<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:times new roman, new york, times, serif;font-size:12pt"><DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><SPAN lang=EN-US style="COLOR: black; mso-ansi-language: EN-US">Hello <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p></SPAN></DIV>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US style="COLOR: black; mso-ansi-language: EN-US">Debug is difficult because of Segmentation Fault. <o:p></o:p></SPAN></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US style="COLOR: black; mso-ansi-language: EN-US">I will try to rebuild radius (in the night) with last patch , that you already provide.<o:p></o:p></SPAN></P></DIV>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">Is It something wrong whth my configuration? </DIV>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">I decide to disable all nonused modules. Maybe I disable something major?</DIV>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"> </DIV>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><A href="mailto:root@aaa">root@aaa</A># radiusd -X<BR>FreeRADIUS Version 2.0.4, for host i686-pc-linux-gnu, built on Apr 7 2008 at 10:36:05<BR>Copyright (C) 1999-2008 The FreeRADIUS server project and contributors. <BR>There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A <BR>PARTICULAR PURPOSE. <BR>You may redistribute copies of FreeRADIUS under the terms of the <BR>GNU General Public License. <BR>Starting - reading configuration files ...<BR>including configuration file /etc/raddb/radiusd.conf<BR>including configuration file /etc/raddb/proxy.conf<BR>including configuration file /etc/raddb/clients.conf<BR>including configuration file /etc/raddb/sql.conf<BR>including configuration file /etc/raddb/sql/postgresql/dialup.conf<BR>including files in directory /etc/raddb/sites-enabled/<BR>including configuration file
/etc/raddb/sites-enabled/default<BR>including dictionary file /etc/raddb/dictionary<BR>main {<BR> prefix = "/usr"<BR> localstatedir = "/var"<BR> logdir = "/var/log/radius"<BR> libdir = "/usr/lib"<BR> radacctdir = "/var/log/radius/radacct"<BR> hostname_lookups = no<BR> max_request_time = 30<BR> cleanup_delay = 5<BR> max_requests = 8192<BR> allow_core_dumps = no<BR> pidfile = "/var/run/radiusd/radiusd.pid"<BR> checkrad =
"/usr/sbin/checkrad"<BR> debug_level = 0<BR> proxy_requests = yes<BR> security {<BR> max_attributes = 200<BR> reject_delay = 1<BR> status_server = no<BR> }<BR>}<BR> client MAIN_NAS {<BR> ipaddr = 192.168.101.1<BR> netmask = 32<BR> require_message_authenticator = no<BR> secret = "key"<BR> shortname = "nas1"<BR> nastype = "other"<BR> }<BR> client jds {<BR> ipaddr = 192.168.0.1<BR>
require_message_authenticator = no<BR> secret = "superkey"<BR> shortname = "jds"<BR> nastype = "other"<BR> }<BR> client jds2 {<BR> ipaddr = 192.168.0.2<BR> require_message_authenticator = no<BR> secret = "superkey"<BR> shortname = "jds2"<BR> nastype = "other"<BR> }<BR>radiusd: #### Loading Realms and Home Servers ####<BR> proxy server {<BR> retry_delay = 5<BR> retry_count = 3<BR> default_fallback = no<BR> dead_time =
120<BR> wake_all_if_all_dead = no<BR> }<BR> home_server jds1 {<BR> ipaddr = 192.168.0.1<BR> port = 1646<BR> type = "acct"<BR> secret = "superkey"<BR> response_window = 30<BR> max_outstanding = 65536<BR> zombie_period = 40<BR> status_check = "request"<BR> ping_check = "none"<BR> ping_interval = 30<BR> check_interval = 30<BR> num_answers_to_alive = 3<BR>
