In the meantime, I am trying to configure EAP-TLS for a more secure authentication based on client certificates. I generated a CA certificate and used it to sign server and client certificates, which I installed where I needed. However, trying to associate a W7 machine to the AP resulted in freeradius segfaulting:
(5) # executing section post-auth from file /etc/freeradius/sites-enabled/default (5) cache: [... creating cache entry ...] (5) [cache] = updated (5) foreach &control:LDAP-Group (5) update reply { Segmentation fault
In update reply {} there is only one line of code:
&Ruckus-User-Groups += "%{Foreach-Variable-0}"
And the call to the cache module was the only previous uncommented line in post-auth. So I'm quite clueless about where the segfault comes from, since that same line worked perfectly with MSCHAPv2 inside of PEAP... If you need any more debug output feel free to ask :)
I'm guessing you'd need to follow http://wiki.freeradius.org/project/bug-reports#Crashes-(Segmentation-violat ions,-Memory-alignment-errors,-ASSERTs-etc...) or http://lists.freeradius.org/pipermail/freeradius-devel/2014-January/009084.h tml
Ok, so I installed the debug symbols from the PPA repository and uncommented the panic_action line in radiusd.conf. This is the full debug output now: (I have to say that I got a segfault last week that I could fix on my own, but I have no idea where this one comes from. The previous one was about setting outer.reply in default server's post-auth - there is no outer reply in there. It doesn't look like that one though...) Received Access-Request Id 39 from 192.168.60.1:1024 to 192.168.50.62:1812 length 190 User-Name = 'juan' Calling-Station-Id = '00-26-C6-7C-C4-58' NAS-IP-Address = 192.168.60.1 NAS-Port = 1 Called-Station-Id = '2C-E6-CC-1A-3E-5C:PROFESORES' Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Identifier = '2C-E6-CC-1A-3E-5C' Connect-Info = 'CONNECT 802.11a/n' EAP-Message = 0x02000009016a75616e Attr-26.25053.3 = 0x50524f4645534f524553 Message-Authenticator = 0x6ccb32c7b00d65c7617e787ee0f8862b (0) # Executing section authorize from file /etc/freeradius/sites-enabled/default (0) authorize { (0) [preprocess] = ok (0) [chap] = noop (0) [mschap] = noop (0) [digest] = noop (0) suffix : No '@' in User-Name = "juan", looking up realm NULL (0) suffix : No such realm "NULL" (0) [suffix] = noop (0) eap : EAP packet type response id 0 length 9 (0) eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (0) [eap] = ok (0) } # authorize = ok (0) Found Auth-Type = EAP (0) # Executing group from file /etc/freeradius/sites-enabled/default (0) authenticate { (0) eap : Peer sent Identity (1) (0) eap : Calling eap_tls to process EAP data (0) eap_tls : Flushing SSL sessions (of #0) (0) eap_tls : Requiring client certificate (0) eap_tls : Initiate (0) eap_tls : Requiring client certificate (0) eap_tls : Start returned 1 (0) eap : New EAP session, adding 'State' attribute to reply 0x4b06bc534b07b123 (0) [eap] = handled (0) } # authenticate = handled Sending Access-Challenge Id 39 from 192.168.50.62:1812 to 192.168.60.1:1024 EAP-Message = 0x010100060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4b06bc534b07b123a5815ce5986a7061 (0) Finished request Waking up in 0.3 seconds. Received Access-Request Id 40 from 192.168.60.1:1024 to 192.168.50.62:1812 length 304 User-Name = 'juan' Calling-Station-Id = '00-26-C6-7C-C4-58' NAS-IP-Address = 192.168.60.1 NAS-Port = 1 Called-Station-Id = '2C-E6-CC-1A-3E-5C:PROFESORES' Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Identifier = '2C-E6-CC-1A-3E-5C' Connect-Info = 'CONNECT 802.11a/n' EAP-Message = 0x020100690d800000005f160301005a01000056030153957c5a9884652d6bb6c5d6bb19564d 4010cad78f6021d6f9bb42a26c6332a0000018002f00350005000ac013c014c009c00a003200 380013000401000015ff01000100000a0006000400170018000b00020100 State = 0x4b06bc534b07b123a5815ce5986a7061 Attr-26.25053.3 = 0x50524f4645534f524553 Message-Authenticator = 0x424c68d593e8b471a7168fa8f90c84aa (1) # Executing section authorize from file /etc/freeradius/sites-enabled/default (1) authorize { (1) [preprocess] = ok (1) [chap] = noop (1) [mschap] = noop (1) [digest] = noop (1) suffix : No '@' in User-Name = "juan", looking up realm NULL (1) suffix : No such realm "NULL" (1) [suffix] = noop (1) eap : EAP packet type response id 1 length 105 (1) eap : No EAP Start, assuming it's an on-going EAP conversation (1) [eap] = updated (1) [files] = noop rlm_ldap (ldap): Reserved connection (4) (1) ldap : EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}}) (1) ldap : --> (uid=juan) (1) ldap : EXPAND dc=ejemplo,dc=org (1) ldap : --> dc=ejemplo,dc=org (1) ldap : Performing search in 'dc=ejemplo,dc=org' with filter '(uid=juan)', scope 'sub' (1) ldap : Waiting for search result... (1) ldap : User object found at DN "uid=juan,ou=usuarios,dc=ejemplo,dc=org" (1) ldap : No cacheable group memberships found in user object (1) ldap : EXPAND (&(objectClass=groupOfNames)(member=%{control:Ldap-UserDn})) (1) ldap : --> (&(objectClass=groupOfNames)(member=uid\3djuan\2cou\3dusuarios\2cdc\3dejempl o\2cdc\3dorg)) (1) ldap : EXPAND dc=ejemplo,dc=org (1) ldap : --> dc=ejemplo,dc=org (1) ldap : Performing search in 'dc=ejemplo,dc=org' with filter '(&(objectClass=groupOfNames)(member=uid\3djuan\2cou\3dusuarios\2cdc\3dejemp lo\2cdc\3dorg))', scope 'sub' (1) ldap : Waiting for search result... (1) ldap : Added control:Ldap-Group with value "profesores" (1) ldap : Processing user attributes (1) ldap : control:Password-With-Header += ''1234'' rlm_ldap (ldap): Released connection (4) (1) [ldap] = ok (1) foreach &control:LDAP-Group (1) update reply { (1) EXPAND %{Foreach-Variable-0} (1) --> profesores (1) &Ruckus-User-Groups += '"profesores"' (1) } # update reply = noop (1) } # foreach &control:LDAP-Group = noop (1) [expiration] = noop (1) [logintime] = noop (1) pap : No {...} in Password-With-Header, re-writing to Cleartext-Password (1) WARNING: pap : Auth-Type already set. Not setting to PAP (1) [pap] = noop (1) } # authorize = updated (1) Found Auth-Type = EAP (1) # Executing group from file /etc/freeradius/sites-enabled/default (1) authenticate { (1) eap : Expiring EAP session with state 0x4b06bc534b07b123 (1) eap : Finished EAP session with state 0x4b06bc534b07b123 (1) eap : Previous EAP request found for state 0x4b06bc534b07b123, released from the list (1) eap : Peer sent TLS (13) (1) eap : EAP TLS (13) (1) eap : Calling eap_tls to process EAP data (1) eap_tls : Authenticate (1) eap_tls : processing EAP-TLS TLS Length 95 (1) eap_tls : Length Included (1) eap_tls : eaptls_verify returned 11 (1) eap_tls : (other): before/accept initialization (1) eap_tls : TLS_accept: before/accept initialization (1) eap_tls : <<< TLS 1.0 Handshake [length 005a], ClientHello (1) eap_tls : TLS_accept: SSLv3 read client hello A (1) eap_tls : >>> TLS 1.0 Handshake [length 0051], ServerHello (1) eap_tls : TLS_accept: SSLv3 write server hello A (1) eap_tls : >>> TLS 1.0 Handshake [length 0707], Certificate (1) eap_tls : TLS_accept: SSLv3 write certificate A (1) eap_tls : >>> TLS 1.0 Handshake [length 0056], CertificateRequest (1) eap_tls : TLS_accept: SSLv3 write