which they're authenticating. # This string should be configured for your site. # AuthName "RADIUS authentication for localhost" # # don't use 'mod_auth'. # You might want to disable other authentication types here. # You can get a similar effect by commenting out the # 'AddModule mod_auth_*' lines, previously in httpd.conf # AuthAuthoritative off # # Use mod_auth_radius for all authentication, and make the responses # from it authoritative. # AuthRadiusAuthoritative on # # Make a local variation of AddRadiusCookieValid. The server will choose # the MINIMUM of the two values. # # AuthRadiusCookieValid <minutes-for-which-cookie-is-valid> # AuthRadiusCookieValid 5 # # Set the use of RADIUS authentication at this <Location>" # # Locally set the RADIUS authentication active. # # If there is a directory which you do NOT want to have RADIUS # authentication for, then use a <Directory> directive, and # set "AuthRadiusActive Off" # AuthRadiusActive On # # require that mod_auth_radius return a valid user, otherwise # access is denied. # require valid-user The error logs do not record what the problem is. ausit.log type=SOCKETCALL msg=audit(1139343826.935:1437305): nargs=3 a0=c a1=bf947fbc a2=10 type=SOCKADDR msg=audit(1139343826.935:1437305): saddr=02001FBA000000000000000000000000 type=SYSCALL msg=audit(1139343826.935:1437305): arch=40000003 syscall=102 success=no exit=-13 a0=2 a1=bf9473b0 a2=416998 a3=892bed8 items=0 pid=2198 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 comm="httpd" exe="/usr/sbin/httpd" type=AVC msg=audit(1139343826.935:1437305): avc: denied { name_bind } for pid=2198 comm="httpd" src=8122 scontext=system_u:system_r:httpd_t tcontext=system_u:object_r:port_t tclass=udp_socket type=SOCKETCALL msg=audit(1139343826.935:1437306): nargs=3 a0=c a1=bf947fbc a2=10 type=SOCKADDR msg=audit(1139343826.935:1437306): saddr=02001FBB000000000000000000000000 type=SYSCALL msg=audit(1139343826.935:1437306): arch=40000003 syscall=102 success=no exit=-13 a0=2 a1=bf9473b0 a2=416998 a3=892bed8 items=0 pid=2198 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 comm="httpd" exe="/usr/sbin/httpd" type=AVC msg=audit(1139343826.935:1437306): avc: denied { name_bind } for pid=2198 comm="httpd" src=8123 scontext=system_u:system_r:httpd_t tcontext=system_u:object_r:port_t tclass=udp_socket type=SOCKETCALL msg=audit(1139343826.935:1437307): nargs=3 a0=c a1=bf947fbc a2=10 type=SOCKADDR msg=audit(1139343826.935:1437307): saddr=02001FBC000000000000000000000000 type=SYSCALL msg=audit(1139343826.935:1437307): arch=40000003 syscall=102 success=no exit=-13 a0=2 a1=bf9473b0 a2=416998 a3=892bed8 items=0 pid=2198 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 comm="httpd" exe="/usr/sbin/httpd" type=AVC msg=audit(1139343826.935:1437307): avc: denied { name_bind } for pid=2198 comm="httpd" src=8124 scontext=system_u:system_r:httpd_t tcontext=system_u:object_r:port_t tclass=udp_socket messages log Feb 7 14:22:14 b kernel: audit: backlog limit exceeded Feb 7 14:22:14 b kernel: audit: audit_backlog=257 > audit_backlog_limit=256 Feb 7 14:22:14 b kernel: audit: audit_lost=6450 audit_rate_limit=0 audit_backlog_limit=256 Feb 7 14:22:14 b kernel: audit: backlog limit exceeded Feb 7 14:22:14 b kernel: audit: audit_backlog=257 > audit_backlog_limit=256 Feb 7 14:22:14 b kernel: audit: audit_lost=6451 audit_rate_limit=0 audit_backlog_limit=256 Feb 7 14:22:14 b kernel: audit: backlog limit exceeded Feb 7 14:22:14 b kernel: audit: audit_backlog=257 > audit_backlog_limit=256 Feb 7 14:22:14 b kernel: audit: audit_lost=6452 audit_rate_limit=0 audit_backlog_limit=256 Feb 7 14:22:14 b kernel: audit: backlog limit exceeded Feb 7 14:22:14 b kernel: audit: audit_backlog=257 > audit_backlog_limit=256 Feb 7 14:22:14 