num_pings_to_alive = 3<BR> revive_interval = 300<BR> status_check_timeout = 4<BR> }<BR> home_server jds2 {<BR> ipaddr = 192.168.0.2<BR> port = 1646<BR> type = "acct"<BR> secret = "superkey"<BR> response_window = 30<BR> max_outstanding = 65536<BR> zombie_period = 40<BR> status_check = "request"<BR> ping_check = "none"<BR> ping_interval = 30<BR> check_interval = 30<BR>
num_answers_to_alive = 3<BR> num_pings_to_alive = 3<BR> revive_interval = 300<BR> status_check_timeout = 4<BR> }<BR> home_server_pool jds {<BR> type = fail-over<BR> home_server = jds1<BR> home_server = jds2<BR> }<BR> realm domain.com {<BR> acct_pool = jds<BR> nostrip<BR> }<BR>radiusd: #### Instantiating modules ####<BR> instantiate {<BR> }<BR>radiusd: #### Loading Virtual Servers ####<BR>server {<BR> modules {<BR> Module: Checking preacct {...} for more modules to load<BR> Module: Linked to module rlm_realm<BR> Module: Instantiating suffix<BR> realm suffix
{<BR> format = "suffix"<BR> delimiter = "@"<BR> ignore_default = no<BR> ignore_null = no<BR> }<BR> Module: Checking accounting {...} for more modules to load<BR> Module: Linked to module rlm_acct_unique<BR> Module: Instantiating acct_unique<BR> acct_unique {<BR> key = "Calling-Station-Id, Acct-Session-Id, 3GPP2-Correlation-Id"<BR> }<BR> Module: Linked to module rlm_sql<BR> Module: Instantiating sql<BR> sql {<BR> driver = "rlm_sql_postgresql"<BR> server = "localhost"<BR> port = ""<BR> login =
"rad"<BR> password = "......"<BR> radius_db = "radius"<BR> read_groups = yes<BR> sqltrace = no<BR> sqltracefile = "/var/log/radius/sqltrace.sql"<BR> readclients = no<BR> deletestalesessions = yes<BR> num_sql_socks = 48<BR> sql_user_name = "%{User-Name}"<BR> default_user_profile = ""<BR> nas_query = "SELECT id,nasname,shortname,type,secret FROM nas"<BR> authorize_check_query = ""<BR> authorize_reply_query =
""<BR> authorize_group_check_query = ""<BR> authorize_group_reply_query = ""<BR> accounting_onoff_query = ""<BR> accounting_update_query = ""<BR> accounting_update_query_alt = ""<BR> accounting_start_query = "INSERT into radacct (AcctSessionId, AcctUniqueId, CallingStationId, AcctStartTime, AcctStopTime, superkeyActiveTime, AcctInputOctets, </DIV>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">AcctOutputOctets, FramedIPAddress, UserName, ReleaseIndicator, superkeyBadPPPFrameCount, superkeyCorrelationId, AcctSessionTime, NASIPAddress) values('%{Acct-Session-Id}', '%{Acct-</DIV>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">Unique-Session-Id}', '%{Calling-Station-Id}', '%S', NULL,'0', '0', '0', '%{Framed-IP-Address}', trim('%{SQL-User-Name}'), '0', '0', '%{3GPP2-Correlation-Id}', '0', '%{NAS-IP-</DIV>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">Address}')"<BR> accounting_start_query_alt = ""<BR> accounting_stop_query = "UPDATE radacct SET AcctStopTime = '%S', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', OutputPacket = '%</DIV>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">{Acct-Output-Packets}', InputPacket = '%{Acct-Input-Packets}', AcctOutputOctets = '%{Acct-Output-Octets}', ReleaseIndicator = '%{Acct-Terminate-Cause}', superkeyBadPPPFrameCount = </DIV>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">'%{3GPP2-Bad-PPP-Frame-Count}', superkeyCorrelationId = '%{3GPP2-Correlation-Id}', superkeyActiveTime = '%{3GPP2-Active-Time}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'"<BR> accounting_stop_query_alt = ""<BR> connect_failure_retry_delay = 60<BR> simul_count_query = ""<BR> simul_verify_query = ""<BR> postauth_query = ""<BR> safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"<BR> }<BR>rlm_sql (sql): Driver rlm_sql_postgresql (module rlm_sql_postgresql) loaded and linked<BR>rlm_sql (sql): Attempting to connect to <A
