[root@bt sbin]# gdb radiusd GNU gdb Fedora (6.8-27.el5) Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu"... (gdb) set logging file gdb-radiusd.log (gdb) set logging on Copying output to gdb-radiusd.log. (gdb) set args -f (gdb) run Starting program: /usr/local/sbin/radiusd -f [Thread debugging using libthread_db enabled] [New Thread 0x2ad9ae730210 (LWP 24676)] [New Thread 0x42176940 (LWP 24679)] [New Thread 0x42b77940 (LWP 24680)] [New Thread 0x43578940 (LWP 24681)] [New Thread 0x43f79940 (LWP 24682)] [New Thread 0x4497a940 (LWP 24683)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x4497a940 (LWP 24683)] 0x00002ad9af95118c in eap_post_proxy (inst=0x5cddb50, request=0x5d08450) at rlm_eap.c:669 669 vp = request->proxy_reply->vps; (gdb) info threads * 6 Thread 0x4497a940 (LWP 24683) 0x00002ad9af95118c in eap_post_proxy (inst=0x5cddb50, request=0x5d08450) at rlm_eap.c:669 5 Thread 0x43f79940 (LWP 24682) 0x00002ad9ac81c6b1 in sem_wait () from /lib64/libpthread.so.0 4 Thread 0x43578940 (LWP 24681) 0x00002ad9ac81c6b1 in sem_wait () from /lib64/libpthread.so.0 3 Thread 0x42b77940 (LWP 24680) 0x00002ad9ac81c6b1 in sem_wait () from /lib64/libpthread.so.0 2 Thread 0x42176940 (LWP 24679) 0x00002ad9ac81c6b1 in sem_wait () from /lib64/libpthread.so.0 1 Thread 0x2ad9ae730210 (LWP 24676) 0x00002ad9ad13b5f2 in select () from /lib64/libc.so.6 [root@bt sbin]# ./radiusd -xv Mon Jan 27 16:41:58 2014 : Info: radiusd: FreeRADIUS Version 2.2.3, for host x86_64-unknown-linux-gnu, built on Jan 27 2014 at 15:38:07 Mon Jan 27 16:41:58 2014 : Debug: Server was built with: Mon Jan 27 16:41:58 2014 : Debug: accounting Mon Jan 27 16:41:58 2014 : Debug: authentication Mon Jan 27 16:41:58 2014 : Debug: WITH_DHCP Mon Jan 27 16:41:58 2014 : Debug: WITH_VMPS Mon Jan 27 16:41:58 2014 : Debug: Server core libs: Mon Jan 27 16:41:58 2014 : Debug: ssl: OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 Mon Jan 27 16:41:58 2014 : Info: Copyright (C) 1999-2013 The FreeRADIUS server project and contributors. Mon Jan 27 16:41:58 2014 : Info: There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A Mon Jan 27 16:41:58 2014 : Info: PARTICULAR PURPOSE. Mon Jan 27 16:41:58 2014 : Info: You may redistribute copies of FreeRADIUS under the terms of the Mon Jan 27 16:41:58 2014 : Info: GNU General Public License. Mon Jan 27 16:41:58 2014 : Info: For more information about these matters, see the file named COPYRIGHT. -----Original Message----- From: freeradius-users-bounces+adrian.p.smith=bt.com@lists.freeradius.org [mailto:freeradius-users-bounces+adrian.p.smith=bt.com@lists.freeradius.org] On Behalf Of adrian.p.smith@bt.com Sent: 27 January 2014 15:33 To: freeradius-users@lists.freeradius.org Subject: RE: FreeRadius 2.2.3 segfault OK, doing the thing in doc/bugs :-) -----Original Message----- From: freeradius-users-bounces+adrian.p.smith=bt.com@lists.freeradius.org [mailto:freeradius-users-bounces+adrian.p.smith=bt.com@lists.freeradius.org] On Behalf Of adrian.p.smith@bt.com Sent: 27 January 2014 14:42 To: freeradius-users@lists.freeradius.org Subject: FreeRadius 2.2.3 segfault I'm getting a crash. /var/log/messages says: Jan 27 14:24:05 localhost kernel: radiusd[14162]: segfault at 0000000000000070 rip 00002b17454280fc rsp 00007fff7b42b640 error 4 Output from radius -X radiusd: FreeRADIUS Version 2.2.3, for host x86_64-redhat-linux-gnu, built on Jan 27 2014 at 10:39:07 Copyright (C) 1999-2013 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License. For more information about these matters, see the file named COPYRIGHT. Starting - reading configuration files ... including configuration file /etc/raddb/radiusd.conf including configuration file /etc/raddb/proxy.conf including configuration file /etc/raddb/clients.conf including files in directory /etc/raddb/modules/ including configuration file /etc/raddb/modules/policy including configuration file /etc/raddb/modules/ntlm_auth including configuration file /etc/raddb/modules/radutmp including