certificate request A (1) eap_tls : TLS_accept: SSLv3 flush data (1) eap_tls : TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode (1) eap_tls : eaptls_process returned 13 (1) eap : New EAP session, adding 'State' attribute to reply 0x4b06bc534a04b123 (1) [eap] = handled (1) } # authenticate = handled Sending Access-Challenge Id 40 from 192.168.50.62:1812 to 192.168.60.1:1024 Ruckus-User-Groups += 'profesores' EAP-Message = 0x010203ec0dc0000007bd16030100510200004d030153800d41db8bc00fc64e65976eef8ad5 05728f175a82585bb671517fa25b004220e538ae19205137b530866cbe9c73fda07251b82edf 134c60a8556d5601036be8002f000005ff0100010016030107070b00070300070000039b3082 03973082027fa003020102020900c43f77feef6a22ef300d06092a864886f70d010105050030 44310b3009060355040613024553310f300d06035504080c064d6164726964310e300c060355 040a0c05494e5445463114301206035504030c0b656a656d706c6f2e6f7267301e170d313430 3532303037313134325a170d3135303532303037313134325a3055310b300906035504061302 4553310f300d06035504080c064d6164726964310f300d06035504070c064d6164726964310e 300c060355040a0c05494e5445463114301206035504030c0b656a656d706c6f2e6f72673082 0122300d06092a864886f70d01010105000382010f003082010a0282010100d86d13ea2fa99e fe3982e0ceface40d345221a17f49a4cbdf8774fc1cea663192790995f1df5c32c30ea86fe51 90ff99a3012ff8e54e94de9d81e96fb282562e1264f059238606c51afebce65604a4902dcdfc 803041f6240e2c7a03cca18c70238e9c0fda027487bcb8868c95850aae68986c068f737434ee cdbbbdaabfd83780ce9 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4b06bc534a04b123a5815ce5986a7061 (1) Finished request Waking up in 0.3 seconds. Received Access-Request Id 41 from 192.168.60.1:1024 to 192.168.50.62:1812 length 205 User-Name = 'juan' Calling-Station-Id = '00-26-C6-7C-C4-58' NAS-IP-Address = 192.168.60.1 NAS-Port = 1 Called-Station-Id = '2C-E6-CC-1A-3E-5C:PROFESORES' Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Identifier = '2C-E6-CC-1A-3E-5C' Connect-Info = 'CONNECT 802.11a/n' EAP-Message = 0x020200060d00 State = 0x4b06bc534a04b123a5815ce5986a7061 Attr-26.25053.3 = 0x50524f4645534f524553 Message-Authenticator = 0x957db049fc1d0e94a5a57f9776395e30 (2) # Executing section authorize from file /etc/freeradius/sites-enabled/default (2) authorize { (2) [preprocess] = ok (2) [chap] = noop (2) [mschap] = noop (2) [digest] = noop (2) suffix : No '@' in User-Name = "juan", looking up realm NULL (2) suffix : No such realm "NULL" (2) [suffix] = noop (2) eap : EAP packet type response id 2 length 6 (2) eap : No EAP Start, assuming it's an on-going EAP conversation (2) [eap] = updated (2) [files] = noop rlm_ldap (ldap): Reserved connection (4) (2) ldap : EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}}) (2) ldap : --> (uid=juan) (2) ldap : EXPAND dc=ejemplo,dc=org (2) ldap : --> dc=ejemplo,dc=org (2) ldap : Performing search in 'dc=ejemplo,dc=org' with filter '(uid=juan)', scope 'sub' (2) ldap : Waiting for search result... (2) ldap : User object found at DN "uid=juan,ou=usuarios,dc=ejemplo,dc=org" (2) ldap : No cacheable group memberships found in user object (2) ldap : EXPAND (&(objectClass=groupOfNames)(member=%{control:Ldap-UserDn})) (2) ldap : --> (&(objectClass=groupOfNames)(member=uid\3djuan\2cou\3dusuarios\2cdc\3dejempl o\2cdc\3dorg)) (2) ldap : EXPAND dc=ejemplo,dc=org (2) ldap : --> dc=ejemplo,dc=org (2) ldap : Performing search in 'dc=ejemplo,dc=org' with filter '(&(objectClass=groupOfNames)(member=uid\3djuan\2cou\3dusuarios\2cdc\3dejemp lo\2cdc\3dorg))', scope 'sub' (2) ldap : Waiting for search result... (2) ldap : Added control:Ldap-Group with value "profesores" (2) ldap : Processing user attributes (2) ldap : control:Password-With-Header += ''1234'' rlm_ldap (ldap): Released connection (4) (2) [ldap] = ok (2) foreach &control:LDAP-Group (2) update reply { (2) EXPAND %{Foreach-Variable-0} (2) --> profesores (2) &Ruckus-User-Groups += '"profesores"' (2) } # update reply = noop (2) } # foreach &control:LDAP-Group = noop (2) [expiration] = noop (2) [logintime] = noop (2) pap : No {...