href="mailto:radacc@localhost:/radius">radacc@localhost:/radius</A><BR>rlm_sql (sql): starting 0<BR>rlm_sql (sql): Attempting to connect rlm_sql_postgresql #0<BR>rlm_sql (sql): Connected new DB handle, #0<BR>.........<BR>rlm_sql (sql): starting 47<BR>rlm_sql (sql): Attempting to connect rlm_sql_postgresql #47<BR>rlm_sql (sql): Connected new DB handle, #47<BR> Module: Checking pre-proxy {...} for more modules to load<BR> Module: Linked to module rlm_detail<BR> Module: Instantiating pre_proxy_log<BR> detail pre_proxy_log {<BR> detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d"<BR> header = "%t"<BR> detailperm = 384<BR> dirperm = 493<BR> locking = no<BR>
log_packet_header = no<BR> }<BR> Module: Checking post-proxy {...} for more modules to load<BR> Module: Instantiating post_proxy_log<BR> detail post_proxy_log {<BR> detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d"<BR> header = "%t"<BR> detailperm = 384<BR> dirperm = 493<BR> locking = no<BR> log_packet_header = no<BR> }<BR> }<BR>}<BR>radiusd: #### Opening IP addresses and Ports ####<BR>listen {<BR> type = "acct"<BR> ipaddr = *<BR> port = 0<BR>}<BR>Listening on accounting address * port 1813<BR>Listening on proxy
address * port 1222<BR>Ready to process requests.<BR> Acct-Status-Type = Start<BR> User-Name = "<A href="mailto:test1@domain.com">test1@domain.com</A>"<BR> Calling-Station-Id = "77734565"<BR> Framed-IP-Address = 192.168.50.19<BR> NAS-IP-Address = X.X.X.X<BR> Event-Timestamp = "Apr 10 2008 17:08:14 EEST"<BR> Acct-Session-Id = "0000000\000"<BR> NAS-Port-Type = Virtual<BR> NAS-Port = 1813<BR> Acct-Delay-Time = 0<BR> Service-Type = Framed-User<BR> Acct-Authentic
= RADIUS<BR> 3GPP2-ESN = "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000"<BR> 3GPP2-Attr-116 = 0x0000000000000000000000000000<BR> 3GPP2-Correlation-Id = "09446618"<BR> 3GPP2-Service-Reference-Id = 0x00000000<BR> 3GPP2-Home-Agent-IP-Address = 0.0.0.0<BR> 3GPP2-BSID = "2A2100021102"<BR> 3GPP2-User-Id = 0<BR> 3GPP2-Forward-FCH-Mux-Option = 0<BR> 3GPP2-Reverse-FCH-Mux-Option = 0<BR> 3GPP2-Service-Option = 59<BR> 3GPP2-Forward-Traffic-Type = 0<BR>
3GPP2-Reverse-Traffic-Type = 0<BR> 3GPP2-FCH-Frame-Size = 0<BR> 3GPP2-Forward-FCH-RC = 0<BR> 3GPP2-Reverse-FCH-RC = 0<BR> 3GPP2-IP-Technology = 1<BR> 3GPP2-Compulsory-Tunnel-Indicator = 0<BR> 3GPP2-DCCH-Frame-Size = 0<BR> 3GPP2-Attr-78 = 0x00000000<BR> 3GPP2-Forward-PDCH-RC = 0<BR> 3GPP2-Forward-DCCH-Mux-Option = 0<BR> 3GPP2-Reverse-DCCH-Mux-Option = 0<BR> 3GPP2-Forward-DCCH-RC = 0<BR> 3GPP2-Reverse-DHHC-RC = 0<BR>
3GPP2-Attr-114 = 0x00000000<BR> 3GPP2-IP-QoS = 10<BR> 3GPP2-Airlink-Priority = 0<BR>+- entering group preacct<BR> rlm_realm: Looking up realm "domain.com" for User-Name = "<A href="mailto:test1@domain.com">test1@domain.com</A>"<BR> rlm_realm: Found realm "domain.com"<BR> rlm_realm: Proxying request from user test1 to realm domain.com<BR> rlm_realm: Adding Realm = "domain.com"<BR> rlm_realm: Preparing to proxy accounting request to realm "domain.com" <BR>++[suffix] returns updated<BR>+- entering group accounting<BR>rlm_acct_unique: Hashing '3GPP2-Correlation-Id = "09446618",Acct-Session-Id = "0000000\000",Calling-Station-Id = "77734565"'<BR>rlm_acct_unique: Acct-Unique-Session-ID = "e05fa4c07c65ca2b".<BR>++[acct_unique] returns ok<BR> expand:
