Segmentation Fault after authorize - 2.1.12+dfsg-1.2 Debian
Hello, I just updated to Debian wheezy 7.0, kernel 3.2.0-4-amd64, and the accompanying freeradius-2.1.12+dfsg-1.2. (Previously using Debian squeeze 6.0 and freeradius 2.1.10+dfsg-2+squeeze1.) After the OS update and FreeRADIUS updates, freeradius is now seg faulting after trying to process the authorize section when a wireless client attempts to connect via EAP-PEAP (MSCHAPv2). (None of the free radius configuration files have changed). I suspect a library problem of some kind, but I've removed all old freeradius libraries from /usr/lib/freeradius and removed and reinstalled all of the free radius packages from the Debian repository. Any assistance on what to look for next would be appreciated. Here is freeradius config: ###################################################################### # # As of 2.0.0, FreeRADIUS supports virtual hosts using the # "server" section, and configuration directives. # # Virtual hosts should be put into the "sites-available" # directory. Soft links should be created in the "sites-enabled" # directory to these files. This is done in a normal installation. # # $Id$ # ###################################################################### # # Read "man radiusd" before editing this file. See the section # titled DEBUGGING. It outlines a method where you can quickly # obtain the configuration you want, without running into # trouble. See also "man unlang", which documents the format # of this file. # # This configuration is designed to work in the widest possible # set of circumstances, with the widest possible number of # authentication methods. This means that in general, you should # need to make very few changes to this file. # # The best way to configure the server for your local system # is to CAREFULLY edit this file. Most attempts to make large # edits to this file will BREAK THE SERVER. Any edits should # be small, and tested by running the server with "radiusd -X". # Once the edits have been verified to work, save a copy of these # configuration files somewhere. (e.g. as a "tar" file). Then, # make more edits, and test, as above. # # There are many "commented out" references to modules such # as ldap, sql, etc. These references serve as place-holders. # If you need the functionality of that module, then configure # it in radiusd.conf, and un-comment the references to it in # this file. In most cases, those small changes will result # in the server being able to connect to the DB, and to # authenticate users. # ###################################################################### # # In 1.x, the "authorize", etc. sections were global in # radiusd.conf. As of 2.0, they SHOULD be in a server section. # # The server section with no virtual server name is the "default" # section. It is used when no server name is specified. # # We don't indent the rest of this file, because doing so # would make it harder to read. # # Authorization. First preprocess (hints and huntgroups files), # then realms, and finally look in the "users" file. # # The order of the realm modules will determine the order that # we try to find a matching realm. # # Make *sure* that 'preprocess' comes before any realm if you # need to setup hints for the remote radius server authorize { # # The preprocess module takes care of sanitizing some bizarre # attributes in the request, and turning them into attributes # which are more standard. # # It takes care of processing the 'raddb/hints' and the # 'raddb/huntgroups' files. preprocess # # If you want to have a log of authentication requests, # un-comment the following line, and the 'detail auth_log' # section, above. # auth_log # # The chap module will set 'Auth-Type := CHAP' if we are # handling a CHAP request and Auth-Type has not already been set #chap # # If the users are logging in with an MS-CHAP-Challenge # attribute for authentication, the mschap module will find # the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP' # to the request, which will cause the server to then use # the mschap module for authentication. #mschap # # If you have a Cisco SIP server authenticating against # FreeRADIUS, uncomment the following line, and the 'digest' # line in the 'authenticate' section. #digest # # The WiMAX specification says that the Calling-Station-Id # is 6 octets of the MAC. This definition conflicts with # RFC 3580, and all common RADIUS practices. Un-commenting # the "wimax" module here means that it will fix the # Calling-Station-Id attribute to the normal format as # specified in RFC 3580 Section 3.21 # wimax # # Look for IPASS style 'realm/', and if not found, look for # '@realm', and decide whether or not to proxy, based on # that. # IPASS # # If you are using multiple kinds of realms, you probably # want to set "ignore_null = yes" for all of them. # Otherwise, when the first style of realm doesn't match, # the other styles won't be checked. # suffix # ntdomain # # This module takes care of EAP-MD5, EAP-TLS, and EAP-LEAP # authentication. # # It also sets the EAP-Type attribute in the request # attribute list to the EAP type from the packet. # # As of 2.0, the EAP module returns "ok" in the authorize stage # for TTLS and PEAP. In 1.x, it never returned "ok" here, so # this change is compatible with older configurations. # # The example below uses module failover to avoid querying all # of the following modules if the EAP module returns "ok". # Therefore, your LDAP and/or SQL servers will not be queried # for the many packets that go back and forth to set up TTLS # or PEAP. The load on those servers will therefore be reduced. # eap { ok = return } # # Pull crypt'd passwords from /etc/passwd or /etc/shadow, # using the system API's to get the password. If you want # to read /etc/passwd or /etc/shadow directly, see the # passwd module in radiusd.conf. # # unix # # Read the 'users' file files # # Look in an SQL database. The schema of the database # is meant to mirror the "users" file. # # See "Authorization Queries" in sql.conf # sql # # If you are using /etc/smbpasswd, and are also doing # mschap authentication, the un-comment this line, and # configure the 'etc_smbpasswd' module, above. # etc_smbpasswd smbpasswd # # The ldap module will set Auth-Type to LDAP if it has not # already been set # ldap ucsbnetid # # Enforce daily limits on time spent logged in. # daily # # Use the checkval module # checkval expiration logintime # # If no other module has claimed responsibility for # authentication, then try to use PAP. This allows the # other modules listed above to add a "known good" password # to the request, and to do nothing else. The PAP module # will then see that password, and use it to do PAP # authentication. # # This module should be listed last, so that the other modules # get a chance to set Auth-Type for themselves. # pap # # If "status_server = yes", then Status-Server messages are passed # through the following section, and ONLY the following section. # This permits you to do DB queries, for example. If the modules # listed here return "fail", then NO response is sent. # # Autz-Type Status-Server { # # } } # Authentication. # # # This section lists which modules are available for authentication. # Note that it does NOT mean 'try each module in order'. It means # that a module from the 'authorize' section adds a configuration # attribute 'Auth-Type := FOO'. That authentication type is then # used to pick the apropriate module from the list below. # # In general, you SHOULD NOT set the Auth-Type attribute. The server # will figure it out on its own, and will do the right thing. The # most common side effect of erroneously setting the Auth-Type # attribute