configuration file /etc/raddb/modules/passwd including configuration file /etc/raddb/modules/otp including configuration file /etc/raddb/modules/detail-store.btngh.openzone.com including configuration file /etc/raddb/modules/acct_unique including configuration file /etc/raddb/modules/sql_log including configuration file /etc/raddb/modules/attr_filter including configuration file /etc/raddb/modules/sql_log_store including configuration file /etc/raddb/modules/detail.iptracker including configuration file /etc/raddb/modules/chap including configuration file /etc/raddb/modules/sql_log.dist including configuration file /etc/raddb/modules/sradutmp including configuration file /etc/raddb/modules/ippool including configuration file /etc/raddb/modules/perl including configuration file /etc/raddb/modules/mac2vlan including configuration file /etc/raddb/modules/opendirectory including configuration file /etc/raddb/modules/inner-eap including configuration file /etc/raddb/modules/digest including configuration file /etc/raddb/modules/detail.example.com including configuration file /etc/raddb/modules/smbpasswd including configuration file /etc/raddb/modules/checkval including configuration file /etc/raddb/modules/expiration including configuration file /etc/raddb/modules/cui including configuration file /etc/raddb/modules/counter including configuration file /etc/raddb/modules/linelog including configuration file /etc/raddb/modules/soh including configuration file /etc/raddb/modules/rediswho including configuration file /etc/raddb/modules/etc_group including configuration file /etc/raddb/modules/pap including configuration file /etc/raddb/modules/realm including configuration file /etc/raddb/modules/echo including configuration file /etc/raddb/modules/replicate including configuration file /etc/raddb/modules/wimax including configuration file /etc/raddb/modules/smsotp including configuration file /etc/raddb/modules/detail.btngh.openzone.com including configuration file /etc/raddb/modules/exec including configuration file /etc/raddb/modules/detail including configuration file /etc/raddb/modules/pam including configuration file /etc/raddb/modules/redis including configuration file /etc/raddb/modules/detail.log including configuration file /etc/raddb/modules/preprocess including configuration file /etc/raddb/modules/files including configuration file /etc/raddb/modules/expr including configuration file /etc/raddb/modules/unix including configuration file /etc/raddb/modules/mac2ip including configuration file /etc/raddb/modules/attr_rewrite including configuration file /etc/raddb/modules/always including configuration file /etc/raddb/modules/detail.consulate including configuration file /etc/raddb/modules/dynamic_clients including configuration file /etc/raddb/modules/sqlcounter_expire_on_login including configuration file /etc/raddb/modules/logintime including configuration file /etc/raddb/modules/mschap including configuration file /etc/raddb/eap.conf including configuration file /etc/raddb/policy.conf including files in directory /etc/raddb/sites-enabled/ including configuration file /etc/raddb/sites-enabled/consulate-server including configuration file /etc/raddb/sites-enabled/acct_iptracker including configuration file /etc/raddb/sites-enabled/status including configuration file /etc/raddb/sites-enabled/acct_consulate including configuration file /etc/raddb/sites-enabled/default including configuration file /etc/raddb/sites-enabled/vf-server including configuration file /etc/raddb/sites-enabled/control-socket including configuration file /etc/raddb/sites-enabled/acct_aggregator including configuration file /etc/raddb/sites-enabled/802.1x-server main { user = "radiusd" group = "radiusd" allow_core_dumps = no } including dictionary file /etc/raddb/dictionary main { name = "radiusd" prefix = "/usr" localstatedir = "/var" sbindir = "/usr/sbin" logdir = "/var/log/radius" run_dir = "/var/run/radiusd" libdir = "/usr/lib64/freeradius" radacctdir = "/var/log/radius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/radiusd/radiusd.