%{User-Name} -> <A href="mailto:test1@domain.com">test1@domain.com</A><BR>rlm_sql (sql): sql_set_user escaped user --> <A href="mailto:'test1@domain.com'">'test1@domain.com'</A><BR> expand: INSERT into radacct (AcctSessionId, AcctUniqueId, CallingStationId, AcctStartTime, AcctStopTime, superkeyActiveTime, AcctInputOctets, AcctOutputOctets, </DIV>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">FramedIPAddress, UserName, ReleaseIndicator, superkeyBadPPPFrameCount, superkeyCorrelationId, AcctSessionTime, NASIPAddress) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', </DIV>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">'%{Calling-Station-Id}', '%S', NULL,'0', '0', '0', '%{Framed-IP-Address}', trim('%{SQL-User-Name}'), '0', '0', '%{3GPP2-Correlation-Id}', '0', '%{NAS-IP-Address}') -> INSERT </DIV>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">into radacct (AcctSessionId, AcctUniqueId, CallingStationId, AcctStartTime, AcctStopTime, superkeyActiveTime, AcctInputOctets, AcctOutputOctets, FramedIPAddress, UserName, </DIV>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">ReleaseIndicator, superkeyBadPPPFrameCount, superkeyCorrelationId, AcctSessionTime, NASIPAddress) values('0000000', 'e05fa4c07c65ca2b', '77734565', '2008-04-10 17:08:13', </DIV>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">NULL,'0', '0', '0', '192.168.50.19', trim(<A href="mailto:'test1@domain.com'">'test1@domain.com'</A>), '0', '0', '09446618', '0', '192.168.101.1')<BR>rlm_sql (sql): Reserving sql socket id: 24<BR>rlm_sql_postgresql: Status: PGRES_COMMAND_OK<BR>rlm_sql_postgresql: query affected rows = 1<BR>rlm_sql (sql): Released sql socket id: 24<BR>++[sql] returns ok<BR>+- entering group pre-proxy<BR> expand: /var/log/radius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d -> /var/log/radius/radacct/192.168.101.1/pre-proxy-detail-20080410<BR>rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.101.1/pre-proxy-detail-20080410<BR> expand: %t -> Thu Apr 10 17:08:13 2008<BR>++[pre_proxy_log] returns
ok<BR> Acct-Status-Type = Start<BR> User-Name = "<A href="mailto:test1@domain.com">test1@domain.com</A>"<BR> Calling-Station-Id = "77734565"<BR> Framed-IP-Address = 192.168.50.19<BR> NAS-IP-Address = 192.168.101.1<BR> Event-Timestamp = "Apr 10 2008 17:08:14 EEST"<BR> Acct-Session-Id = "0000000\000"<BR> NAS-Port-Type = Virtual<BR> NAS-Port = 1813<BR> Acct-Delay-Time = 0<BR> Service-Type = Framed-User<BR> Acct-Authentic =
RADIUS<BR> 3GPP2-ESN = "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000"<BR> 3GPP2-Attr-116 = 0x0000000000000000000000000000<BR> 3GPP2-Correlation-Id = "09446618"<BR> 3GPP2-Service-Reference-Id = 0x00000000<BR> 3GPP2-Home-Agent-IP-Address = 0.0.0.0<BR> 3GPP2-BSID = "2A2100021102"<BR> 3GPP2-User-Id = 0<BR> 3GPP2-Forward-FCH-Mux-Option = 0<BR> 3GPP2-Reverse-FCH-Mux-Option = 0<BR> 3GPP2-Service-Option = 59<BR> 3GPP2-Forward-Traffic-Type = 0<BR>
3GPP2-Reverse-Traffic-Type = 0<BR> 3GPP2-FCH-Frame-Size = 0<BR> 3GPP2-Forward-FCH-RC = 0<BR> 3GPP2-Reverse-FCH-RC = 0<BR> 3GPP2-IP-Technology = 1<BR> 3GPP2-Compulsory-Tunnel-Indicator = 0<BR> 3GPP2-DCCH-Frame-Size = 0<BR> 3GPP2-Attr-78 = 0x00000000<BR> 3GPP2-Forward-PDCH-RC = 0<BR> 3GPP2-Forward-DCCH-Mux-Option = 0<BR> 3GPP2-Reverse-DCCH-Mux-Option = 0<BR> 3GPP2-Forward-DCCH-RC = 0<BR> 3GPP2-Reverse-DHHC-RC = 0<BR>
