FreeRADIUS crashes after EAP/PEAP authentication

Nick Larsen larsen.nick at gmail.com
Wed Aug 30 06:44:05 CEST 2006 

Hi

I sent an email to the list with the subject "EAP PEAP, unable to load
certificate", but as the subject has changed slightly, I've decided to
create a new thread.

Has anyone had any issues at all when setting up PEAP?
My FreeRADIUS installation, which is used for ADSL/Dial Up AAA (and if I can
get it working Wireless AAA), crashes as a wireless client tries to
authenticate, but is fine for DSL/Dial Up.

I'm running FreeRADIUS 1.1.1 (OpenSSL 0.9.7e-p1 25 Oct 2004).
Running on:
FreeBSD radius02.01.net.nz 6.0-RELEASE FreeBSD 6.0-RELEASE #0: Wed Nov  2
22:33:15 UTC 2005
root at s-dallas.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC
sparc64

FreeRADIUS confuration line:
./configure --sysconfdir=/etc --localstatedir=/var --disable-ltdl-install
--with-ltdl-include=/usr/local/include --with-ltdl-lib=/usr/local/lib
--with-large-files --with-rlm_sql_unixodbc --without-rlm_krb5
--without-rlm_sql_postgresql --without-rlm_ldap --enable-strict-dependencies
--disable-shared --with-openssl-includes=/usr/local/include/openssl
--with-openssl-libraries=/usr/local/lib


Here is the radiusd -XA output when a wireless user tries to authenticate:

Ready to process requests.

rad_recv: Access-Request packet from host 10.10.1.199:1812, id=5, length=73
        User-Name = "nick"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        EAP-Message = 0x02010009016e69636b
        NAS-IP-Address = 10.10.1.199
        Message-Authenticator = 0x44a4bae6e408185535e54b666e440793
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "nick", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: EAP packet type response id 1 length 9
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 0
radius_xlat:  'nick'
rlm_sql (sql): sql_set_user escaped user --> 'nick'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM
radcheck           WHERE Username = 'nick'           ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
radius_xlat:  'SELECT radgroupcheck.id,radgroupcheck.GroupName,
radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  FROM
radgroupcheck,usergroup WHERE usergroup.Username = 'nick' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM
radreply           WHERE Username = 'nick'           ORDER BY id'
radius_xlat:  'SELECT radgroupreply.id,radgroupreply.GroupName,
radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  FROM
radgroupreply,usergroup WHERE usergroup.Username = 'nick' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 4
  modcall[authorize]: module "sql" returns ok for request 0
modcall: leaving group authorize (returns updated) for request 0
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
  modcall[authenticate]: module "eap" returns handled for request 0
modcall: leaving group authenticate (returns handled) for request 0
Sending Access-Challenge of id 5 to 10.10.1.199 port 1812
        Framed-IP-Address := 10.10.1.197
        Service-Type := Framed-User
        Framed-Protocol := PPP
        Acct-Interim-Interval := 600
        Framed-IP-Netmask := 255.255.255.0
        EAP-Message = 0x010200061920
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x441787b224b2cade909f815da10d28a2
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.10.1.199:1812, id=6, length=156
        User-Name = "nick"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        EAP-Message =
0x0202004a198000000040160301003b010000370301d47428dbffab776a5aa27dd1f3ae43b58ba88be83f19c437a92b5e416c87ecf600001000040005000a000900640062000300060100
        State = 0x441787b224b2cade909f815da10d28a2
        NAS-IP-Address = 10.10.1.199
        Message-Authenticator = 0xd35a0b343af33d868016f1faa2c401ca
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
  modcall[authorize]: module "preprocess" returns ok for request 1
  modcall[authorize]: module "chap" returns noop for request 1
  modcall[authorize]: module "mschap" returns noop for request 1
    rlm_realm: No '@' in User-Name = "nick", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 1
  rlm_eap: EAP packet type response id 2 length 74
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 1
radius_xlat:  'nick'
rlm_sql (sql): sql_set_user escaped user --> 'nick'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM
radcheck           WHERE Username = 'nick'           ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 3
radius_xlat:  'SELECT radgroupcheck.id,radgroupcheck.GroupName,
radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  FROM
radgroupcheck,usergroup WHERE usergroup.Username = 'nick' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM
radreply           WHERE Username = 'nick'           ORDER BY id'
radius_xlat:  'SELECT radgroupreply.id,radgroupreply.GroupName,
radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  FROM
radgroupreply,usergroup WHERE usergroup.Username = 'nick' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 3
  modcall[authorize]: module "sql" returns ok for request 1
modcall: leaving group authorize (returns updated) for request 1
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
    (other): before/accept initialization
    TLS_accept: before/accept initialization
Segmentation fault: 11 (core dumped)
root at radius02 [/etc/raddb]#

Any help at all would be much appreciated, as I have spent hours (and days
even) on researching the causes and have found nothing. I know FreeRADIUS is
quite capable of doing PEAP, so it must somehow be my configuration. Let me
know if there's any info I've left out.

-- 
Regards,

Nick Larsen
Wellington
NEW ZEALAND
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060830/e7b56445/attachment.html>

More information about the Freeradius-Users mailing list