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server skyport-car { ipaddr = 192.168.24.22 port = 1645 type = "auth+acct" secret = "XXXXXXXX" response_window = 20 max_outstanding = 65536 require_message_authenticator = no zombie_period = 40 status_check = "request" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 300 status_check_timeout = 4 username = "test_user_please_reject_me" password = "this is meaningless" } home_server eldon-car { ipaddr = 192.168.149.22 port = 1645 type = "auth+acct" secret = "XXXXXXXX" response_window = 20 max_outstanding = 65536 require_message_authenticator = no zombie_period = 40 status_check = "request" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 300 status_check_timeout = 4 username = "test_user_please_reject_me" password = "this is meaningless" } home_server 802.1x-auth-server-1 { ipaddr = 193.113.44.19 port = 1645 type = "auth" secret = "XXXXXXXX" response_window = 20 max_outstanding = 65536 require_message_authenticator = yes zombie_period = 40 status_check = "request" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 username = "server@test.alive.com" password = "this is meaningless" } home_server 802.1x-auth-server-2 { ipaddr = 193.113.44.20 port = 1645 type = "auth" secret = "XXXXXXXXXX" response_window = 20 max_outstanding = 65536 require_message_authenticator = yes zombie_period = 40 status_check = "request" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 username = "server@test.alive.com" password = "this is meaningless" } home_server 802.1x-auth-server-3 { ipaddr = 193.113.44.21 port = 1645 type = "auth" secret = "XXXXXXXXX" response_window = 20 max_outstanding = 65536 require_message_authenticator = yes zombie_period = 40 status_check = "request" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 username = "server@test.alive.com" password = "this is meaningless" } home_server 802.1x-auth-server-4 { ipaddr = 193.113.44.22 port = 1645 type = "auth" secret = "XXXXXXXX" response_window = 20 max_outstanding = 65536 require_message_authenticator = yes zombie_period = 40 status_check = "request" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 username = "server@test.alive.com" password = "this is meaningless" } home_server IPTracker { ipaddr = 193.113.44.16 port = 1813 type = "acct" secret = "XXXXXXXX" response_window = 20 max_outstanding = 65536 require_message_authenticator = yes zombie_period = 40 status_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server testing-802.1x-auth-server { ipaddr = 192.168.49.99 port = 1812 type = "auth+acct" secret = "XXXXXXXX" response_window = 20 max_outstanding = 65536 require_message_authenticator = yes zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server 802.1x-acct-relay-server-1 { ipaddr = 192.168.160.16 port = 1813 type = "acct" secret = "XXXXXXXXX" response_window = 20 max_outstanding = 65536 require_message_authenticator = yes zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server 802.1x-acct-relay-server-2 { ipaddr = 192.168.160.17 port = 1813 type = "acct" secret = "XXXXXXXXXXXX" response_window = 20 max_outstanding = 65536 require_message_authenticator = yes zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server 802.1x-acct-spool-server { virtual_server = "802.1x-server-acct" port = 0 type = "acct" response_window = 30 max_outstanding = 65536 require_message_authenticator = yes zombie_period = 40 status_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 300 status_check_timeout = 4 } home_server eldon-eap-server { ipaddr = 192.168.149.97 port = 1812 type = "auth+acct" secret = "XXXXXXXXXXXX" response_window = 30 max_outstanding = 65536 require_message_authenticator = yes zombie_period = 40 status_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 300 status_check_timeout = 4 } home_server consulate-server-1 { ipaddr = 193.113.24.74 port = 1645 type = "auth+acct" secret = "XXXXXXXXXXX" response_window = 30 max_outstanding = 65536 require_message_authenticator = yes zombie_period = 40 status_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 300 status_check_timeout = 4 } home_server consulate-acct { virtual_server = "consulate-server-acct" port = 0 response_window = 30 max_outstanding = 65536 require_message_authenticator = yes zombie_period = 40 status_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 300 status_check_timeout = 4 } home_server_pool IPTracker_pool { home_server = IPTracker } realm iptracker { acct_pool = IPTracker_pool } home_server_pool testing-802.1x-auth-pool { virtual_server = 802.1x-server-auth home_server = testing-802.1x-auth-server } home_server_pool 802.1x-acct-pool { home_server = 802.1x-acct-spool-server } realm 1xTesting { auth_pool = testing-802.1x-auth-pool acct_pool = 802.1x-acct-pool nostrip } home_server_pool 802.1x-auth-pool { type = fail-over virtual_server = 802.1x-server-auth home_server = 802.1x-auth-server-1 home_server = 802.1x-auth-server-2 home_server = 802.1x-auth-server-3 home_server = 802.1x-auth-server-4 } realm 8021x:BTRCon { auth_pool = 802.1x-auth-pool acct_pool = 802.1x-acct-pool nostrip } home_server_pool 802.1x-acct-relay-pool { type = fail-over home_server = 802.1x-acct-relay-server-1 home_server = 802.1x-acct-relay-server-2 } realm acct_8021x:BTRCon { acct_pool = 802.1x-acct-relay-pool } home_server_pool vf_auth_failover { type = fail-over virtual_server = vf-server-auth home_server = skyport-car home_server = eldon-car } realm wlan.mnc015.mcc234.3gppnetwork.org { auth_pool = vf_auth_failover nostrip } home_server_pool eap-pool { home_server = eldon-eap-server } realm thistle8021x.btwifi.com { pool = eap-pool nostrip } home_server_pool consulate-auth-pool { virtual_server = consulate-server-auth home_server = consulate-server-1 } home_server_pool consulate-acct-pool { home_server = consulate-acct } realm wlan.mnc008.mcc234.3gppnetwork.org { auth_pool = consulate-auth-pool acct_pool = consulate-acct-pool nostrip } home_server_pool consulate-acct-relay-pool { home_server = consulate-server-1 } realm acct_consulate { acct_pool = consulate-acct-relay-pool nostrip } realm LOCAL { } home_server_pool testing-802.1x-acct-pool { home_server = testing-802.1x-auth-server } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "XXXXXXXXXXX" shortname = "localhost" nastype = "other" } client 192.168.70.0/24 { require_message_authenticator = no secret = "XXXXXXXXXXX" shortname = "isg-ssg-net-1" nastype = "cisco" } client 192.168.170.0/24 { require_message_authenticator = no secret = "XXXXXXXXXXX" shortname = "isg-ssg-net-2" nastype = "cisco" } client 192.168.14.0/24 { require_message_authenticator = no secret = "XXXXXXXXXX" shortname = "isg-ssg-net-3" nastype = "cisco" } client 192.168.100.31 { require_message_authenticator = no secret = "XXXXXXXXXXX" shortname = "monitor-1" } client 192.168.160.31 { require_message_authenticator = no secret = "XXXXXXXXXX" shortname = "monitor-2" } client 192.168.24.22 { require_message_authenticator = no secret = "XXXXXXXXXXXX" shortname = "test-car" nastype = "cisco" } client 192.168.79.2 { require_message_authenticator = no secret = "XXXXXXXXXXX" shortname = "ACE-Probe" nastype = "cisco" } client 192.168.79.3 { require_message_authenticator = no secret = "XXXXXXXXXXXXX" shortname = "ACE-Probe" nastype = "cisco" } client 192.168.179.2 { require_message_authenticator = no secret = "XXXXXXXXXX" shortname = "ACE-Probe" nastype = "cisco" } client 192.168.179.3 { require_message_authenticator = no secret = "XXXXXXXXXX" shortname = "ACE-Probe" nastype = "cisco" } client 192.168.18.2 { require_message_authenticator = no secret = "XXXXXXXXXXX" shortname = "ACE-Probe" nastype = "cisco" } client 192.168.18.3 { require_message_authenticator = no secret = "XXXXXXXXXX" shortname = "ACE-Probe" nastype = "cisco" } client 192.168.49.96 { require_message_authenticator = no secret = "XXXXXXXXX" } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating module "exec" from file /etc/raddb/modules/exec exec { wait = no input_pairs = "request" shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating module "expr" from file /etc/raddb/modules/expr Module: Linked to module rlm_expiration Module: Instantiating module "expiration" from file /etc/raddb/modules/expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating module "logintime" from file /etc/raddb/modules/logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: #### Loading Virtual Servers #### server { # from file /etc/raddb/radiusd.conf modules { Module: Creating Post-Auth-Type = REJECT Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating module "preprocess" from file /etc/raddb/modules/preprocess preprocess { huntgroups = "/etc/raddb/huntgroups" hints = "/etc/raddb/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } reading pairlist file /etc/raddb/huntgroups reading pairlist file /etc/raddb/hints Module: Linked to module rlm_chap Module: Instantiating module "chap" from file /etc/raddb/modules/chap Module: Linked to module rlm_mschap Module: Instantiating module "mschap" from file /etc/raddb/modules/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = no allow_retry = yes } Module: Linked to module rlm_digest Module: Instantiating module "digest" from file /etc/raddb/modules/digest Module: Linked to module rlm_realm Module: Instantiating module "IPASS" from file /etc/raddb/modules/realm realm IPASS { format = "prefix" delimiter = "/" ignore_default = no ignore_null = no } Module: Instantiating module "suffix" from file /etc/raddb/modules/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Linked to module rlm_eap Module: Instantiating module "eap" from file /etc/raddb/eap.conf eap { default_eap_type = "md5" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 4096 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 CA_path = "/etc/raddb/certs" pem_file_type = yes private_key_file = "/etc/raddb/certs/server.pem" certificate_file = "/etc/raddb/certs/server.pem" CA_file = "/etc/raddb/certs/ca.pem" private_key_password = "whatever" dh_file = "/etc/raddb/certs/dh" random_file = "/etc/raddb/certs/random" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" make_cert_command = "/etc/raddb/certs/bootstrap" cache { enable = no lifetime = 24 max_entries = 255 } verify { } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = no } } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" include_length = yes } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" soh = no } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } Module: Linked to module rlm_files Module: Instantiating module "files" from file /etc/raddb/modules/files files { usersfile = "/etc/raddb/users" acctusersfile = "/etc/raddb/acct_users" preproxy_usersfile = "/etc/raddb/preproxy_users" compat = "no" } reading pairlist file /etc/raddb/users reading pairlist file /etc/raddb/acct_users reading pairlist file /etc/raddb/preproxy_users Module: Linked to module rlm_pap Module: Instantiating module "pap" from file /etc/raddb/modules/pap pap { encryption_scheme = "auto" auto_header = no } Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating module "acct_unique" from file /etc/raddb/modules/acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Framed-IP-Address, NAS-Port-Id" } Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_always Module: Instantiating module "ok" from file /etc/raddb/modules/always always ok { rcode = "ok" simulcount = 0 mpp = no } Module: Linked to module rlm_attr_filter Module: Instantiating module "attr_filter.accounting_response" from file /etc/raddb/modules/attr_filter attr_filter attr_filter.accounting_response { attrsfile = "/etc/raddb/attrs.accounting_response" key = "%{User-Name}" relaxed = no } reading pairlist file /etc/raddb/attrs.accounting_response Module: Checking session {...