} in Password-With-Header, re-writing to Cleartext-Password (2) WARNING: pap : Auth-Type already set. Not setting to PAP (2) [pap] = noop (2) } # authorize = updated (2) Found Auth-Type = EAP (2) # Executing group from file /etc/freeradius/sites-enabled/default (2) authenticate { (2) eap : Expiring EAP session with state 0x4b06bc534a04b123 (2) eap : Finished EAP session with state 0x4b06bc534a04b123 (2) eap : Previous EAP request found for state 0x4b06bc534a04b123, released from the list (2) eap : Peer sent TLS (13) (2) eap : EAP TLS (13) (2) eap : Calling eap_tls to process EAP data (2) eap_tls : Authenticate (2) eap_tls : processing EAP-TLS (2) eap_tls : Received TLS ACK (2) eap_tls : Received TLS ACK (2) eap_tls : ACK handshake fragment handler (2) eap_tls : eaptls_verify returned 1 (2) eap_tls : eaptls_process returned 13 (2) eap : New EAP session, adding 'State' attribute to reply 0x4b06bc534905b123 (2) [eap] = handled (2) } # authenticate = handled Sending Access-Challenge Id 41 from 192.168.50.62:1812 to 192.168.60.1:1024 Ruckus-User-Groups += 'profesores' EAP-Message = 0x010303e50d80000007bd3849d248b1dfa322109bc7213dc7b995e11cf1ec9e393177e1d411 f1b83700035f3082035b30820243a003020102020900c43f77feef6a22ee300d06092a864886 f70d01010505003044310b3009060355040613024553310f300d06035504080c064d61647269 64310e300c060355040a0c05494e5445463114301206035504030c0b656a656d706c6f2e6f72 67301e170d3134303532303037303835355a170d3137303531393037303835355a3044310b30 09060355040613024553310f300d06035504080c064d6164726964310e300c060355040a0c05 494e5445463114301206035504030c0b656a656d706c6f2e6f726730820122300d06092a8648 86f70d01010105000382010f003082010a0282010100b34d31cc087201a6f5f91e1f411fbe7c 8175e68364d88e7bc6fb454918d40aca5f65cb2caf0496d4c7ef1b62379ab4ddfc60338d8785 d6f4b208091cda2f566d39b233c9a76cfcd2e14a21a5c1c1ad30c6c6734fb0024ef4511a7867 9f4b2e6085113cb24d3229fa288b7ae5a460348f253fa438172cfb0b2c66c005747d6b716d6e 221e492e793c17439a19d638bc84ecde2aaf864e1b22007c29b5aa056637d4dd4bde4783dd1b 2994b87522662742b8c5477ce8c39227a3bf8b71b2dce5323150b49cd27134e4a79f7f98d371 cad38b0e72363efbc62 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4b06bc534905b123a5815ce5986a7061 (2) Finished request Waking up in 0.2 seconds. Received Access-Request Id 42 from 192.168.60.1:1024 to 192.168.50.62:1812 length 1701 User-Name = 'juan' Calling-Station-Id = '00-26-C6-7C-C4-58' NAS-IP-Address = 192.168.60.1 NAS-Port = 1 Called-Station-Id = '2C-E6-CC-1A-3E-5C:PROFESORES' Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Identifier = '2C-E6-CC-1A-3E-5C' Connect-Info = 'CONNECT 802.11a/n' EAP-Message = 0x020305d40dc0000005d916030105990b0003890003860003833082037f30820267a0030201 02020900c43f77feef6a22f0300d06092a864886f70d01010505003044310b30090603550406 13024553310f300d06035504080c064d6164726964310e300c060355040a0c05494e54454631 14301206035504030c0b656a656d706c6f2e6f7267301e170d3134303532313035323130335a 170d3135303532313035323130335a303d310b3009060355040613024553310f300d06035504 080c064d6164726964310e300c060355040a0c05494e544546310d300b06035504030c046a75 616e30820122300d06092a864886f70d01010105000382010f003082010a0282010100d8fe45 