is that one authentication method will work, but the # others will not. # # The common reasons to set the Auth-Type attribute by hand # is to either forcibly reject the user (Auth-Type := Reject), # or to or forcibly accept the user (Auth-Type := Accept). # # Note that Auth-Type := Accept will NOT work with EAP. # # Please do not put "unlang" configurations into the "authenticate" # section. Put them in the "post-auth" section instead. That's what # the post-auth section is for. # authenticate { # # PAP authentication, when a back-end database listed # in the 'authorize' section supplies a password. The # password can be clear-text, or encrypted. Auth-Type PAP { pap } # # Most people want CHAP authentication # A back-end database listed in the 'authorize' section # MUST supply a CLEAR TEXT password. Encrypted passwords # won't work. Auth-Type CHAP { chap } # # MSCHAP authentication. Auth-Type MS-CHAP { mschap } # # If you have a Cisco SIP server authenticating against # FreeRADIUS, uncomment the following line, and the 'digest' # line in the 'authorize' section. # digest # # Pluggable Authentication Modules. # pam # # See 'man getpwent' for information on how the 'unix' # module checks the users password. Note that packets # containing CHAP-Password attributes CANNOT be authenticated # against /etc/passwd! See the FAQ for details. # # For normal "crypt" authentication, the "pap" module should # be used instead of the "unix" module. The "unix" module should # be used for authentication ONLY for compatibility with legacy # FreeRADIUS configurations. # # unix # Uncomment it if you want to use ldap for authentication # # Note that this means "check plain-text password against # the ldap database", which means that EAP won't work, # as it does not supply a plain-text password. # Auth-Type LDAP { # ldap # } ucsbnetid # # Allow EAP authentication. eap # # The older configurations sent a number of attributes in # Access-Challenge packets, which wasn't strictly correct. # If you want to filter out these attributes, uncomment # the following lines. # # Auth-Type eap { # eap { # handled = 1 # } # if (handled && (Response-Packet-Type == Access-Challenge)) { # attr_filter.access_challenge.post-auth # handled # override the "updated" code from attr_filter # } # } } # # Pre-accounting. Decide which accounting type to use. # preacct { preprocess # # Session start times are *implied* in RADIUS. # The NAS never sends a "start time". Instead, it sends # a start packet, *possibly* with an Acct-Delay-Time. # The server is supposed to conclude that the start time # was "Acct-Delay-Time" seconds in the past. # # The code below creates an explicit start time, which can # then be used in other modules. # # The start time is: NOW - delay - session_length # # update request { # FreeRADIUS-Acct-Session-Start-Time = "%{expr: %l - %{%{Acct-Session-Time}:-0} - %{%{Acct-Delay-Time}:-0}}" # } # # Ensure that we have a semi-unique identifier for every # request, and many NAS boxes are broken. acct_unique # # Look for IPASS-style 'realm/', and if not found, look for # '@realm', and decide whether or not to proxy, based on # that. # # Accounting requests are generally proxied to the same # home server as authentication requests. # IPASS suffix # ntdomain # # Read the 'acct_users' file files } # # Accounting. Log the accounting data. # accounting { # # Create a 'detail'ed log of the packets. # Note that accounting requests which are proxied # are also logged in the detail file. detail # daily # Update the wtmp file # # If you don't use "radlast", you can delete this line. unix # # For Simultaneous-Use tracking. # # Due to packet losses in the network, the data here # may be incorrect. There is little we can do about it. radutmp # sradutmp # Return an address to the IP Pool when we see a stop record. # main_pool # # Log traffic to an SQL database. # # See "Accounting queries" in sql.conf # sql # # If you receive stop packets with zero session length, # they will NOT be logged in the database. The SQL module # will print a message (only in debugging mode), and will # return "noop". # # You can ignore these packets by uncommenting the following # three lines. Otherwise, the server will not respond to the # accounting request, and the NAS will retransmit. # # if (noop) { # ok # } # # Instead of sending the query to the SQL server, # write it into a log file. # # sql_log # Cisco VoIP specific bulk accounting # pgsql-voip # For Exec-Program and Exec-Program-Wait exec # Filter attributes from the accounting response. attr_filter.accounting_response # # See "Autz-Type Status-Server" for how this works. # # Acct-Type Status-Server { # # } } # Session database, used for checking Simultaneous-Use. Either the radutmp # or rlm_sql module can handle this. # The rlm_sql module is *much* faster session { radutmp # # See "Simultaneous Use Checking Queries" in sql.conf # sql } # Post-Authentication # Once we KNOW that the user has been authenticated, there are # additional steps we can take. post-auth { # Get an address from the IP Pool. # main_pool # # If you want to have a log of authentication replies, # un-comment the following line, and the 'detail reply_log' # section, above. # reply_log # # After authenticating the user, do another SQL query. # # See "Authentication Logging Queries" in sql.conf # sql # # Instead of sending the query to the SQL server, # write it into a log file. # # sql_log # # Un-comment the following if you have set # 'edir_account_policy_check = yes' in the ldap module sub-section of # the 'modules' section. # # ldap # For Exec-Program and Exec-Program-Wait exec # # Calculate the various WiMAX keys. In order for this to work, # you will need to define the WiMAX NAI, usually via # # update request { # WiMAX-MN-NAI = "%{User-Name}" # } # # If you want various keys to be calculated, you will need to # update the reply with "template" values. The module will see # this, and replace the template values with the correct ones # taken from the cryptographic calculations. e.g. # # update reply { # WiMAX-FA-RK-Key = 0x00 # WiMAX-MSK = "%{EAP-MSK}" # } # # You may want to delete the MS-MPPE-*-Keys from the reply, # as some WiMAX clients behave badly when those attributes # are included. See "raddb/modules/wimax", configuration # entry "delete_mppe_keys" for more information. # # wimax # If there is a client certificate (EAP-TLS, sometimes PEAP # and TTLS), then some attributes are filled out after the # certificate verification has been performed. These fields # MAY be available during the authentication, or they may be # available only in the "post-auth" section. # # The first set of attributes contains information about the # issuing certificate which is being used. The second # contains information about the client certificate (if # available). # # update reply { # Reply-Message += "%{TLS-Cert-Serial}" # Reply-Message += "%{TLS-Cert-Expiration}" # Reply-Message += "%{TLS-Cert-Subject}" # Reply-Message += "%{TLS-Cert-Issuer}" # Reply-Message += "%{TLS-Cert-Common-Name}" # # Reply-Message += "%{TLS-Client-Cert-Serial}" # Reply-Message += "%{TLS-Client-Cert-Expiration}" # Reply-Message += "%{TLS-Client-Cert-Subject}" # Reply-Message += "%{TLS-Client-Cert-Issuer}" # Reply-Message += "%{TLS-Client-Cert-Common-Name}" # } # If the WiMAX module did it's work, you may want to do more # things here, like delete the MS-MPPE-*-Key attributes. # # if (updated) { # update reply { # MS-MPPE-Recv-Key !* 0x00 # MS-MPPE-Send-Key !