Radius authentication using NMAS causes 100% CPU utilization

  • 3629631
  • 27-Sep-2006
  • 26-Apr-2012


Novell eDirectory 8.7.3 for All Platforms
Novell eDirectory 8.8 for All Platforms
Novell Modular Authentication Service (NMAS) version 3.1.0
Novell Modular Authentication Service (NMAS) version 3.1.1


For certain users using Radius to authenticate to eDirectory, NMAS seems to be taking up utilization on the server causing it to reach 100% CPU utilization.

Users are using graded authentication


There are two situations that will cause this problem:

1. If a user has a sufficient number of authorized clearances assigned (enough that NMAS must make multiple DS calls to read them all), then NMAS will get stuck in an infinite loop.

2. Authorized clearances will be ignored by the server. If NMAS is able to read all of the authorized clearances on the first DS call, then the routine which reads the clearances erroneously reports to the caller that zero clearances were read. The caller then assumes that the user is authorized for all clearances.

This has been fixed in NMAS version 3.1.1, dated August 4, 2006, which is available in the Security Services 2.0.2 patch or greater.