c46e4743d7ecaf6c82f5206a6d1683234f11e54af93501eba03aaadf6c4a123bb2aeebce0717 b6930a3e550f9e75e38fb7f0057acebdeecb6d396c4547ed2cb496d887ae6973982c7b708898 d3d4e080c44679ffc2eeea7b707f3d03aacfd8544465a96f0988366c5c8a8fd9e84bd38006f7 1b572a526759eaf147a20c21f42ef7c8f8c37915768eec7e41402c3869e8c06a06d6d53a3fac 290b9db34a737a55ce6c3bc544396ee4f35ff28622c2318c57b0ce8b86aac710ed16e56960d4 a2fafbe851afb250256e5b03cf37f52ace63f3eb801d78d6e2e3ebdb4ac5493bbca5129d60cb ea4a1f7e96391a9216a State = 0x4b06bc534905b123a5815ce5986a7061 Attr-26.25053.3 = 0x50524f4645534f524553 Message-Authenticator = 0x73f8a458222a4c6bb7eec10883f1b056 (3) # Executing section authorize from file /etc/freeradius/sites-enabled/default (3) authorize { (3) [preprocess] = ok (3) [chap] = noop (3) [mschap] = noop (3) [digest] = noop (3) suffix : No '@' in User-Name = "juan", looking up realm NULL (3) suffix : No such realm "NULL" (3) [suffix] = noop (3) eap : EAP packet type response id 3 length 1492 (3) eap : No EAP Start, assuming it's an on-going EAP conversation (3) [eap] = updated (3) [files] = noop rlm_ldap (ldap): Reserved connection (4) (3) ldap : EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}}) (3) ldap : --> (uid=juan) (3) ldap : EXPAND dc=ejemplo,dc=org (3) ldap : --> dc=ejemplo,dc=org (3) ldap : Performing search in 'dc=ejemplo,dc=org' with filter '(uid=juan)', scope 'sub' (3) ldap : Waiting for search result... (3) ldap : User object found at DN "uid=juan,ou=usuarios,dc=ejemplo,dc=org" (3) ldap : No cacheable group memberships found in user object (3) ldap : EXPAND (&(objectClass=groupOfNames)(member=%{control:Ldap-UserDn})) (3) ldap : --> (&(objectClass=groupOfNames)(member=uid\3djuan\2cou\3dusuarios\2cdc\3dejempl o\2cdc\3dorg)) (3) ldap : EXPAND dc=ejemplo,dc=org (3) ldap : --> dc=ejemplo,dc=org (3) ldap : Performing search in 'dc=ejemplo,dc=org' with filter '(&(objectClass=groupOfNames)(member=uid\3djuan\2cou\3dusuarios\2cdc\3dejemp lo\2cdc\3dorg))', scope 'sub' (3) ldap : Waiting for search result... (3) ldap : Added control:Ldap-Group with value "profesores" (3) ldap : Processing user attributes (3) ldap : control:Password-With-Header += ''1234'' rlm_ldap (ldap): Released connection (4) (3) [ldap] = ok (3) foreach &control:LDAP-Group (3) update reply { (3) EXPAND %{Foreach-Variable-0} (3) --> profesores (3) &Ruckus-User-Groups += '"profesores"' (3) } # update reply = noop (3) } # foreach &control:LDAP-Group = noop (3) [expiration] = noop (3) [logintime] = noop (3) pap : No {...} in Password-With-Header, re-writing to Cleartext-Password (3) WARNING: pap : Auth-Type already set. Not setting to PAP (3) [pap] = noop (3) } # authorize = updated (3) Found Auth-Type = EAP (3) # Executing group from file /etc/freeradius/sites-enabled/default (3) authenticate { (3) eap : Expiring EAP session with state 0x4b06bc534905b123 (3) eap : Finished EAP session with state 0x4b06bc534905b123 (3) eap : Previous EAP request found for state 0x4b06bc534905b123, released from the list (3) eap : Peer sent TLS (13) (3) eap : EAP TLS (13) (3) eap : Calling eap_tls to process EAP data (3) eap_tls : Authenticate (3) eap_tls : processing EAP-TLS TLS Length 1497 (3) eap_tls : Received EAP-TLS First Fragment of the message (3) eap_tls : eaptls_verify returned 9 (3) eap_tls : eaptls_process returned 13 (3) eap : New EAP session, adding 'State' attribute to reply 0x4b06bc534802b123 (3) [eap] = handled (3) } # authenticate = handled Sending Access-Challenge Id 42 from 192.168.50.62:1812 to 192.168.60.1:1024 Ruckus-User-Groups += 'profesores' EAP-Message = 