* 0x00 # } # } # # Access-Reject packets are sent through the REJECT sub-section of the # post-auth section. # # Add the ldap module name (or instance) if you have set # 'edir_account_policy_check = yes' in the ldap module configuration # Post-Auth-Type REJECT { # log failed authentications in SQL, too. # sql attr_filter.access_reject } } # # When the server decides to proxy a request to a home server, # the proxied request is first passed through the pre-proxy # stage. This stage can re-write the request, or decide to # cancel the proxy. # # Only a few modules currently have this method. # pre-proxy { # attr_rewrite # Uncomment the following line if you want to change attributes # as defined in the preproxy_users file. # files # Uncomment the following line if you want to filter requests # sent to remote servers based on the rules defined in the # 'attrs.pre-proxy' file. # attr_filter.pre-proxy # If you want to have a log of packets proxied to a home # server, un-comment the following line, and the # 'detail pre_proxy_log' section, above. # pre_proxy_log } # # When the server receives a reply to a request it proxied # to a home server, the request may be massaged here, in the # post-proxy stage. # post-proxy { # If you want to have a log of replies from a home server, # un-comment the following line, and the 'detail post_proxy_log' # section, above. # post_proxy_log # attr_rewrite # Uncomment the following line if you want to filter replies from # remote proxies based on the rules defined in the 'attrs' file. # attr_filter.post-proxy # # If you are proxying LEAP, you MUST configure the EAP # module, and you MUST list it here, in the post-proxy # stage. # # You MUST also use the 'nostrip' option in the 'realm' # configuration. Otherwise, the User-Name attribute # in the proxied request will not match the user name # hidden inside of the EAP packet, and the end server will # reject the EAP request. # eap # # If the server tries to proxy a request and fails, then the # request is processed through the modules in this section. # # The main use of this section is to permit robust proxying # of accounting packets. The server can be configured to # proxy accounting packets as part of normal processing. # Then, if the home server goes down, accounting packets can # be logged to a local "detail" file, for processing with # radrelay. When the home server comes back up, radrelay # will read the detail file, and send the packets to the # home server. # # With this configuration, the server always responds to # Accounting-Requests from the NAS, but only writes # accounting packets to disk if the home server is down. # # Post-Proxy-Type Fail { # detail # } } Here is the freeradius debug output: deca:~# freeradius -Xxxx Tue Feb 26 17:45:29 2013 : Info: FreeRADIUS Version 2.1.12, for host x86_64-pc-linux-gnu, built on Dec 16 2012 at 13:28:43 Tue Feb 26 17:45:29 2013 : Info: Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. Tue Feb 26 17:45:29 2013 : Info: There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A Tue Feb 26 17:45:29 2013 : Info: PARTICULAR PURPOSE. Tue Feb 26 17:45:29 2013 : Info: You may redistribute copies of FreeRADIUS under the terms of the Tue Feb 26 17:45:29 2013 : Info: GNU General Public License v2. Tue Feb 26 17:45:29 2013 : Info: Starting - reading configuration files ... Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/radiusd.conf Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/proxy.conf Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/clients.conf Tue Feb 26 17:45:29 2013 : Debug: including files in directory /etc/freeradius/modules/ Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/replicate Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/krb5 Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/etc_group Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/wimax Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/unix Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/cui Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/mac2vlan Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/sql_log Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/sradutmp Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/smbpasswd Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/preprocess Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/otp Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/radutmp Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/exec Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/linelog Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/pam Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/dynamic_clients.dpkg-dist Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/ldap Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/ippool Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/echo Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/ldap.dpkg-dist Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/ntlm_auth Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/checkval Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/realm Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/attr_rewrite Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/expiration Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/counter Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/files Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/mschap Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/logintime Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/expr Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/attr_filter Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/digest Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/passwd Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/smsotp Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/inner-eap Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/always Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/mac2ip Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/redis Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/chap Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/pap Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/detail.log Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/rediswho Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/detail.example.com Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/perl Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/policy Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/detail Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/soh Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/modules/acct_unique Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/eap.conf Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/policy.conf Tue Feb 26 17:45:29 2013 : Debug: including files in directory /etc/freeradius/sites-enabled/ Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/sites-enabled/inner-tunnel Tue Feb 26 17:45:29 2013 : Debug: including configuration file /etc/freeradius/sites-enabled/default Tue Feb 26 17:45:29 2013 : Debug: main { Tue Feb 26 17:45:29 2013 : Debug: user = "root" Tue Feb 26 17:45:29 2013 : Debug: group = "freerad" Tue Feb 26 17:45:29 2013 : Debug: allow_core_dumps = no Tue Feb 26 17:45:29 2013 : Debug: } Tue Feb 26 17:45:29 2013 : Debug: including dictionary file /etc/freeradius/dictionary Tue Feb 26 17:45:29 2013 : Debug: main { Tue Feb 26 17:45:29 2013 : Debug: name = "freeradius" Tue Feb 26 17:45:29 2013 : Debug: prefix = "/usr" Tue Feb 26 17:45:29 2013 : Debug: localstatedir = "/var" Tue Feb 26 17:45:29 2013 : Debug: sbindir = "/usr/sbin" Tue Feb 26 17:45:29 2013 : Debug: logdir = "/var/log/freeradius" Tue Feb 26 17:45:29 2013 : Debug: run_dir = "/var/run/freeradius" Tue Feb 26 17:45:29 2013 : Debug: libdir = "/usr/lib/freeradius" Tue Feb 26 17:45:29 2013 : Debug: radacctdir = "/var/log/freeradius/radacct" Tue Feb 26 17:45:29 