3GPP2-Attr-114 = 0x00000000<BR> 3GPP2-IP-QoS = 10<BR> 3GPP2-Airlink-Priority = 0<BR> Proxy-State = 0x3937<BR>Proxying request 551 to home server 192.168.0.1 port 1646<BR> Acct-Status-Type = Start<BR> User-Name = "<A href="mailto:test1@domain.com">test1@domain.com</A>"<BR> Calling-Station-Id = "77734565"<BR> Framed-IP-Address = 192.168.50.19<BR> NAS-IP-Address = 192.168.101.1<BR> Event-Timestamp = "Apr 10 2008 17:08:14 EEST"<BR> Acct-Session-Id = "0000000\000"<BR> NAS-Port-Type =
Virtual<BR> NAS-Port = 1813<BR> Acct-Delay-Time = 0<BR> Service-Type = Framed-User<BR> Acct-Authentic = RADIUS<BR> 3GPP2-ESN = "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000"<BR> 3GPP2-Attr-116 = 0x0000000000000000000000000000<BR> 3GPP2-Correlation-Id = "09446618"<BR> 3GPP2-Service-Reference-Id = 0x00000000<BR> 3GPP2-Home-Agent-IP-Address = 0.0.0.0<BR> 3GPP2-BSID = "2A2100021102"<BR> 3GPP2-User-Id = 0<BR> 3GPP2-Forward-FCH-Mux-Option =
0<BR> 3GPP2-Reverse-FCH-Mux-Option = 0<BR> 3GPP2-Service-Option = 59<BR> 3GPP2-Forward-Traffic-Type = 0<BR> 3GPP2-Reverse-Traffic-Type = 0<BR> 3GPP2-FCH-Frame-Size = 0<BR> 3GPP2-Forward-FCH-RC = 0<BR> 3GPP2-Reverse-FCH-RC = 0<BR> 3GPP2-IP-Technology = 1<BR> 3GPP2-Compulsory-Tunnel-Indicator = 0<BR> 3GPP2-DCCH-Frame-Size = 0<BR> 3GPP2-Attr-78 = 0x00000000<BR> 3GPP2-Forward-PDCH-RC = 0<BR> 3GPP2-Forward-DCCH-Mux-Option
= 0<BR> 3GPP2-Reverse-DCCH-Mux-Option = 0<BR> 3GPP2-Forward-DCCH-RC = 0<BR> 3GPP2-Reverse-DHHC-RC = 0<BR> 3GPP2-Attr-114 = 0x00000000<BR> 3GPP2-IP-QoS = 10<BR> 3GPP2-Airlink-Priority = 0<BR> Proxy-State = 0x3937<BR>Going to the next request<BR>Waking up in 0.9 seconds.<BR>Ignoring request from unknown home server 192.168.0.1 port 1646<BR>.................<BR>Rejecting request 593 due to lack of any response from home server 192.168.0.1 port 1646<BR>Finished request 593.<BR>Cleaning up request 593 ID 139 with timestamp +90<BR>Cleaning up request 593 ID 362747136 with timestamp +90<BR>Segmentation fault<BR><A href="mailto:root@aaamisha">root@aaa</A>#
exit<BR><BR></DIV>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">----- Original Message ----<BR>From: Alan DeKok <aland@deployingradius.com><BR>To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org><BR>Sent: Friday, April 11, 2008 12:59:26 PM<BR>Subject: Re: Problem with proxy-radius function<BR><BR>Ivan Popov wrote:<BR>> What I can say ..<BR>> root@aaa:/var/log/radius <mailto:root@aaa:/var/log/radius># tcpdump -i<BR>> eth0 host X.X.X.X<BR><BR> <sigh> While this is interesting, you were asked for debugging output.<BR><BR>> Is It correct? I thing it should be between port 1813 and 1646 ...<BR><BR> The traffic looks OK. There may be something else going wrong, and<BR>the debug output may show it.<BR><BR> Is it possible to run the server in debug mode? If not, why?<BR><BR> Alan DeKok.<BR>-<BR>List info/subscribe/unsubscribe? See <A
href="http://www.freeradius.org/list/users.html" target=_blank>http://www.freeradius.org/list/users.html</A><BR></DIV>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><BR></DIV></div><br>__________________________________________________<br>Do You Yahoo!?<br>Tired of spam? Yahoo! Mail has the best spam protection around <br>http://mail.yahoo.com </body></html>