0x010400060d00 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4b06bc534802b123a5815ce5986a7061 (3) Finished request Waking up in 0.2 seconds. Received Access-Request Id 43 from 192.168.60.1:1024 to 192.168.50.62:1812 length 220 User-Name = 'juan' Calling-Station-Id = '00-26-C6-7C-C4-58' NAS-IP-Address = 192.168.60.1 NAS-Port = 1 Called-Station-Id = '2C-E6-CC-1A-3E-5C:PROFESORES' Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Identifier = '2C-E6-CC-1A-3E-5C' Connect-Info = 'CONNECT 802.11a/n' EAP-Message = 0x020400150d003739040f9689b4ab4612f7dce2d48e State = 0x4b06bc534802b123a5815ce5986a7061 Attr-26.25053.3 = 0x50524f4645534f524553 Message-Authenticator = 0x39dbec026a12ec8acebb4f68297652a0 (4) # Executing section authorize from file /etc/freeradius/sites-enabled/default (4) authorize { (4) [preprocess] = ok (4) [chap] = noop (4) [mschap] = noop (4) [digest] = noop (4) suffix : No '@' in User-Name = "juan", looking up realm NULL (4) suffix : No such realm "NULL" (4) [suffix] = noop (4) eap : EAP packet type response id 4 length 21 (4) eap : No EAP Start, assuming it's an on-going EAP conversation (4) [eap] = updated (4) [files] = noop rlm_ldap (ldap): Reserved connection (4) (4) ldap : EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}}) (4) ldap : --> (uid=juan) (4) ldap : EXPAND dc=ejemplo,dc=org (4) ldap : --> dc=ejemplo,dc=org (4) ldap : Performing search in 'dc=ejemplo,dc=org' with filter '(uid=juan)', scope 'sub' (4) ldap : Waiting for search result... (4) ldap : User object found at DN "uid=juan,ou=usuarios,dc=ejemplo,dc=org" (4) ldap : No cacheable group memberships found in user object (4) ldap : EXPAND (&(objectClass=groupOfNames)(member=%{control:Ldap-UserDn})) (4) ldap : --> (&(objectClass=groupOfNames)(member=uid\3djuan\2cou\3dusuarios\2cdc\3dejempl o\2cdc\3dorg)) (4) ldap : EXPAND dc=ejemplo,dc=org (4) ldap : --> dc=ejemplo,dc=org (4) ldap : Performing search in 'dc=ejemplo,dc=org' with filter '(&(objectClass=groupOfNames)(member=uid\3djuan\2cou\3dusuarios\2cdc\3dejemp lo\2cdc\3dorg))', scope 'sub' (4) ldap : Waiting for search result... (4) ldap : Added control:Ldap-Group with value "profesores" (4) ldap : Processing user attributes (4) ldap : control:Password-With-Header += ''1234'' rlm_ldap (ldap): Released connection (4) (4) [ldap] = ok (4) foreach &control:LDAP-Group (4) update reply { (4) EXPAND %{Foreach-Variable-0} (4) --> profesores (4) &Ruckus-User-Groups += '"profesores"' (4) } # update reply = noop (4) } # foreach &control:LDAP-Group = noop (4) [expiration] = noop (4) [logintime] = noop (4) pap : No {...} in Password-With-Header, re-writing to Cleartext-Password (4) WARNING: pap : Auth-Type already set. Not setting to PAP (4) [pap] = noop (4) } # authorize = updated (4) Found Auth-Type = EAP (4) # Executing group from file /etc/freeradius/sites-enabled/default (4) authenticate { (4) eap : Expiring EAP session with state 0x4b06bc534802b123 (4) eap : Finished EAP session with state 0x4b06bc534802b123 (4) eap : Previous EAP request found for state 0x4b06bc534802b123, released from the list (4) eap : Peer sent TLS (13) (4) eap : EAP TLS (13) (4) eap : Calling eap_tls to process EAP data (4) eap_tls : Authenticate (4) eap_tls : processing EAP-TLS (4) eap_tls : eaptls_verify returned 7 (4) eap_tls : Done initial handshake (4) eap_tls : <<< TLS 1.0 Handshake [length 038d], Certificate (4) eap_tls : chain-depth=1, (4) eap_tls : error=0 (4) eap_tls : --> User-Name = juan (4) eap_tls : --> BUF-Name = ejemplo.org (4) eap_tls : --> subject = /C=ES/ST=Madrid/O=INTEF/CN=ejemplo.org (4) eap_tls : --> issuer = /C=ES/ST=Madrid/O=INTEF/CN=ejemplo.org (4) eap_tls : --> verify return:1 (4) eap_tls : chain-depth=0, (4) eap_tls : error=0 (4) eap_tls : --> User-Name = juan (4) eap_tls : --> BUF-Name = juan (4) eap_tls : --> subject = /C=ES/ST=Madrid/O=INTEF/CN=juan (4) eap_tls : --> issuer = /C=ES/ST=Madrid/O=INTEF/CN=ejemplo.org (4) eap_tls : --> verify return:1 (4) eap_tls : TLS_accept: SSLv3 read client certificate A (4) eap_tls : <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange (4) eap_tls : TLS_accept: SSLv3 read client key exchange A (4) eap_tls : <<< TLS 1.0 Handshake [length 0106], CertificateVerify (4) eap_tls : TLS_accept: SSLv3 read certificate verify A (4) eap_tls : <<< TLS 1.0 ChangeCipherSpec [length 0001] (4) eap_tls : <<< TLS 1.0 Handshake [length 0010], Finished (4) eap_tls : TLS_accept: SSLv3 read finished A (4) eap_tls : >>> TLS 1.0 ChangeCipherSpec [length 0001] (4) eap_tls : TLS_accept: SSLv3 write change cipher spec A (4) eap_tls : >>> TLS 1.0 Handshake [length 0010], Finished (4) eap_tls : TLS_accept: SSLv3 write finished A (4) eap_tls : TLS_accept: SSLv3 flush data SSL: adding session e538ae19205137b530866cbe9c73fda07251b82edf134c60a8556d5601036be8 to cache (4) eap_tls : (other): SSL negotiation finished successfully SSL Connection Established (4) eap_tls : eaptls_process returned 13 (4) eap : New EAP session, adding 'State' attribute to reply 0x4b06bc534f03b123 (4) [eap] = handled (4) } # authenticate = handled Sending Access-Challenge Id 43 from 192.168.50.62:1812 to 192.168.60.1:1024 Ruckus-User-Groups += 'profesores' EAP-Message = 0x010500450d800000003b1403010001011603010030b6f41d63244fff84ccbe996ef0b09ff2 9df45c4049b85e335adae27b0653521c7719c521ec4e3b611d6c399e2458022b Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4b06bc534f03b123a5815ce5986a7061 (4) Finished request Waking up in 0.2 seconds. Received Access-Request Id 44 from 192.168.60.1:1024 to 192.168.50.62:1812 length 205 User-Name = 'juan' Calling-Station-Id = '00-26-C6-7C-C4-58' NAS-IP-Address = 192.168.60.1 NAS-Port = 1 Called-Station-Id = '2C-E6-CC-1A-3E-5C:PROFESORES' Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Identifier = '2C-E6-CC-1A-3E-5C' Connect-Info = 'CONNECT 802.11a/n' EAP-Message = 0x020500060d00 State = 0x4b06bc534f03b123a5815ce5986a7061 Attr-26.25053.3 = 0x50524f4645534f524553 Message-Authenticator = 0xe145b729ae7f53c07a05f6250273b5a5 (5) # Executing section authorize from file /etc/freeradius/sites-enabled/default (5) authorize { (5) [preprocess] = ok (5) [chap] = noop (5) [mschap] = noop (5) [digest] = noop (5) suffix : No '@' in User-Name = "juan", looking up realm NULL (5) suffix : No such realm "NULL" (5) [suffix] = noop (5) eap : EAP packet type response id 5 length 6 (5) eap : No EAP Start, assuming it's an on-going EAP conversation (5) [eap] = updated (5) [files] = noop rlm_ldap (ldap): Reserved connection (4) (5) ldap : EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}}) (5) ldap : --> (uid=juan) (5) ldap : EXPAND dc=ejemplo,dc=org (5) ldap : --> dc=ejemplo,dc=org (5) ldap : Performing search in 'dc=ejemplo,dc=org' with filter '(uid=juan)', scope 'sub' (5) ldap : Waiting for search result... (5) ldap : User object found at DN "uid=juan,ou=usuarios,dc=ejemplo,dc=org" (5) ldap : No cacheable group memberships found in user object (5) ldap : EXPAND (&(objectClass=groupOfNames)(member=%{control:Ldap-UserDn})) (5) ldap : --> (&(objectClass=groupOfNames)(member=uid\3djuan\2cou\3dusuarios\2cdc\3dejempl o\2cdc\3dorg)) (5) ldap : EXPAND dc=ejemplo,dc=org (5) ldap : --> dc=ejemplo,dc=org (5) ldap : Performing search in 'dc=ejemplo,dc=org' with filter '(&(objectClass=groupOfNames)(member=uid\3djuan\2cou\3dusuarios\2cdc\3dejemp lo\2cdc\3dorg))', scope 'sub' (5) ldap : Waiting for search result... (5) ldap : Added control:Ldap-Group with value "profesores" (5) ldap : Processing user attributes (5) ldap : control:Password-With-Header += ''1234'' rlm_ldap (ldap): Released connection (4) (5) [ldap] = ok (5) foreach &control:LDAP-Group (5) update reply { (5) EXPAND %{Foreach-Variable-0} (5) --> profesores (5) &Ruckus-User-Groups += '"profesores"' (5) } # update reply = noop (5) } # foreach &control:LDAP-Group = noop (5) [expiration] = noop (5) [logintime] = noop (5) pap : No {...} in Password-With-Header, re-writing to Cleartext-Password (5) WARNING: pap : Auth-Type already set. Not setting to PAP (5) [pap] = noop (5) } # authorize = updated (5) Found Auth-Type = EAP (5) # Executing group from file /etc/freeradius/sites-enabled/default (5) authenticate { (5) eap : Expiring EAP session with state 0x4b06bc534f03b123 (5) eap : Finished EAP session with state 0x4b06bc534f03b123 (5) eap : Previous EAP request found for state 0x4b06bc534f03b123, released from the list (5) eap : Peer sent TLS (13) (5) eap : EAP TLS (13) (5) eap : Calling eap_tls to process EAP data (5) eap_tls : Authenticate (5) eap_tls : processing EAP-TLS (5) eap_tls : Received TLS ACK (5) eap_tls : Received TLS ACK (5) eap_tls : ACK handshake is finished (5) eap_tls : eaptls_verify returned 3 (5) eap_tls : eaptls_process returned 3 (5) eap_tls : Saving session e538ae19205137b530866cbe9c73fda07251b82edf134c60a8556d5601036be8 vps 0x2886620 in the cache (5) eap : Freeing handler (5) [eap] = ok (5) } # authenticate = ok (5) # Executing section post-auth from file /etc/freeradius/sites-enabled/default (5) post-auth { (5) cache : EXPAND %{User-Name} (5) cache : --> juan (5) cache : Creating entry for "juan" (5) cache : control:LDAP-Group += &control:LDAP-Group (5) cache : Inserted entry, TTL 3600 seconds (5) [cache] = updated (5) foreach &control:LDAP-Group (5) update reply { CAUGHT SIGNAL: Segmentation fault Backtrace of last 25 frames: /usr/lib/freeradius/libfreeradius-radius.so(fr_fault+0x61)[0x7f56ae6cbc51] /lib/x86_64-linux-gnu/libpthread.so.0(+0xf030)[0x7f56ad415030] /usr/lib/freeradius/libfreeradius-radius.so(+0x1505e)[0x7f56ae6d605e] /usr/lib/freeradius/libfreeradius-server.so(+0x136b7)[0x7f56ae90a6b7] /usr/lib/freeradius/libfreeradius-server.so(+0x13998)[0x7f56ae90a998] /usr/lib/freeradius/libfreeradius-server.so(+0x144c4)[0x7f56ae90b4c4] /usr/lib/freeradius/libfreeradius-server.so(+0x14532)[0x7f56ae90b532] /usr/lib/freeradius/libfreeradius-server.so(radius_map2vp+0x1ef)[0x7f56ae905 def] /usr/lib/freeradius/libfreeradius-server.so(radius_map2request+0xa6)[0x7f56a e905386] freeradius[0x41f955] freeradius[0x41fd1a] freeradius[0x41f221] freeradius[0x41f3de] freeradius(modcall+0x3d)[0x4204fd] freeradius(indexed_modcall+0xb3)[0x41dc03] freeradius(rad_postauth+0x5e)[0x40f57e] freeradius[0x42ca9c] freeradius[0x429d05] freeradius(request_receive+0x247)[0x42af27] freeradius[0x4190a8] freeradius[0x42966d] /usr/lib/freeradius/libfreeradius-radius.so(fr_event_loop+0x2d9)[0x7f56ae6e5 629] freeradius(main+0x65a)[0x40eb2a] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd)[0x7f56acc1bead] freeradius[0x40ee85] Calling: gdb -silent -x /etc/freeradius/panic.gdb freeradius 3192 2>&1 | tee /var/log/freeradius/gdb-freeradius-3192.log Temporarily setting PR_DUMPABLE to 1 sh: 1: gdb: not found Resetting PR_DUMPABLE to 0 Panic action exited with 0