2013 : Debug: hostname_lookups = no Tue Feb 26 17:45:29 2013 : Debug: max_request_time = 30 Tue Feb 26 17:45:29 2013 : Debug: cleanup_delay = 5 Tue Feb 26 17:45:29 2013 : Debug: max_requests = 1024 Tue Feb 26 17:45:29 2013 : Debug: pidfile = "/var/run/freeradius/freeradius.pid" Tue Feb 26 17:45:29 2013 : Debug: checkrad = "/usr/sbin/checkrad" Tue Feb 26 17:45:29 2013 : Debug: debug_level = 0 Tue Feb 26 17:45:29 2013 : Debug: proxy_requests = yes Tue Feb 26 17:45:29 2013 : Debug: log { Tue Feb 26 17:45:29 2013 : Debug: stripped_names = no Tue Feb 26 17:45:29 2013 : Debug: auth = yes Tue Feb 26 17:45:29 2013 : Debug: auth_badpass = yes Tue Feb 26 17:45:29 2013 : Debug: auth_goodpass = no Tue Feb 26 17:45:29 2013 : Debug: } Tue Feb 26 17:45:29 2013 : Debug: security { Tue Feb 26 17:45:29 2013 : Debug: max_attributes = 200 Tue Feb 26 17:45:29 2013 : Debug: reject_delay = 1 Tue Feb 26 17:45:29 2013 : Debug: status_server = yes Tue Feb 26 17:45:29 2013 : Debug: } Tue Feb 26 17:45:29 2013 : Debug: } Tue Feb 26 17:45:29 2013 : Debug: radiusd: #### Loading Realms and Home Servers #### Tue Feb 26 17:45:29 2013 : Debug: proxy server { Tue Feb 26 17:45:29 2013 : Debug: retry_delay = 5 Tue Feb 26 17:45:29 2013 : Debug: retry_count = 3 Tue Feb 26 17:45:29 2013 : Debug: default_fallback = no Tue Feb 26 17:45:29 2013 : Debug: dead_time = 120 Tue Feb 26 17:45:29 2013 : Debug: wake_all_if_all_dead = no Tue Feb 26 17:45:29 2013 : Debug: } Tue Feb 26 17:45:29 2013 : Debug: home_server localhost { Tue Feb 26 17:45:29 2013 : Debug: ipaddr = 127.0.0.1 Tue Feb 26 17:45:29 2013 : Debug: port = 1812 Tue Feb 26 17:45:29 2013 : Debug: type = "auth" Tue Feb 26 17:45:29 2013 : Debug: secret = "******" Tue Feb 26 17:45:29 2013 : Debug: response_window = 20 Tue Feb 26 17:45:29 2013 : Debug: max_outstanding = 65536 Tue Feb 26 17:45:29 2013 : Debug: require_message_authenticator = no Tue Feb 26 17:45:29 2013 : Debug: zombie_period = 40 Tue Feb 26 17:45:29 2013 : Debug: status_check = "status-server" Tue Feb 26 17:45:29 2013 : Debug: ping_interval = 30 Tue Feb 26 17:45:29 2013 : Debug: check_interval = 30 Tue Feb 26 17:45:29 2013 : Debug: num_answers_to_alive = 3 Tue Feb 26 17:45:29 2013 : Debug: num_pings_to_alive = 3 Tue Feb 26 17:45:29 2013 : Debug: revive_interval = 120 Tue Feb 26 17:45:29 2013 : Debug: status_check_timeout = 4 Tue Feb 26 17:45:29 2013 : Debug: coa { Tue Feb 26 17:45:29 2013 : Debug: irt = 2 Tue Feb 26 17:45:29 2013 : Debug: mrt = 16 Tue Feb 26 17:45:29 2013 : Debug: mrc = 5 Tue Feb 26 17:45:29 2013 : Debug: mrd = 30 Tue Feb 26 17:45:29 2013 : Debug: } Tue Feb 26 17:45:29 2013 : Debug: } Tue Feb 26 17:45:29 2013 : Debug: home_server_pool my_auth_failover { Tue Feb 26 17:45:29 2013 : Debug: type = fail-over Tue Feb 26 17:45:29 2013 : Debug: home_server = localhost Tue Feb 26 17:45:29 2013 : Debug: } Tue Feb 26 17:45:29 2013 : Debug: realm example.com { Tue Feb 26 17:45:29 2013 : Debug: auth_pool = my_auth_failover Tue Feb 26 17:45:29 2013 : Debug: } Tue Feb 26 17:45:29 2013 : Debug: realm LOCAL { Tue Feb 26 17:45:29 2013 : Debug: } Tue Feb 26 17:45:29 2013 : Debug: radiusd: #### Loading Clients #### Tue Feb 26 17:45:29 2013 : Debug: client localhost { Tue Feb 26 17:45:29 2013 : Debug: ipaddr = 127.0.0.1 Tue Feb 26 17:45:29 2013 : Debug: require_message_authenticator = no Tue Feb 26 17:45:29 2013 : Debug: secret = "*****" Tue Feb 26 17:45:29 2013 : Debug: nastype = "other" Tue Feb 26 17:45:29 2013 : Debug: } Tue Feb 26 17:45:29 2013 : Debug: client 10.0.10.0/24 { Tue Feb 26 17:45:29 2013 : Debug: require_message_authenticator = no Tue Feb 26 17:45:29 2013 : Debug: secret = "******" Tue Feb 26 17:45:29 2013 : Debug: shortname = "wireless" Tue Feb 26 17:45:29 2013 : Debug: } Tue Feb 26 17:45:29 2013 : Debug: radiusd: #### Instantiating modules #### Tue Feb 26 17:45:29 2013 : Debug: instantiate { Tue Feb 26 17:45:29 2013 : Debug: (Loaded rlm_exec, checking if it's valid) Tue Feb 26 17:45:29 2013 : Debug: Module: Linked to module rlm_exec Tue Feb 26 17:45:29 2013 : Debug: Module: Instantiating module "exec" from file /etc/freeradius/modules/exec Tue Feb 26 17:45:29 2013 : Debug: exec { Tue Feb 26 17:45:29 2013 : Debug: wait = no Tue Feb 26 17:45:29 2013 : Debug: input_pairs = "request" Tue Feb 26 17:45:29 2013 : Debug: shell_escape = yes Tue Feb 26 17:45:29 2013 : Debug: } Tue Feb 26 17:45:29 2013 : Debug: (Loaded rlm_expr, checking if it's valid) Tue Feb 26 17:45:29 2013 : Debug: Module: Linked to module rlm_expr Tue Feb 26 17:45:29 2013 : Debug: Module: Instantiating module "expr" from file /etc/freeradius/modules/expr Tue Feb 26 17:45:29 2013 : Debug: (Loaded rlm_expiration, checking if it's valid) Tue Feb 26 17:45:29 2013 : Debug: Module: Linked to module rlm_expiration Tue Feb 26 17:45:29 2013 : Debug: Module: Instantiating module "expiration" from file /etc/freeradius/modules/expiration Tue Feb 26 17:45:29 2013 : Debug: expiration { Tue Feb 26 17:45:29 2013 : Debug: reply-message = "Password Has Expired " Tue Feb 26 17:45:29 2013 : Debug: } Tue Feb 26 17:45:29 2013 : Debug: (Loaded rlm_logintime, checking if it's valid) Tue Feb 26 17:45:29 2013 : Debug: Module: Linked to module rlm_logintime Tue Feb 26 17:45:29 2013 : Debug: Module: Instantiating module "logintime" from file /etc/freeradius/modules/logintime Tue Feb 26 17:45:29 2013 : Debug: logintime { Tue Feb 26 17:45:29 2013 : Debug: reply-message = "You are calling outside your allowed timespan " Tue Feb 26 17:45:29 2013 : Debug: minimum-timeout = 60 Tue Feb 26 17:45:29 2013 : Debug: } Tue Feb 26 17:45:29 2013 : Debug: } Tue Feb 26 17:45:29 2013 : Debug: radiusd: #### Loading Virtual Servers #### Tue Feb 26 17:45:29 2013 : Debug: server { # from file /etc/freeradius/radiusd.conf Tue Feb 26 17:45:29 2013 : Debug: modules { Tue Feb 26 17:45:29 2013 : Debug: Module: Creating Auth-Type = ucsbnetid Tue Feb 26 17:45:29 2013 : Debug: Module: Creating Post-Auth-Type = REJECT Tue Feb 26 17:45:29 2013 : Debug: Module: Checking authenticate {...} for more modules to load Tue Feb 26 17:45:29 2013 : Debug: (Loaded rlm_pap, checking if it's valid) Tue Feb 26 17:45:29 2013 : Debug: Module: Linked to module rlm_pap Tue Feb 26 17:45:29 2013 : Debug: Module: Instantiating module "pap" from file /etc/freeradius/modules/pap Tue Feb 26 17:45:29 2013 : Debug: pap { Tue Feb 26 17:45:29 2013 : Debug: encryption_scheme = "auto" Tue Feb 26 17:45:29 2013 : Debug: auto_header = no Tue Feb 26 17:45:29 2013 : Debug: } Tue Feb 26 17:45:29 2013 : Debug: (Loaded rlm_chap, checking if it's valid) Tue Feb 26 17:45:29 2013 : Debug: Module: Linked to module rlm_chap Tue Feb 26 17:45:29 2013 : Debug: Module: Instantiating module "chap" from file /etc/freeradius/modules/chap Tue Feb 26 17:45:29 2013 : Debug: (Loaded rlm_mschap, checking if it's valid) Tue Feb 26 17:45:29 2013 : Debug: Module: Linked to module rlm_mschap Tue Feb 26 17:45:29 2013 : Debug: Module: Instantiating module "mschap" from file /etc/freeradius/modules/mschap Tue Feb 26 17:45:29 2013 : Debug: mschap { Tue Feb 26 17:45:29 2013 : Debug: use_mppe = yes Tue Feb 26 17:45:29 2013 : Debug: require_encryption = no Tue Feb 26 17:45:29 2013 : Debug: require_strong = no Tue Feb 26 17:45:29 2013 : Debug: with_ntdomain_hack = no Tue Feb 26 17:45:29 2013 : Debug: allow_retry = yes Tue Feb 26 17:45:29 2013 : Debug: } Tue Feb 26 17:45:29 2013 : Debug: (Loaded rlm_ldap, checking if it's valid) Tue Feb 26 17:45:29 2013 : Debug: Module: Linked to module rlm_ldap Tue Feb 26 17:45:29 2013 : Debug: Module: Instantiating module "ucsbnetid" from file /etc/freeradius/modules/ldap Tue Feb 26 17:45:29 2013 : Debug: ldap ucsbnetid { Tue Feb 26 17:45:29 2013 : Debug: server = "directory.ucsb.edu" Tue Feb 26 17:45:29 2013 : Debug: port = 389 Tue Feb 26 17:45:29 2013 : Debug: password = "******" Tue Feb 26 17:45:29 2013 : Debug: identity = "uid=chemrad,o=ucsb" Tue Feb 26 17:45:29 2013 : Debug: net_timeout = 1 Tue Feb 26 17:45:29 2013 : Debug: timeout = 4 Tue Feb 26 17:45:29 2013 : Debug: timelimit = 3 Tue Feb 26 17:45:29 2013 : Debug: tls_mode = no Tue Feb 26 17:45:29 2013 : Debug: start_tls = no Tue Feb 26 17:45:29 2013 : Debug: tls_require_cert = "allow" Tue Feb 26 17:45:29 2013 : Debug: tls { Tue Feb 26 17:45:29 2013 : Debug: start_tls = no Tue Feb 26 17:45:29 2013 : Debug: require_cert = "allow" Tue Feb 26 17:45:29 2013 : Debug: } Tue Feb 26 17:45:29 2013 : Debug: basedn = "o=ucsb" Tue Feb 26 17:45:29 2013 : Debug: filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})" Tue Feb 26 17:45:29 2013 : Debug: base_filter = "(objectclass=ucsbperson)" Tue Feb 26 17:45:29 2013 : Debug: auto_header = no Tue Feb 26 17:45:29 2013 : Debug: access_attr_used_for_allow = yes Tue Feb 26 17:45:29 2013 : Debug: groupname_attribute = "cn" Tue Feb 26 17:45:29 2013 : Debug: groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))" Tue Feb 26 17:45:29 2013 : Debug: dictionary_mapping = "/etc/freeradius/ldap.attrmap" Tue Feb 26 17:45:29 2013 : Debug: ldap_debug = 0 Tue Feb 26 17:45:29 2013 : Debug: ldap_connections_number = 5 Tue Feb 26 17:45:29 2013 : Debug: compare_check_items = no Tue Feb 26 17:45:29 2013 : Debug: do_xlat = yes Tue Feb 26 17:45:29 2013 : Debug: edir_account_policy_check = no Tue Feb 26 17:45:29 2013 : Debug: set_auth_type = yes Tue Feb 26 17:45:29 2013 : Debug: } Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: Registering ldap_groupcmp for Ldap-Group Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: Creating new attribute ucsbnetid-Ldap-Group Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: Registering ldap_groupcmp for ucsbnetid-Ldap-Group Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: Registering ldap_xlat with xlat_name ucsbnetid Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP radiusClass mapped to RADIUS Class Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type Tue Feb 26 17:45:29 2013 : Debug: rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-Group-Id Tue Feb 26 17:45:29 2013 : Debug: conns: 0x1180af0 Tue Feb 26 17:45:29 2013 : Debug: (Loaded rlm_eap, checking if it's valid) Tue Feb 26 17:45:29 2013 : Debug: Module: Linked to module rlm_eap Tue Feb 26 17:45:29 2013 : Debug: Module: Instantiating module "eap" from file /etc/freeradius/eap.conf Tue Feb 26 17:45:29 2013 : Debug: eap { Tue Feb 26 17:45:29 2013 : Debug: default_eap_type = "md5" Tue Feb 26 17:45:29 2013 : Debug: timer_expire = 60 Tue Feb 26 17:45:29 2013 : Debug: ignore_unknown_eap_types = no Tue Feb 26 17:45:29 2013 : Debug: cisco_accounting_username_bug = no Tue Feb 26 17:45:29 2013 : Debug: max_sessions = 4096 Tue Feb 26 17:45:29 2013 : Debug: } Tue Feb 26 17:45:29 2013 : Debug: Module: Linked to sub-module rlm_eap_md5 Tue Feb 26 17:45:29 2013 : Debug: Module: Instantiating eap-md5 Tue Feb 26 17:45:29 2013 : Debug: Module: Linked to sub-module rlm_eap_leap Tue Feb 26 17:45:29 2013 : Debug: Module: Instantiating eap-leap Tue Feb 26 17:45:29 2013 : Debug: Module: Linked to sub-module rlm_eap_gtc Tue Feb 26 17:45:29 2013 : Debug: Module: Instantiating eap-gtc Tue Feb 26 17:45:29 2013 : Debug: gtc { Tue Feb 26 17:45:29 2013 : Debug: challenge = "Password: " Tue Feb 26 17:45:29 2013 : Debug: auth_type = "PAP" Tue Feb 26 17:45:29 2013 : Debug: } Tue Feb 26 17:45:29 2013 : Debug: Module: Linked to sub-module rlm_eap_tls Tue Feb 26 17:45:29 2013 : Debug: Module: Instantiating eap-tls Tue Feb 26 17:45:29 2013 : Debug: tls { Tue Feb 26 17:45:29 2013 : Debug: rsa_key_exchange = no Tue Feb 26 17:45:29 2013 : Debug: dh_key_exchange = yes Tue Feb 26 17:45:29 2013 : Debug: rsa_key_length = 512 Tue Feb 26 17:45:29 2013 : Debug: dh_key_length = 512 Tue Feb 26 17:45:29 2013 : Debug: verify_depth = 0 Tue Feb 26 17:45:29 2013 : Debug: CA_path = "/etc/freeradius/certs" Tue Feb 26 17:45:29 2013 : Debug: pem_file_type = yes Tue Feb 26 17:45:29 2013 : Debug: private_key_file = "/etc/ssl/private/server.key" Tue Feb 26 17:45:29 2013 : Debug: certificate_file = "/etc/ssl/certs/server.cert.pem" Tue Feb 26 17:45:29 2013 : Debug: CA_file = "/etc/ssl/certs/server-ca.crt" Tue Feb 26 17:45:29 2013 : Debug: private_key_password = "****" Tue Feb 26 17:45:29 2013 : Debug: dh_file = "/etc/freeradius/certs/dh" Tue Feb 26 17:45:29 2013 : Debug: random_file = "/dev/urandom" Tue Feb 26 17:45:29 2013 : Debug: fragment_size = 1024 Tue Feb 26 17:45:29 2013 : Debug: include_length = yes Tue Feb 26 17:45:29 2013 : Debug: check_crl = no Tue Feb 26 17:45:29 2013 : Debug: cipher_list = "DEFAULT" Tue Feb 26 17:45:29 2013 : Debug: make_cert_command = "/etc/freeradius/certs/bootstrap" Tue Feb 26 17:45:29 2013 : Debug: ecdh_curve = "prime256v1" Tue Feb 26 17:45:29 2013 : Debug: cache { Tue Feb 26 17:45:29 2013 : Debug: enable = no Tue Feb 26 17:45:29 2013 : Debug: lifetime = 24 Tue Feb 26 17:45:29 2013 : Debug: max_entries = 255 Tue Feb 26 17:45:29 2013 : Debug: } Tue Feb 26 17:45:29 2013 : Debug: verify { Tue Feb 26 17:45:29 2013 : Debug: } Tue Feb 26 17:45:29 2013 : Debug: } Tue Feb 26 17:45:29 2013 : Debug: Module: Linked to sub-module rlm_eap_ttls Tue Feb 26 17:45:29 2013 : Debug: Module: Instantiating eap-ttls Tue Feb 26 17:45:29 2013 : Debug: ttls { Tue Feb 26 17:45:29 2013 : Debug: default_eap_type = "md5" Tue Feb 26 17:45:29 2013 : Debug: copy_request_to_tunnel = no Tue Feb 26 17:45:29 2013 : Debug: use_tunneled_reply = no Tue Feb 26 17:45:29 2013 : Debug: virtual_server = "inner-tunnel" Tue Feb 26 17:45:29 2013 : Debug: include_length = yes Tue Feb 26 17:45:29 2013 : Debug: } Tue Feb 26 17:45:29 2013 : Debug: Module: Linked to sub-module rlm_eap_peap Tue Feb 26 17:45:29 2013 : Debug: Module: Instantiating eap-peap Tue Feb 26 17:45:29 2013 : Debug: peap { Tue Feb 26 17:45:29 2013 : Debug: default_eap_type = "mschapv2" Tue Feb 26 17:45:29 2013 : Debug: copy_request_to_tunnel = no Tue Feb 26 17:45:29 2013 : Debug: use_tunneled_reply = no Tue Feb 26 17:45:29 2013 : Debug: proxy_tunneled_request_as_eap = yes Tue Feb 26 17:45:29 2013 : Debug: virtual_server = "inner-tunnel" Tue Feb 26 17:45:29 2013 : Debug: soh = no Tue Feb 26 17:45:29 2013 : Debug: } Tue Feb 26 17:45:29 2013 : Debug: Module: Linked to sub-module rlm_eap_mschapv2 Tue Feb 26 17:45:29 2013 : Debug: Module: Instantiating eap-mschapv2 Tue Feb 26 17:45:29 2013 : Debug: mschapv2 { Tue Feb 26 17:45:29 2013 : Debug: with_ntdomain_hack = no Tue Feb 26 17:45:29 2013 : Debug: send_error = no Tue Feb 26 17:45:29 2013 : Debug: } Tue Feb 26 17:45:29 2013 : Debug: Module: Checking authorize {...