} for more modules to load Module: Linked to module rlm_radutmp Module: Instantiating module "radutmp" from file /etc/raddb/modules/radutmp radutmp { filename = "/var/log/radius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Linked to module rlm_sql_log Module: Instantiating module "sql_log" from file /etc/raddb/modules/sql_log sql_log { path = "/var/log/radius/radacct/relay-acct/reject-%Y%m%d:%H" Post-Auth = "%t Acct-Status-Type = Interim-Update User-Name = "%{User-Name}" Acct-Session-Id = "REJECT" BTOpenzone-Reject-Message = "8021xReject:%{reply:Reply-Message}" NAS-IP-Address = %{NAS-IP-Address} Framed-IP-Address = %{Framed-IP-Address} Called-Station-Id = %{Called-Station-Id} Calling-Station-Id = %{Calling-Station-Id} Acct-Delay-Time = 0 Timestamp = %l " sql_user_name = "%{%{User-Name}:-DEFAULT}" utf8 = yes safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } Module: Instantiating module "sql_log_store" from file /etc/raddb/modules/sql_log_store sql_log sql_log_store { path = "/var/log/radius/radacct/store-acct/reject-%Y%m%d:%H" Post-Auth = "%t Acct-Status-Type = Interim-Update User-Name = "%{User-Name}" Acct-Session-Id = "REJECT" BTOpenzone-Reject-Message = "8021xReject:%{reply:Reply-Message}" NAS-IP-Address = %{NAS-IP-Address} Framed-IP-Address = %{Framed-IP-Address} Called-Station-Id = %{Called-Station-Id} Calling-Station-Id = %{Calling-Station-Id} Acct-Delay-Time = 0 Timestamp = %l " sql_user_name = "%{%{User-Name}:-DEFAULT}" utf8 = yes safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } Module: Instantiating module "attr_filter.access_reject" from file /etc/raddb/modules/attr_filter attr_filter attr_filter.access_reject { attrsfile = "/etc/raddb/attrs.access_reject" key = "%{User-Name}" relaxed = no } reading pairlist file /etc/raddb/attrs.access_reject } # modules } # server server consulate-server-auth { # from file /etc/raddb/sites-enabled/consulate-server modules { Module: Checking post-proxy {...} for more modules to load } # modules } # server server consulate-server-acct { # from file /etc/raddb/sites-enabled/consulate-server modules { Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_detail Module: Instantiating module "detail.btngh.openzone.com" from file /etc/raddb/modules/detail.btngh.openzone.com detail detail.btngh.openzone.com { detailfile = "/var/log/radius/radacct/relay-acct/detail-%Y%m%d:%H" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Instantiating module "detail-store.btngh.openzone.com" from file /etc/raddb/modules/detail-store.btngh.openzone.com detail detail-store.btngh.openzone.com { detailfile = "/var/log/radius/radacct/store-acct/detail-%Y%m%d:%H" header = "%t" detailperm = 416 dirperm = 493 locking = no log_packet_header = no } Module: Instantiating module "detail.consulate" from file /etc/raddb/modules/detail.consulate detail detail.consulate { detailfile = "/var/log/radius/radacct/consulate/detail-%Y%m%d:%H" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } } # modules } # server server acct_iptracker { # from file /etc/raddb/sites-enabled/acct_iptracker modules { Module: Checking accounting {...} for more modules to load } # modules } # server server status { # from file /etc/raddb/sites-enabled/status modules { Module: Creating Autz-Type = Status-Server Module: Checking authorize {...} for more modules to load } # modules } # server server acct_consulate { # from file /etc/raddb/sites-enabled/acct_consulate modules { Module: Checking accounting {...} for more modules to load } # modules } # server server vf-server-auth { # from file /etc/raddb/sites-enabled/vf-server modules { Module: Checking pre-proxy {...} for more modules to load Module: Instantiating module "reject" from file /etc/raddb/modules/always always reject { rcode = "reject" simulcount = 0 mpp = no } } # modules } # server server acct_aggregator { # from file /etc/raddb/sites-enabled/acct_aggregator modules { Module: Checking accounting {...} for more modules to load } # modules } # server server 802.1x-server-auth { # from file /etc/raddb/sites-enabled/802.1x-server modules { Module: Checking post-proxy {...