b kernel: audit: audit_lost=6453 audit_rate_limit=0 audit_backlog_limit=256 Feb 7 14:22:14 b kernel: audit: backlog limit exceeded Feb 7 14:22:14 b kernel: audit: audit_backlog=257 > audit_backlog_limit=256 Feb 7 14:22:14 b kernel: audit: audit_lost=6454 audit_rate_limit=0 audit_backlog_limit=256 Feb 7 14:22:14 b kernel: audit: backlog limit exceeded Feb 7 14:22:14 b kernel: audit: audit_backlog=257 > audit_backlog_limit=256 Feb 7 14:22:14 b kernel: audit: audit_lost=6455 audit_rate_limit=0 audit_backlog_limit=256 Feb 7 14:22:14 b kernel: audit: backlog limit exceeded Feb 7 14:22:14 b kernel: audit: audit_backlog=257 > audit_backlog_limit=256 Feb 7 14:22:14 b kernel: audit: audit_lost=6456 audit_rate_limit=0 audit_backlog_limit=256 Feb 7 14:22:14 b kernel: audit: backlog limit exceeded Feb 7 14:23:40 b auditd[1746]: Audit daemon rotating log files Feb 7 14:23:44 b auditd[1746]: Audit daemon rotating log files /etc/httpd/logs/error_log threads. [Tue Feb 07 12:32:26 2006] [notice] Apache/2.0.54 (Fedora) configured -- resuming normal operations [Tue Feb 07 12:35:01 2006] [notice] SIGHUP received. Attempting to restart [Tue Feb 07 12:35:01 2006] [notice] Digest: generating secret for digest authentication ... [Tue Feb 07 12:35:01 2006] [notice] Digest: done [Tue Feb 07 12:35:01 2006] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads. [Tue Feb 07 12:35:02 2006] [notice] Apache/2.0.54 (Fedora) configured -- resuming normal operations [Tue Feb 07 12:47:54 2006] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Tue Feb 07 12:47:55 2006] [notice] Digest: generating secret for digest authentication ... [Tue Feb 07 12:47:55 2006] [notice] Digest: done [Tue Feb 07 12:47:55 2006] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads. [Tue Feb 07 12:47:56 2006] [notice] Apache/2.0.54 (Fedora) configured -- resuming normal operations [Tue Feb 07 15:08:15 2006] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Tue Feb 07 15:08:16 2006] [notice] Digest: generating secret for digest authentication ... [Tue Feb 07 15:08:16 2006] [notice] Digest: done [Tue Feb 07 15:08:17 2006] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads. [Tue Feb 07 15:08:18 2006] [notice] Apache/2.0.54 (Fedora) configured -- resuming normal operations /etc/httpd/logs/ssl_error_log [Tue Feb 07 11:49:34 2006] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Tue Feb 07 11:52:29 2006] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Tue Feb 07 12:20:45 2006] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Tue Feb 07 12:20:47 2006] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Tue Feb 07 12:32:26 2006] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Tue Feb 07 12:35:02 2006] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Tue Feb 07 12:47:55 2006] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Tue Feb 07 12:47:56 2006] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Tue Feb 07 15:08:16 2006] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Tue Feb 07 15:08:18 2006] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? Version-Release number of selected component (if applicable): Linux b.gs4.us 2.6.11-1.1369_FC4 #1 Thu Jun 2 22:55:56 EDT 2005 i686 i686 i386 GNU/Linux mod_auth_radius_2.0 Apache How reproducible: every time Steps to Reproduce: 1. reboot the system 2. thing up the web site. 3. Try to login Actual results: the system hangs and has to be rebooted via the pwoer switch. Expected results: I should see the web site. Additional info:
This is likely to be an SELinux policy issue; try setsebool httpd_can_network_connect=1 and if that fixes it run the command again passing the -P flag to make the change permanent.
*** Bug 180409 has been marked as a duplicate of this bug. ***