} for more modules to load Tue Feb 26 17:45:29 2013 : Debug: (Loaded rlm_preprocess, checking if it's valid) Tue Feb 26 17:45:29 2013 : Debug: Module: Linked to module rlm_preprocess Tue Feb 26 17:45:29 2013 : Debug: Module: Instantiating module "preprocess" from file /etc/freeradius/modules/preprocess Tue Feb 26 17:45:29 2013 : Debug: preprocess { Tue Feb 26 17:45:29 2013 : Debug: huntgroups = "/etc/freeradius/huntgroups" Tue Feb 26 17:45:29 2013 : Debug: hints = "/etc/freeradius/hints" Tue Feb 26 17:45:29 2013 : Debug: with_ascend_hack = no Tue Feb 26 17:45:29 2013 : Debug: ascend_channels_per_line = 23 Tue Feb 26 17:45:29 2013 : Debug: with_ntdomain_hack = no Tue Feb 26 17:45:29 2013 : Debug: with_specialix_jetstream_hack = no Tue Feb 26 17:45:29 2013 : Debug: with_cisco_vsa_hack = no Tue Feb 26 17:45:29 2013 : Debug: with_alvarion_vsa_hack = no Tue Feb 26 17:45:29 2013 : Debug: } Tue Feb 26 17:45:29 2013 : Debug: (Loaded rlm_realm, checking if it's valid) Tue Feb 26 17:45:29 2013 : Debug: Module: Linked to module rlm_realm Tue Feb 26 17:45:29 2013 : Debug: Module: Instantiating module "suffix" from file /etc/freeradius/modules/realm Tue Feb 26 17:45:29 2013 : Debug: realm suffix { Tue Feb 26 17:45:29 2013 : Debug: format = "suffix" Tue Feb 26 17:45:29 2013 : Debug: delimiter = "@" Tue Feb 26 17:45:29 2013 : Debug: ignore_default = no Tue Feb 26 17:45:29 2013 : Debug: ignore_null = no Tue Feb 26 17:45:29 2013 : Debug: } Tue Feb 26 17:45:29 2013 : Debug: (Loaded rlm_files, checking if it's valid) Tue Feb 26 17:45:29 2013 : Debug: Module: Linked to module rlm_files Tue Feb 26 17:45:29 2013 : Debug: Module: Instantiating module "files" from file /etc/freeradius/modules/files Tue Feb 26 17:45:29 2013 : Debug: files { Tue Feb 26 17:45:29 2013 : Debug: usersfile = "/etc/freeradius/users" Tue Feb 26 17:45:29 2013 : Debug: acctusersfile = "/etc/freeradius/acct_users" Tue Feb 26 17:45:29 2013 : Debug: preproxy_usersfile = "/etc/freeradius/preproxy_users" Tue Feb 26 17:45:29 2013 : Debug: compat = "no" Tue Feb 26 17:45:29 2013 : Debug: } Tue Feb 26 17:45:29 2013 : Debug: (Loaded rlm_passwd, checking if it's valid) Tue Feb 26 17:45:29 2013 : Debug: Module: Linked to module rlm_passwd Tue Feb 26 17:45:29 2013 : Debug: Module: Instantiating module "smbpasswd" from file /etc/freeradius/modules/smbpasswd Tue Feb 26 17:45:29 2013 : Debug: passwd smbpasswd { Tue Feb 26 17:45:29 2013 : Debug: filename = "/home/smbpasswd" Tue Feb 26 17:45:29 2013 : Debug: format = "*User-Name::LM-Password:NT-Password:SMB-Account-CTRL-TEXT::" Tue Feb 26 17:45:29 2013 : Debug: delimiter = ":" Tue Feb 26 17:45:29 2013 : Debug: ignorenislike = no Tue Feb 26 17:45:29 2013 : Debug: ignoreempty = yes Tue Feb 26 17:45:29 2013 : Debug: allowmultiplekeys = no Tue Feb 26 17:45:29 2013 : Debug: hashsize = 100 Tue Feb 26 17:45:29 2013 : Debug: } Tue Feb 26 17:45:29 2013 : Debug: rlm_passwd: nfields: 7 keyfield 0(User-Name) listable: no Tue Feb 26 17:45:29 2013 : Debug: Module: Checking preacct {...} for more modules to load Tue Feb 26 17:45:29 2013 : Debug: (Loaded rlm_acct_unique, checking if it's valid) Tue Feb 26 17:45:29 2013 : Debug: Module: Linked to module rlm_acct_unique Tue Feb 26 17:45:29 2013 : Debug: Module: Instantiating module "acct_unique" from file /etc/freeradius/modules/acct_unique Tue Feb 26 17:45:29 2013 : Debug: acct_unique { Tue Feb 26 17:45:29 2013 : Debug: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Tue Feb 26 17:45:29 2013 : Debug: } Tue Feb 26 17:45:29 2013 : Debug: Module: Checking accounting {...} for more modules to load Tue Feb 26 17:45:29 2013 : Debug: (Loaded rlm_detail, checking if it's valid) Tue Feb 26 17:45:29 2013 : Debug: Module: Linked to module rlm_detail Tue Feb 26 17:45:29 2013 : Debug: Module: Instantiating module "detail" from file /etc/freeradius/modules/detail Tue Feb 26 17:45:29 2013 : Debug: detail { Tue Feb 26 17:45:29 2013 : Debug: detailfile = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" Tue Feb 26 17:45:29 2013 : Debug: header = "%t" Tue Feb 26 17:45:29 2013 : Debug: detailperm = 384 Tue Feb 26 17:45:29 2013 : Debug: dirperm = 493 Tue Feb 26 17:45:29 2013 : Debug: locking = no Tue Feb 26 17:45:29 2013 : Debug: log_packet_header = no Tue Feb 26 17:45:29 2013 : Debug: } Tue Feb 26 17:45:29 2013 : Debug: (Loaded rlm_unix, checking if it's valid) Tue Feb 26 17:45:29 2013 : Debug: Module: Linked to module rlm_unix Tue Feb 26 17:45:29 2013 : Debug: Module: Instantiating module "unix" from file /etc/freeradius/modules/unix Tue Feb 26 17:45:29 2013 : Debug: unix { Tue Feb 26 17:45:29 2013 : Debug: radwtmp = "/var/log/freeradius/radwtmp" Tue Feb 26 17:45:29 2013 : Debug: } Tue Feb 26 17:45:29 2013 : Debug: (Loaded rlm_radutmp, checking if it's valid) Tue Feb 26 17:45:29 2013 : Debug: Module: Linked to module rlm_radutmp Tue Feb 26 17:45:29 2013 : Debug: Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutmp Tue Feb 26 17:45:29 2013 : Debug: radutmp { Tue Feb 26 17:45:29 2013 : Debug: filename = "/var/log/freeradius/radutmp" Tue Feb 26 17:45:29 2013 : Debug: username = "%{User-Name}" Tue Feb 26 17:45:29 2013 : Debug: case_sensitive = yes Tue Feb 26 17:45:29 2013 : Debug: check_with_nas = yes Tue Feb 26 17:45:29 2013 : Debug: perm = 384 Tue Feb 26 17:45:29 2013 : Debug: callerid = yes Tue Feb 26 17:45:29 2013 : Debug: } Tue Feb 26 17:45:29 2013 : Debug: (Loaded rlm_attr_filter, checking if it's valid) Tue Feb 26 17:45:29 2013 : Debug: Module: Linked to module rlm_attr_filter Tue Feb 26 17:45:29 2013 : Debug: Module: Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/modules/attr_filter Tue Feb 26 17:45:29 2013 : Debug: attr_filter attr_filter.accounting_response { Tue Feb 26 17:45:29 2013 : Debug: attrsfile = "/etc/freeradius/attrs.accounting_response" Tue Feb 26 17:45:29 2013 : Debug: key = "%{User-Name}" Tue Feb 26 17:45:29 2013 : Debug: relaxed = no Tue Feb 26 17:45:29 2013 : Debug: } Tue Feb 26 17:45:29 2013 : Debug: Module: Checking session {...} for more modules to load Tue Feb 26 17:45:29 2013 : Debug: Module: Checking post-proxy {...} for more modules to load Tue Feb 26 17:45:29 2013 : Debug: Module: Checking post-auth {...} for more modules to load Tue Feb 26 17:45:29 2013 : Debug: Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/modules/attr_filter Tue Feb 26 17:45:29 2013 : Debug: attr_filter attr_filter.access_reject { Tue Feb 26 17:45:29 2013 : Debug: attrsfile = "/etc/freeradius/attrs.access_reject" Tue Feb 26 17:45:29 2013 : Debug: key = "%{User-Name}" Tue Feb 26 17:45:29 2013 : Debug: relaxed = no Tue Feb 26 17:45:29 2013 : Debug: } Tue Feb 26 17:45:29 2013 : Debug: } # modules Tue Feb 26 17:45:29 2013 : Debug: } # server Tue Feb 26 17:45:29 2013 : Debug: server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel Tue Feb 26 17:45:29 2013 : Debug: modules { Tue Feb 26 17:45:29 2013 : Debug: Module: Checking authenticate {...} for more modules to load Tue Feb 26 17:45:29 2013 : Debug: Module: Checking authorize {...} for more modules to load Tue Feb 26 17:45:29 2013 : Debug: Module: Checking session {...} for more modules to load Tue Feb 26 17:45:29 2013 : Debug: Module: Checking post-proxy {...} for more modules to load Tue Feb 26 17:45:29 2013 : Debug: Module: Checking post-auth {...} for more modules to load Tue Feb 26 17:45:29 2013 : Debug: } # modules Tue Feb 26 17:45:29 2013 : Debug: } # server Tue Feb 26 17:45:29 2013 : Debug: radiusd: #### Opening IP addresses and Ports #### Tue Feb 26 17:45:29 2013 : Debug: listen { Tue Feb 26 17:45:29 2013 : Debug: type = "auth" Tue Feb 26 17:45:29 2013 : Debug: ipaddr = * Tue Feb 26 17:45:29 2013 : Debug: port = 0 Tue Feb 26 17:45:29 2013 : Debug: } Tue Feb 26 17:45:29 2013 : Debug: listen { Tue Feb 26 17:45:29 2013 : Debug: type = "acct" Tue Feb 26 17:45:29 2013 : Debug: ipaddr = * Tue Feb 26 17:45:29 2013 : Debug: port = 0 Tue Feb 26 17:45:29 2013 : Debug: } Tue Feb 26 17:45:29 2013 : Debug: listen { Tue Feb 26 17:45:29 2013 : Debug: type = "auth" Tue Feb 26 17:45:29 2013 : Debug: ipaddr = 127.0.0.1 Tue Feb 26 17:45:29 2013 : Debug: port = 18120 Tue Feb 26 17:45:29 2013 : Debug: } Tue Feb 26 17:45:29 2013 : Info: ... adding new socket proxy address * port 44073 Tue Feb 26 17:45:29 2013 : Debug: Listening on authentication address * port 1812 Tue Feb 26 17:45:29 2013 : Debug: Listening on accounting address * port 1813 Tue Feb 26 17:45:29 2013 : Debug: Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Tue Feb 26 17:45:29 2013 : Debug: Listening on proxy address * port 1814 Tue Feb 26 17:45:29 2013 : Info: Ready to process requests. rad_recv: Access-Request packet from host 10.0.10.200 port 32775, id=148, length=242 Acct-Session-Id = "309aa422" NAS-Port = 4 NAS-Port-Type = Wireless-802.11 User-Name = "gcampbell" Calling-Station-Id = "5C-0A-5B-7D-9C-DA" Called-Station-Id = "00-24-A8-9A-34-10" EAP-Message = 0x02d0000e016763616d7062656c6c NAS-Identifier = "chembiochem" NAS-IP-Address = 172.107.0.1 Framed-MTU = 1496 Connect-Info = "IEEE802.1X" Framed-Protocol = PPP Service-Type = Framed-User Colubris-AVPair = "ssid=ChemBiochemMobile" Colubris-AVPair = "group=Default Group" Colubris-AVPair = "vsc-unique-id=5" Message-Authenticator = 0xa1ea5c222b3927ebc2eb7b81d3afdf42 Tue Feb 26 17:45:30 2013 : Info: # Executing section authorize from file /etc/freeradius/sites-enabled/default Tue Feb 26 17:45:30 2013 : Info: +- entering group authorize {...