} for more modules to load Module: Instantiating module "noop" from file /etc/raddb/modules/always always noop { rcode = "noop" simulcount = 0 mpp = no } } # modules } # server server 802.1x-server-acct { # from file /etc/raddb/sites-enabled/802.1x-server modules { Module: Checking accounting {...} for more modules to load Module: Instantiating module "detail.iptracker" from file /etc/raddb/modules/detail.iptracker detail detail.iptracker { detailfile = "/var/log/radius/radacct/iptracker/detail-%Y%m%d:%H" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } } # modules } # server radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 } listen { type = "acct" ipaddr = * port = 0 } listen { type = "control" listen { socket = "/var/run/radiusd/radiusd.sock" mode = "rw" } } listen { type = "detail" listen { filename = "/var/log/radius/radacct/iptracker/*" load_factor = 10 poll_interval = 1 retry_interval = 30 } } listen { type = "status" ipaddr = 127.0.0.1 port = 18120 client admin { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "adminsecret" } } listen { type = "detail" listen { filename = "/var/log/radius/radacct/consulate/*" load_factor = 10 poll_interval = 1 retry_interval = 30 } } listen { type = "detail" listen { filename = "/var/log/radius/radacct/relay-acct/*" load_factor = 10 poll_interval = 1 retry_interval = 30 } } ... adding new socket proxy address * port 40182 ... adding new socket proxy address * port 54630 ... adding new socket proxy address * port 41460 ... adding new socket proxy address * port 46468 ... adding new socket proxy address * port 55955 ... adding new socket proxy address * port 40148 ... adding new socket proxy address * port 55333 ... adding new socket proxy address * port 58120 ... adding new socket proxy address * port 42133 ... adding new socket proxy address * port 52148 ... adding new socket proxy address * port 33849 ... adding new socket proxy address * port 58632 ... adding new socket proxy address * port 36516 ... adding new socket proxy address * port 60425 ... adding new socket proxy address * port 43158 ... adding new socket proxy address * port 47771 ... adding new socket proxy address * port 48703 Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /var/run/radiusd/radi! usd.sock Listening on detail file /var/log/radius/radacct/iptracker/* as server acct_iptracker Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.000000 sec Listening on status address 127.0.0.1 port 18120 as server status Listening on detail file /var/log/radius/radacct/consulate/* as server acct_consulate Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.000000 sec Listening on detail file /var/log/radius/radacct/relay-acct/* as server acct_aggregator Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.000000 sec Listening on proxy address * port 1814 Waking up in 0.9 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.173734 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.928983 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.835711 sec Waking up in 0.8 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.036269 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.882089 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.019558 sec Waking up in 0.6 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.197507 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.850833 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.078351 sec Waking up in 0.5 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.931512 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.203859 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.085231 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.212170 sec Waking up in 0.5 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.975271 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.823461 sec Waking up in 0.5 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.150286 