ippool problem

Marcin Jessa lists at yazzy.org
Fri Jul 15 13:15:04 CEST 2005


Hi.

Is /usr/local/var/log/radius/radutmp existing and is rw for radius  ?

Cheers,
Marcin.

On Fri, 15 Jul 2005 12:04:55 +0200
abernabe at mutua-mad.es wrote:

> radius -X  doesn´t show any error or warning until the end (Segmentation 
> fault). You can see the result of my last execution:
> 
> Starting - reading configuration files ...
> reread_config:  reading radiusd.conf
> Config:   including file: /usr/local/etc/raddb/proxy.conf
> Config:   including file: /usr/local/etc/raddb/clients.conf
> Config:   including file: /usr/local/etc/raddb/snmp.conf
> Config:   including file: /usr/local/etc/raddb/eap.conf
> Config:   including file: /usr/local/etc/raddb/sql.conf
>  main: prefix = "/usr/local"
>  main: localstatedir = "/usr/local/var"
>  main: logdir = "/usr/local/var/log/radius"
>  main: libdir = "/usr/local/lib"
>  main: radacctdir = "/usr/local/var/log/radius/radacct"
>  main: hostname_lookups = no
>  main: max_request_time = 30
>  main: cleanup_delay = 5
>  main: max_requests = 1024
>  main: delete_blocked_requests = 0
>  main: port = 1645
>  main: allow_core_dumps = no
>  main: log_stripped_names = no
>  main: log_file = "/usr/local/var/log/radius/radius.log"
>  main: log_auth = no
>  main: log_auth_badpass = no
>  main: log_auth_goodpass = no
>  main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
>  main: user = "(null)"
>  main: group = "(null)"
>  main: usercollide = no
>  main: lower_user = "no"
>  main: lower_pass = "no"
>  main: nospace_user = "no"
>  main: nospace_pass = "no"
>  main: checkrad = "/usr/local/sbin/checkrad"
>  main: proxy_requests = yes
>  proxy: retry_delay = 5
>  proxy: retry_count = 3
>  proxy: synchronous = no
>  proxy: default_fallback = yes
>  proxy: dead_time = 120
>  proxy: post_proxy_authorize = yes
>  proxy: wake_all_if_all_dead = no
>  security: max_attributes = 200
>  security: reject_delay = 1
>  security: status_server = no
>  main: debug_level = 0
> read_config_files:  reading dictionary
> read_config_files:  reading naslist
> Using deprecated naslist file.  Support for this will go away soon.
> read_config_files:  reading clients
> read_config_files:  reading realms
> radiusd:  entering modules setup
> Module: Library search path is /usr/local/lib
> Module: Loaded exec
>  exec: wait = yes
>  exec: program = "(null)"
>  exec: input_pairs = "request"
>  exec: output_pairs = "(null)"
>  exec: packet_type = "(null)"
> rlm_exec: Wait=yes but no output defined. Did you mean output=none?
> Module: Instantiated exec (exec)
> Module: Loaded expr
> Module: Instantiated expr (expr)
> Module: Loaded PAP
>  pap: encryption_scheme = "crypt"
> Module: Instantiated pap (pap)
> Module: Loaded CHAP
> Module: Instantiated chap (chap)
> Module: Loaded MS-CHAP
>  mschap: use_mppe = yes
>  mschap: require_encryption = no
>  mschap: require_strong = no
>  mschap: with_ntdomain_hack = no
>  mschap: passwd = "(null)"
>  mschap: authtype = "MS-CHAP"
>  mschap: ntlm_auth = "(null)"
> Module: Instantiated mschap (mschap)
> Module: Loaded System
>  unix: cache = no
>  unix: passwd = "(null)"
>  unix: shadow = "(null)"
>  unix: group = "(null)"
>  unix: radwtmp = "/usr/local/var/log/radius/radwtmp"
>  unix: usegroup = no
>  unix: cache_reload = 600
> Module: Instantiated unix (unix)
> Module: Loaded eap
>  eap: default_eap_type = "md5"
>  eap: timer_expire = 60
>  eap: ignore_unknown_eap_types = no
>  eap: cisco_accounting_username_bug = no
> rlm_eap: Loaded and initialized type md5
> rlm_eap: Loaded and initialized type leap
>  gtc: challenge = "Password: "
>  gtc: auth_type = "PAP"
> rlm_eap: Loaded and initialized type gtc
>  mschapv2: with_ntdomain_hack = no
> rlm_eap: Loaded and initialized type mschapv2
> Module: Instantiated eap (eap)
> Module: Loaded preprocess
>  preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
>  preprocess: hints = "/usr/local/etc/raddb/hints"
>  preprocess: with_ascend_hack = no
>  preprocess: ascend_channels_per_line = 23
>  preprocess: with_ntdomain_hack = no
>  preprocess: with_specialix_jetstream_hack = no
>  preprocess: with_cisco_vsa_hack = no
> Module: Instantiated preprocess (preprocess)
> Module: Loaded realm
>  realm: format = "suffix"
>  realm: delimiter = "@"
>  realm: ignore_default = no
>  realm: ignore_null = no
> Module: Instantiated realm (suffix)
> Module: Loaded files
>  files: usersfile = "/usr/local/etc/raddb/users"
>  files: acctusersfile = "/usr/local/etc/raddb/acct_users"
>  files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
>  files: compat = "no"