} Segmentation fault Here is the ldconfig -v output: deca:~# ldconfig -v ldconfig: Path `/lib/x86_64-linux-gnu' given more than once ldconfig: Path `/usr/lib/x86_64-linux-gnu' given more than once /usr/local/lib: /lib/x86_64-linux-gnu: libgcc_s.so.1 -> libgcc_s.so.1 libreadline.so.6 -> libreadline.so.6.2 libprocps.so.0 -> libprocps.so.0.0.1 libnss_files.so.2 -> libnss_files-2.13.so libnss_nis.so.2 -> libnss_nis-2.13.so libpamc.so.0 -> libpamc.so.0.82.1 libcom_err.so.2 -> libcom_err.so.2.1 libncurses.so.5 -> libncurses.so.5.9 libsystemd-login.so.0 -> libsystemd-login.so.0.2.1 libcidn.so.1 -> libcidn-2.13.so libgssglue.so.1 -> libgssglue.so.1.0.0 libbz2.so.1.0 -> libbz2.so.1.0.4 ld-linux-x86-64.so.2 -> ld-2.13.so libpam_misc.so.0 -> libpam_misc.so.0.82.0 libSegFault.so -> libSegFault.so libc.so.6 -> libc-2.13.so libsysfs.so.2 -> libsysfs.so.2.0.1 libBrokenLocale.so.1 -> libBrokenLocale-2.13.so libtirpc.so.1 -> libtirpc.so.1.0.10 libsepol.so.1 -> libsepol.so.1 libreadline.so.5 -> libreadline.so.5.2 libselinux.so.1 -> libselinux.so.1 libcap.so.2 -> libcap.so.2.22 libdbus-1.so.3 -> libdbus-1.so.3.7.2 libnss_nisplus.so.2 -> libnss_nisplus-2.13.so libdl.so.2 -> libdl-2.13.so librt.so.1 -> librt-2.13.so libkeyutils.so.1 -> libkeyutils.so.1.4 libmemusage.so -> libmemusage.so libncursesw.so.5 -> libncursesw.so.5.9 libmount.so.1 -> libmount.so.1.1.0 libulockmgr.so.1 -> libulockmgr.so.1.0.1 libz.so.1 -> libz.so.1.2.7 libanl.so.1 -> libanl-2.13.so liblzma.so.5 -> liblzma.so.5.0.0 libslang.so.2 -> libslang.so.2.2.4 libpci.so.3 -> libpci.so.3.1.9 libuuid.so.1 -> libuuid.so.1.3.0 libgcrypt.so.11 -> libgcrypt.so.11.7.0 libext2fs.so.2 -> libext2fs.so.2.4 libutil.so.1 -> libutil-2.13.so libe2p.so.2 -> libe2p.so.2.3 libhistory.so.6 -> libhistory.so.6.2 libtinfo.so.5 -> libtinfo.so.5.9 libcrypt.so.1 -> libcrypt-2.13.so libacl.so.1 -> libacl.so.1.1.0 libnl-3.so.200 -> libnl-3.so.200.5.2 libblkid.so.1 -> libblkid.so.1.1.0 libudev.so.0 -> libudev.so.0.13.0 libnss_hesiod.so.2 -> libnss_hesiod-2.13.so libss.so.2 -> libss.so.2.0 libdevmapper-event.so.1.02.1 -> libdevmapper-event.so.1.02.1 libnfsidmap.so.0 -> libnfsidmap.so.0.3.0 libnss_compat.so.2 -> libnss_compat-2.13.so libdevmapper.so.1.02.1 -> libdevmapper.so.1.02.1 libbsd.so.0 -> libbsd.so.0.4.2 libusb-1.0.so.0 -> libusb-1.0.so.0.1.0 libm.so.6 -> libm-2.13.so libnsl.so.1 -> libnsl-2.13.so libglib-2.0.so.0 -> libglib-2.0.so.0.3200.4 libthread_db.so.1 -> libthread_db-1.0.so libpng12.so.0 -> libpng12.so.0.49.0 libpthread.so.0 -> libpthread-2.13.so libnl-genl-3.so.200 -> libnl-genl-3.so.200.5.2 libatm.so.1 -> libatm.so.1.0.0 libnss_dns.so.2 -> libnss_dns-2.13.so libkmod.so.2 -> libkmod.so.2.1.3 libfuse.so.2 -> libfuse.so.2.9.0 libexpat.so.1 -> libexpat.so.1.6.0 libwrap.so.0 -> libwrap.so.0.7.6 libgpg-error.so.0 -> libgpg-error.so.0.8.0 libpcre.so.3 -> libpcre.so.3.13.1 libpopt.so.0 -> libpopt.so.0.0.0 libusb-0.1.so.4 -> libusb-0.1.so.4.4.4 libattr.so.1 -> libattr.so.1.1.0 libpcprofile.so -> libpcprofile.so libhistory.so.5 -> libhistory.so.5.2 libresolv.so.2 -> libresolv-2.13.so libpam.so.0 -> libpam.so.0.83.0 /usr/lib/x86_64-linux-gnu: libxcb-util.so.0 -> libxcb-util.so.0.0.0 libxcb-render-util.so.0 -> libxcb-render-util.so.0.0.0 libmpc.so.2 -> libmpc.so.2.0.0 libX11-xcb.so.1 -> libX11-xcb.so.1.0.0 libescpr.so.1 -> libescpr.so.1.0.0 libdbus-glib-1.so.2 -> libdbus-glib-1.so.2.2.2 libcupsdriver.so.1 -> libcupsdriver.so.1 libquadmath.so.0 -> libquadmath.so.0.0.0 libXmuu.so.1 -> libXmuu.so.1.0.0 libsoftokn3.so -> libsoftokn3.so libgutenprint.so.2 -> libgutenprint.so.2.1.0 libplds4.so -> libplds4.so.0d libwbclient.so.0 -> libwbclient.so.0 libnssdbm3.so -> libnssdbm3.so libgdk_pixbuf-2.0.so.0 -> libgdk_pixbuf-2.0.so.0.2600.1 libgdk_pixbuf_xlib-2.0.so.0 -> libgdk_pixbuf_xlib-2.0.so.0.2600.1 libnssckbi.so -> libnssckbi.so libgnome-keyring.so.0 -> libgnome-keyring.so.0.2.0 libgconf-2.so.4 -> libgconf-2.so.4.1.5 libitm.so.1 -> libitm.so.1.0.0 libXrandr.so.2 -> libXrandr.so.2.2.0 libXinerama.so.1 -> libXinerama.so.1.0.0 libXaw.so.7 -> libXaw7.so.7.0.0 libnss3.so -> libnss3.so.1d libXpm.so.4 -> libXpm.so.4.11.0 libXcursor.so.1 -> libXcursor.so.1.0.2 libXmu.so.6 -> libXmu.so.6.2.0 libnssutil3.so -> libnssutil3.so.1d libgdk-x11-2.0.so.0 -> libgdk-x11-2.0.so.0.2400.10 libgtk-x11-2.0.so.0 -> libgtk-x11-2.0.so.0.2400.10 libnotify.so.4 -> libnotify.so.4.0.0 libesd.so.0 -> libesd.so.0.2.39 libgailutil.so.18 -> libgailutil.so.18.0.1 libts-0.0.so.0 -> libts-0.0.so.0.1.1 libnspr4.so -> libnspr4.so.0d libXdamage.so.1 -> libXdamage.so.1.1.0 libXt.so.6 -> libXt.so.6.0.0 libfreebl3.so -> libfreebl3.so libICE.so.6 -> libICE.so.6.3.0 libXfixes.so.3 -> libXfixes.so.3.1.0 libtalloc.so.2 -> libtalloc.so.2.0.7 libplc4.so -> libplc4.so.0d libjpeg.so.62 -> libjpeg.so.62.0.0 libXcomposite.so.1 -> libXcomposite.so.1.0.0 libsmime3.so -> libsmime3.so.1d libhunspell-1.3.so.0 -> libhunspell-1.3.so.0.0.0 libvpx.so.1 -> libvpx.so.1.1.0 libSM.so.6 -> libSM.so.6.0.1 libssl3.so -> libssl3.so.1d libXi.so.6 -> libXi.so.6.1.0 libsemanage.so.1 -> libsemanage.so.1 libpcap.so.0.8 -> libpcap.so.1.3.0 libcupsimage.so.2 -> libcupsimage.so.2 libgdbm_compat.so.3 -> libgdbm_compat.so.3.0.0 libgdbm.so.3 -> libgdbm.so.3.0.0 librpcsecgss.so.3 -> librpcsecgss.so.3.0.0 libltdl.so.7 -> libltdl.so.7.3.0 libgd.so.2 -> libgd.so.2.0.0 libjpeg.so.8 -> libjpeg.so.8.4.0 liblcms2.so.2 -> liblcms2.so.2.0.2 libmysqlclient.so.18 -> libmysqlclient_r.so.18.0.0 libcupsppdc.so.1 -> libcupsppdc.so.1 libidn.so.11 -> libidn.so.11.6.8 libatk-1.0.so.0 -> libatk-1.0.so.0.20409.1 libpaper.so.1 -> libpaper.so.1.1.2 libsigc-2.0.so.0 -> libsigc-2.0.so.0.0.0 libapt-pkg.so.4.12 -> libapt-pkg.so.4.12.0 libXext.so.6 -> libXext.so.6.4.0 libapt-inst.so.1.5 -> libapt-inst.so.1.5.0 libasound.so.2 -> libasound.so.2.0.0 libjbig.so.0 -> libjbig.so.0.0.0 liblber-2.4.so.2 -> liblber.so libopenjpeg.so.2 -> libopenjpeg-2.1.3.0.so libtiff.so.4 -> libtiff.so.4.3.6 liblockfile.so.1 -> liblockfile.so.1.0 libpipeline.so.1 -> libpipeline.so.1.2.1 libustr-1.0.so.1 -> libustr-1.0.so.1.0.4 libsensors.so.4 -> libsensors.so.4.3.2 libsasl2.so.2 -> libsasl2.so.2.0.25 libsqlite3.so.0 -> libsqlite3.so.0.8.6 libavahi-client.so.3 -> libavahi-client.so.3.2.9 libssl.so.1.0.0 -> libssl.so.1.0.0 libcrypto.so.1.0.0 -> libcrypto.so.1.0.0 libart_lgpl_2.so.2 -> libart_lgpl_2.so.2.3.21 libtasn1.so.3 -> libtasn1.so.3.1.16 libavahi-core.so.7 -> libavahi-core.so.7.0.2 libgnutls.so.26 -> libgnutls.so.26.22.4 libgnutls-extra.so.26 -> libgnutls-extra.so.26.22.4 libldap_r-2.4.so.2 -> libldap_r.so libcupsmime.so.1 -> libcupsmime.so.1 libmagic.so.1 -> libmagic.so.1.0.0 libgpm.so.2 -> libgpm.so.2 libedit.so.2 -> libedit.so.2.11 libnewt.so.0.52 -> libnewt.so.0.52.14 libp11-kit.so.0 -> libp11-kit.so.0.0.0 libpoppler.so.19 -> libpoppler.so.19.0.0 libcups.so.2 -> libcups.so.2 libkrb5support.so.0 -> libkrb5support.so.0.1 liblcms.so.1 -> liblcms.so.1.0.19 libavahi-common.so.3 -> libavahi-common.so.3.5.3 libavahi-glib.so.1 -> libavahi-glib.so.1.0.2 libjasper.so.1 -> libjasper.so.1.0.0 libk5crypto.so.3 -> libk5crypto.so.3.1 libaudiofile.so.1 -> libaudiofile.so.1.0.0 libgssapi_krb5.so.2 -> libgssapi_krb5.so.2.2 libcupsfilters.so.1 -> libcupsfilters.so.1 libtokyocabinet.so.9 -> libtokyocabinet.so.9.10.0 libevent-2.0.so.5 -> libevent-2.0.so.5.1.7 libtdb.so.1 -> libtdb.so.1.2.10 libcupscgi.so.1 -> libcupscgi.so.1 libxml2.so.2 -> libxml2.so.2.8.0 libgio-2.0.so.0 -> libgio-2.0.so.0.3200.4 libgmodule-2.0.so.0 -> libgmodule-2.0.so.0.3200.4 libgthread-2.0.so.0 -> libgthread-2.0.so.0.3200.4 libgobject-2.0.so.0 -> libgobject-2.0.so.0.3200.4 libpangox-1.0.so.0 -> libpangox-1.0.so.0.3000.0 libXft.so.2 -> libXft.so.2.3.1 libdatrie.so.1 -> libdatrie.so.1.1.0 libthai.so.0 -> libthai.so.0.1.7 libpcreposix.so.3 -> libpcreposix.so.3.13.1 libasprintf.so.0 -> libasprintf.so.0.0.0 libpangocairo-1.0.so.0 -> libpangocairo-1.0.so.0.3000.0 libxcb-render.so.0 -> libxcb-render.so.0.0.0 libX11.so.6 -> libX11.so.6.3.0 libxcb.so.1 -> libxcb.so.1.1.0 libtic.so.5 -> libtic.so.5.9 libXdmcp.so.6 -> libXdmcp.so.6.0.0 libXau.so.6 -> libXau.so.6.0.0 libpixman-1.so.0 -> libpixman-1.so.0.26.0 libpangoft2-1.0.so.0 -> libpangoft2-1.0.so.0.3000.0 libfontconfig.so.1 -> libfontconfig.so.1.5.0 libfreetype.so.6 -> libfreetype.so.6.8.1 libexpatw.so.1 -> libexpatw.so.1.6.0 libpango-1.0.so.0 -> libpango-1.0.so.0.3000.0 libformw.so.5 -> libformw.so.5.9 libmenuw.so.5 -> libmenuw.so.5.9 libkrb5.so.3 -> libkrb5.so.3.3 libmpfr.so.4 -> libmpfr.so.4.1.0 libdb-5.1.so -> libdb-5.1.so libcairo.so.2 -> libcairo.so.2.11200.2 libgmp.so.10 -> libgmp.so.10.0.5 libpangoxft-1.0.so.0 -> libpangoxft-1.0.so.0.3000.0 libffi.so.5 -> libffi.so.5.0.10 libstdc++.so.6 -> libstdc++.so.6.0.17 libpanel.so.5 -> libpanel.so.5.9 libxcb-shm.so.0 -> libxcb-shm.so.0.0.0 libgomp.so.1 -> libgomp.so.1.0.0 libmenu.so.5 -> libmenu.so.5.9 libXrender.so.1 -> libXrender.so.1.3.0 libform.so.5 -> libform.so.5.9 libpanelw.so.5 -> libpanelw.so.5.9 /lib: libnss_mdns6_minimal.so.2 -> libnss_mdns6_minimal.so.2 libnss_mdns.so.2 -> libnss_mdns.so.2 libip4tc.so.0 -> libip4tc.so.0.1.0 libctutils.so.0 -> libctutils.so.0.0.0 libnss_mdns4_minimal.so.2 -> libnss_mdns4_minimal.so.2 libiptc.so.0 -> libiptc.so.0.0.0 libcfont.so.0 -> libcfont.so.0.0.0 libconsole.so.0 -> libconsole.so.0.0.0 libcap.so.1 -> libcap.so.1.10 libnss_mdns6.so.2 -> libnss_mdns6.so.2 libxtables.so.7 -> libxtables.so.7.0.0 libhandle.so.1 -> libhandle.so.1.0.3 libip6tc.so.0 -> libip6tc.so.0.1.0 libnss_mdns_minimal.so.2 -> libnss_mdns_minimal.so.2 libvolume_id.so.0 -> libvolume_id.so.0.85.0 libipq.so.0 -> libipq.so.0.0.0 libnss_mdns4.so.2 -> libnss_mdns4.so.2 /usr/lib: libtcl8.5.so.0 -> libtcl8.5.so.0 libgpgme.so.11 -> libgpgme.so.11.7.0 libgpgme-pthread.so.11 -> libgpgme-pthread.so.11.7.0 libgpgme-pth.so.11 -> libgpgme-pth.so.11.7.0 libjbig2dec.so.0 -> libjbig2dec.so.0.0.0 libijs-0.35.so -> libijs-0.35.so libxdot.so.4 -> libxdot.so.4.0.0 libpathplan.so.4 -> libpathplan.so.4.0.0 libgraph.so.4 -> libgraph.so.4.0.0 libgvc.so.5 -> libgvc.so.5.0.0 libgvpr.so.1 -> libgvpr.so.1.0.0 libpostfix-tls.so.1 -> libpostfix-tls.so.1.0.1 libpostfix-master.so.1 -> libpostfix-master.so.1.0.1 libpostfix-global.so.1 -> libpostfix-global.so.1.0.1 libhpmud.so.0 -> libhpmud.so.0.0.6 libhpip.so.0 -> libhpip.so.0.0.1 libpth.so.20 -> libpth.so.20.0.27 libpostfix-dns.so.1 -> libpostfix-dns.so.1.0.1 libfam.so.0 -> libfam.so.0.0.0 libcgraph.so.5 -> libcgraph.so.5.0.0 libaudiofile.so.0 -> libaudiofile.so.0.0.2 libbonobo-2.so.0 -> libbonobo-2.so.0.0.0 libbonobo-activation.so.4 -> libbonobo-activation.so.4.0.0 libhal.so.1 -> libhal.so.1.0.0 libstartup-notification-1.so.0 -> libstartup-notification-1.so.0.0.0 libhal-storage.so.1 -> libhal-storage.so.1.0.0 libuniquewm-1.0.so.0 -> libuniquewm-1.0.so.0.1.0 libfusion-1.0.so.0 -> libfusion-1.0.so.0.1.0 libdirectfb-1.0.so.0 -> libdirectfb-1.0.so.0.1.0 libdirect-1.0.so.0 -> libdirect-1.0.so.0.1.0 libglade-2.0.so.0 -> libglade-2.0.so.0.0.7 libGeoIPUpdate.so.0 -> libGeoIPUpdate.so.0.0.0 libnfnetlink.so.0 -> libnfnetlink.so.0.2.0 libmysqlclient_r.so.15 -> libmysqlclient_r.so.15.0.0 libnetsnmphelpers.so.15 -> libnetsnmphelpers.so.15.1.2 libmysqlclient.so.15 -> libmysqlclient.so.15.0.0 libORBit-2.so.0 -> libORBit-2.so.0.1.0 libpostfix-util.so.1 -> libpostfix-util.so.1.0.1 libbfd-2.22-system.so -> libbfd-2.22-system.so libgc.so.1 -> libgc.so.1.0.3 libqdbm.so.14 -> libqdbm.so.14.14.0 libltdl.so.3 -> libltdl.so.3.1.4 libnetsnmp.so.15 -> libnetsnmp.so.15.1.2 libnetsnmpagent.so.15 -> libnetsnmpagent.so.15.1.2 libnetsnmpmibs.so.15 -> libnetsnmpmibs.so.15.1.2 libpython2.4.so.1.0 -> libpython2.4.so.1.0 libsnmp.so.15 -> libsnmp.so.15.1.2 libnetsnmptrapd.so.15 -> libnetsnmptrapd.so.15.1.2 libORBitCosNaming-2.so.0 -> libORBitCosNaming-2.so.0.1.0 libonig.so.2 -> libonig.so.2.0.0 libapr-1.so.0 -> libapr-1.so.0.4.6 libslp.so.1 -> libslp.so.1.0.1 libevent-1.3e.so.1 -> libevent.so.1 libgpm.so.1 -> libgpm.so.1.19.6 libgccpp.so.1 -> libgccpp.so.1.0.3 libORBit-imodule-2.so.0 -> libORBit-imodule-2.so.0.0.0 libexpect.so.5.45 -> libexpect.so.5.45 libisccfg.so.82 -> libisccfg.so.82.0.3 libvte.so.9 -> libvte.so.9.2800.2 libopts.so.25 -> libopts.so.25.10.0 libGeoIP.so.1 -> libGeoIP.so.1.4.8 libopcodes-2.22-system.so -> libopcodes-2.22-system.so libopencdk.so.8 -> libopencdk.so.8.0.5 liblzo.so.1 -> liblzo.so.1.0.0 libpython2.7.so.1.0 -> libpython2.7.so.1.0 libpq.so.5 -> libpq.so.5.4 libdb-4.2.so -> libdb-4.2.so libgnutls-extra.so.13 -> libgnutls-extra.so.13.0.9 libgnutls.so.13 -> libgnutls.so.13.0.9 libgnutls-openssl.so.13 -> libgnutls-openssl.so.13.0.9 libldap_r.so.2 -> libldap_r.so.2.0.130 liblber.so.2 -> liblber.so.2.0.130 libaprutil-1.so.0 -> libaprutil-1.so.0.4.1 libgtop-2.0.so.7 -> libgtop-2.0.so.7.2.0 libgnomecanvas-2.so.0 -> libgnomecanvas-2.so.0.3000.3 libIDL-2.so.0 -> libIDL-2.so.0.0.0 libssl.so.0.9.8 -> libssl.so.0.9.8 libcdt.so.4 -> libcdt.so.4.0.0 libcrypto.so.0.9.8 -> libcrypto.so.0.9.8 libisccc.so.80 -> libisccc.so.80.0.2 libmpfr.so.1 -> libmpfr.so.1.1.1 liblwres.so.80 -> liblwres.so.80.0.3 libdb-4.4.so -> libdb.so libboost_iostreams.so.1.49.0 -> libboost_iostreams.so.1.49.0 libmozjs.so.10d -> libmozjs.so.10d libisc.so.84 -> libisc.so.84.1.0 libcwidget.so.3 -> libcwidget.so.3.0.0 libdaemon.so.0 -> libdaemon.so.0.5.0 libgs.so.9 -> libgs.so.9.05 libept.so.1.aptpkg4.12 -> libept.so.1.0.5.4.12 libgmp.so.3 -> libgmp.so.3.5.2 libdns.so.88 -> libdns.so.88.1.1 libbind9.so.80 -> libbind9.so.80.0.7 libperl.so.5.14 -> libperl.so.5.14.2 libmp.so.3 -> libmp.so.3.1.16 libxapian.so.22 -> libxapian.so.22.5.0 libdb-4.5.so -> libdb-4.5.so libdb-4.3.so -> libdb-4.3.so liblzma.so.2 -> liblzma.so.2.0.0 ------ I appreciate any and all assistance! ================================== Jennifer L. Mehl Director of Information Technology Dept. of Chemistry and Biochemistry 2618 PSBN University of California, Santa Barbara Santa Barbara, CA 93106-9510 mailto: mehl@chem.ucsb.edu 805-893-4392 (office) 805-451-7486 (cell) ==================================
On 27.02.2013 02:59, Jennifer Mehl wrote:
Hello,
I just updated to Debian wheezy 7.0, kernel 3.2.0-4-amd64, and the accompanying freeradius-2.1.12+dfsg-1.2. (Previously using Debian squeeze 6.0 and freeradius 2.1.10+dfsg-2+squeeze1.)
There's a know bug in 2.1.*. You should really upgrade to 2.2.X you can build your own debian package from source http://wiki.freeradius.org/building/Build#Building-Debian-packages
After the OS update and FreeRADIUS updates, freeradius is now seg faulting after trying to process the authorize section when a wireless client attempts to connect via EAP-PEAP (MSCHAPv2). (None of the free radius configuration files have changed).
see doc/bugs to report a segfault Olivier B. -- Olivier Beytrison Network & Security Engineer, HES-SO Fribourg Mail: olivier@heliosnet.org
participants (2)
-
Jennifer Mehl -
Olivier Beytrison