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.219787 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.916838 sec Waking up in 0.8 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.938346 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.059003 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.888133 sec Waking up in 0.5 seconds. rad_recv: Accounting-Request packet from host 127.0.0.1 port 53787, id=242, length=375 Acct-Session-Id = "00000838" Framed-Protocol = PPP Cisco-SSG-Service-Info = "NConsulate_8021X_Roaming" Cisco-AVPair = "parent-session-id=00000837" Framed-IP-Address = 10.50.49.11 User-Name = "1234081219000082@wlan.mnc008.mcc234.3gppnetwork.org" Cisco-SSG-Control-Info = "I0;443495" Cisco-SSG-Control-Info = "O0;141604" Acct-Input-Packets = 851 Acct-Output-Packets = 1035 Acct-Input-Octets = 141604 Acct-Output-Octets = 443495 Acct-Session-Time = 10069 Acct-Status-Type = Interim-Update Cisco-AVPair = "portbundle=enable" Cisco-SSG-Account-Info = "S192.168.89.94:22" Calling-Station-Id = "bc20.a4cd.dfaa" NAS-Port-Type = Virtual NAS-Port = 0 NAS-Port-Id = "0/0/4/0" Service-Type = Framed-User NAS-IP-Address = 192.168.70.11 Event-Timestamp = "Jan 24 2014 13:42:55 GMT" NAS-Identifier = "bay-isg1-asr1004.btopenzone.com" Acct-Delay-Time = 0 # Executing section preacct from file /etc/raddb/sites-enabled/default +group preacct { ++[preprocess] = ok [acct_unique] Hashing 'NAS-Port-Id = "0/0/4/0",Framed-IP-Address = 10.50.49.11,NAS-IP-Address = 192.168.70.11,Acct-Session-Id = "00000838",User-Name = "1234081219000082@wlan.mnc008.mcc234.3gppnetwork.org"' [acct_unique] Acct-Unique-Session-ID = "6740450b0490a636". ++[acct_unique] = ok [IPASS] No '/' in User-Name = "1234081219000082@wlan.mnc008.mcc234.3gppnetwork.org", looking up realm NULL [IPASS] No such realm "NULL" ++[IPASS] = noop [suffix] Looking up realm "wlan.mnc008.mcc234.3gppnetwork.org" for User-Name = "1234081219000082@wlan.mnc008.mcc234.3gppnetwork.org" [suffix] Found realm "wlan.mnc008.mcc234.3gppnetwork.org" [suffix] Adding Realm = "wlan.mnc008.mcc234.3gppnetwork.org" [suffix] Proxying request from user 1234081219000082 to realm wlan.mnc008.mcc234.3gppnetwork.org [suffix] Preparing to proxy accounting request to realm "wlan.mnc008.mcc234.3gppnetwork.org" ++[suffix] = updated +} # group preacct = updated # Executing section accounting from file /etc/raddb/sites-enabled/default +group accounting { ++? if (noop) ? Evaluating (noop) -> FALSE ++? if (noop) -> FALSE ++[exec] = noop [attr_filter.accounting_response] expand: %{User-Name} -> 1234081219000082@wlan.mnc008.mcc234.3gppnetwork.org attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] = updated +} # group accounting = updated WARNING: Empty pre-proxy section. Using default return values.
Sending proxied request internally to virtual server. server consulate-server-acct { WARNING: Empty preacct section. Using default return values. # Executing section accounting from file /etc/raddb/sites-enabled/consulate-server +group accounting { ++? if (! (Cisco-SSG-Service-Info) && ( "%{Acct-Status-Type}" == "Stop" ++) && ( "%{Tunnel-Type}" != "VLAN") ) ?? Evaluating (Cisco-SSG-Service-Info) -> TRUE ? Converting !TRUE -> FALSE ?? Skipping ("%{Acct-Status-Type}" == "Stop" ) ?? Skipping ("%{Tunnel-Type}" != "VLAN") ++? if (! (Cisco-SSG-Service-Info) && ( "%{Acct-Status-Type}" == "Stop" ++) && ( "%{Tunnel-Type}" != "VLAN") ) -> FALSE ? if (! ++(Cisco-SSG-Service-Info) ) ?? Evaluating (Cisco-SSG-Service-Info) -> TRUE ? Converting !TRUE -> FALSE ++? if (! (Cisco-SSG-Service-Info) ) -> FALSE +} # group accounting = noop } # server consulate-server-acct Going to the next request <<< Received proxied response code 0 from internal virtual server. # Executing section post-proxy from file /etc/raddb/sites-enabled/default +group post-proxy { [eap] No pre-existing handler found
I can re-create at will by sending in the packet using radclient. All help appreciated. Adrian Smith - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html