> Module: Instantiated files (files)
> Module: Loaded Acct-Unique-Session-Id
>  acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, 
> Client-IP-Address, NAS-Port"
> Module: Instantiated acct_unique (acct_unique)
> Module: Loaded detail
>  detail: detailfile = 
> "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
>  detail: detailperm = 384
>  detail: dirperm = 493
>  detail: locking = no
> Module: Instantiated detail (detail)
> Module: Loaded radutmp
>  radutmp: filename = "/usr/local/var/log/radius/radutmp"
>  radutmp: username = "%{User-Name}"
>  radutmp: case_sensitive = yes
>  radutmp: check_with_nas = yes
>  radutmp: perm = 384
>  radutmp: callerid = yes
> Module: Instantiated radutmp (radutmp)
> Segmentation fault
> 
> And the config for the post-auth and accounting:
> 
> #
> #  Accounting.  Log the accounting data.
> #
> accounting {
>         #
>         #  Create a 'detail'ed log of the packets.
>         #  Note that accounting requests which are proxied
>         #  are also logged in the detail file.
>         detail
> #       daily
> 
>         #  Update the wtmp file
>         #
>         #  If you don't use "radlast", you can delete this line.
>         unix
> 
>         #
>         #  For Simultaneous-Use tracking.
>         #
>         #  Due to packet losses in the network, the data here
>         #  may be incorrect.  There is little we can do about it.
>         radutmp
> #       sradutmp
> 
>         #  Return an address to the IP Pool when we see a stop record.
> #       main_pool
> ######### My two ippools
>         1
>         2
>         #
>         #  Log traffic to an SQL database.
>         #
>         #  See "Accounting queries" in sql.conf
> #       sql
> 
> 
>         #  Cisco VoIP specific bulk accounting
> #       pgsql-voip
> 
> }
> 
> 
> #  Post-Authentication
> #  Once we KNOW that the user has been authenticated, there are
> #  additional steps we can take.
> post-auth {
>         #  Get an address from the IP Pool.
> #       main_pool
> ###### My two ippools
>         1
>         2
>         #
>         #  If you want to have a log of authentication replies,
>         #  un-comment the following line, and the 'detail reply_log'
>         #  section, above.
> #       reply_log
> 
>         #
>         #  After authenticating the user, do another SQL qeury.
>         #
>         #  See "Authentication Logging Queries" in sql.conf
> #       sql
> 
>         #
>         #  Un-comment the following if you have set
>         #  'edir_account_policy_check = yes' in the ldap module 
> sub-section of
>         #  the 'modules' section.
>         #
> #       ldap
>         #
>         #  Access-Reject packets are sent through the REJECT sub-section 
> of the
>         #  post-auth section.
>         #  Uncomment the following and set the module name to the ldap 
> instance
>         #  name if you have set 'edir_account_policy_check = yes' in the 
> ldap
>         #  module sub-section of the 'modules' section.
>         #
> #       Post-Auth-Type REJECT {
> #               insert-module-name-here
> #       }
> 
> }
> 
> 
> 
> freeradius-users-bounces at lists.freeradius.org escribió el 15/07/2005 
> 10:44:20:
> 
> > What does radiusd ?X tells you?
> > Can you post more info from your accounting and post-auth section?
> > 
> > 
> > From: freeradius-users-bounces at lists.freeradius.org [mailto:
> > freeradius-users-bounces at lists.freeradius.org] On Behalf Of 
> > abernabe at mutua-mad.es
> > Sent: Friday, July 15, 2005 7:42 AM
> > To: freeradius-users at lists.freeradius.org
> > Subject: ippool problem
> > 
> > 
> > Hello, 
> > 
> > I´m trying to configure a FreeRadius 1.0.4 in Red Hat 8.0. 
> > Everything works OK until I add the ippool in the "post-auth" and 
> > "accounting" section. 
> > 
> > When I start the server I get always the error "Segmentation Fault" 
> > after loading radutmp, just when it tries to load the ippool in the 
> > "accounting" section 
> > 
> > I have the following configuration in the ippool module: 
> > 
> >         ippool 2 { 
> >                 range-start = 172.20.1.1 
> >                 range-stop = 172.20.1.254 
> >                 netmask = 255.255.255.0 
> >                 cache-size = 254 
> >                 session-db = ${raddbdir}/db.ippool 
> >                 ip-index = ${raddbdir}/db.ipindex 
> >                 override = yes 
> >                 maximum-timeout = 0 
> >         } 
> > 
> > Do you know if I´m doing something wrong? 
> > 
> > Thanks - 
> > List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list