error of segmentation during the implementation of eap2
Hi everyone, i want to implement the freeradius with eap-psk. In many forum it is recommend to read the experimental.conf for configure the module eap2. After reading the experimental.conf, i have created the file eap2.conf which is attached to my email. Also, in the radius.conf, i have put in module section $INCLUDE eap2.conf. In the default file, i have put in the authenticate section eap2 { ok = return}; replace in that file, all the eap by eap2. When i launch the radius with export LD_PRELOAD=/home/dibus/hostap-06/eap_example/libeap.so && radiusd -X ; i have the output which is in file sortie_freerad_ubuntu. At the end, you will see and error of segmentation when it starts to load the module files Someone can help me to find the issue please??? It is very urgent for me. Thank you for your help.
arnauld ndefo wrote:
i want to implement the freeradius with eap-psk. In many forum it is recommend to read the experimental.conf for configure the module eap2. After reading the experimental.conf, i have created the file eap2.conf which is attached to my email. Also, in the radius.conf, i have put in module section $INCLUDE eap2.conf. In the default file, i have put in the authenticate section eap2 { ok = return}; replace in that file, all the eap by eap2.
OK.
When i launch the radius with export LD_PRELOAD=/home/dibus/hostap-06/eap_example/libeap.so && radiusd -X ; i have the output which is in file sortie_freerad_ubuntu. At the end, you will see and error of segmentation when it starts to load the module files
See doc/bugs
Someone can help me to find the issue please??? It is very urgent for me.
It's nice that it's urgent for you. It's not urgent for us. *Why* is it urgent? Are you a student doing an assignment? Or someone whose job requires EAP-PSK? Please explain. Alan DeKok.
Thank you for your reply Alan. I am working on a project which is based on EAP_PSK and implement this is the first part. As you have recommend, i have used the gdb to debug and see the problem. The output that i have is below # gdb radiusd GNU gdb (GDB) 7.1-ubuntu Copyright (C) 2010 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i486-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /usr/local/sbin/radiusd...done. (gdb) set logging file gdb-radiusd.log (gdb) set logging on Copying output to gdb-radiusd.log. (gdb) set args -f (gdb) run Starting program: /usr/local/sbin/radiusd -f [Thread debugging using libthread_db enabled] Program received signal SIGSEGV, Segmentation fault. 0x080529d3 in cf_log_err (ci=0x0, fmt=0x8085210 "\"%s\" modules aren't allowed in '%s' sections -- they have no such method.") at conffile.c:2641 2641radlog(L_ERR, "%s[%d]: %s", ci->filename, ci->lineno, buffer); Seems that in some part of a code, the eap2 module is not allowed. Do you have an idea about this error please. Thank you for your help. ________________________________ De : Alan DeKok <aland@deployingradius.com> À : arnauld ndefo <ndefo2002@yahoo.fr>; FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Envoyé le : Mardi 18 septembre 2012 11h47 Objet : Re: error of segmentation during the implementation of eap2 arnauld ndefo wrote:
i want to implement the freeradius with eap-psk. In many forum it is recommend to read the experimental.conf for configure the module eap2. After reading the experimental.conf, i have created the file eap2.conf which is attached to my email. Also, in the radius.conf, i have put in module section $INCLUDE eap2.conf. In the default file, i have put in the authenticate section eap2 { ok = return}; replace in that file, all the eap by eap2.
OK.
When i launch the radius with export LD_PRELOAD=/home/dibus/hostap-06/eap_example/libeap.so && radiusd -X ; i have the output which is in file sortie_freerad_ubuntu. At the end, you will see and error of segmentation when it starts to load the module files
See doc/bugs
Someone can help me to find the issue please??? It is very urgent for me.
It's nice that it's urgent for you. It's not urgent for us. *Why* is it urgent? Are you a student doing an assignment? Or someone whose job requires EAP-PSK? Please explain. Alan DeKok.
arnauld ndefo wrote:
I am working on a project which is based on EAP_PSK and implement this is the first part.
Which didn't answer my question.
Seems that in some part of a code, the eap2 module is not allowed.
Do you have an idea about this error please.
Since you're not going to answer my questions, and you're not really following the instructions in doc/bugs, I can't help you. Alan DeKok.
My project is to authenticate a client openpana with my radius server. The authentication method used by the client is based on the EAP-PSK, which is why I would have a radius server with authtentification method as EAP-PSK. After apply the instruction of doc/bugs, i have got a file gdb-radiusd.log which i have attached to the mail. Thank you ________________________________ De : Alan DeKok <aland@deployingradius.com> À : arnauld ndefo <ndefo2002@yahoo.fr>; FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Envoyé le : Mardi 18 septembre 2012 14h54 Objet : Re: error of segmentation during the implementation of eap2 arnauld ndefo wrote:
I am working on a project which is based on EAP_PSK and implement this is the first part.
Which didn't answer my question.
Seems that in some part of a code, the eap2 module is not allowed.
Do you have an idea about this error please.
Since you're not going to answer my questions, and you're not really following the instructions in doc/bugs, I can't help you. Alan DeKok.
Hi,
My project is to authenticate a client openpana with my radius server. The authentication method used by the client is based on the EAP-PSK, which is why I would have a radius server with authtentification method as EAP-PSK. After apply the instruction of doc/bugs, i have got a file gdb-radiusd.log which i have attached to the mail.
I take it that you've tried removing eap2 call from authorize and only have it in the authentication section? alan
Hi, Concerning the error of segmentation, we have removed in the section authorize the part eap2{ ok = return} in the default and inner-server file. After that we have got the output of the radiusd -X which is in the attached file radiusd.txt. Normally we think that it is fine because the eap2 module has been loaded and we have at the end the line ... adding new socket proxy address * port 52902 Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /usr/local/var/run/radiusd/radiusd.sock Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Listening on proxy address * port 1814 Ready to process requests. For the test of the eap2 module, we have put in the users file the line user1 Auth-Type :=eap2, Cleartext-Password :="password" On the client, we have got #radtest user1 password 127.0.0.1:18120 0 testing1234 sh: getcwd() failed: No such file or directory Sending Access-Request of id 217 to 127.0.0.1 port 18120 User-Name = "user1" User-Password = "password" NAS-IP-Address = 127.0.1.1 NAS-Port = 0 Message-Authenticator = 0x00000000000000000000000000000000 rad_recv: Access-Reject packet from host 127.0.0.1 port 18120, id=217, length=20 And on the server we have got rad_recv: Access-Request packet from host 127.0.0.1 port 53591, id=217, length=75 User-Name = "user1" User-Password = "password" NAS-IP-Address = 127.0.1.1 NAS-Port = 0 Message-Authenticator = 0xd755b04bec06d6babdc5c934be2aae5a server inner-tunnel { # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "user1", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [files] users: Matched entry user1 at line 204 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = eap2 # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel +- entering group authenticate {...} [eap2] No EAP-Message. Not doing EAP. ++[eap2] returns fail Failed to authenticate the user. } # server inner-tunnel Using Post-Auth-Type REJECT # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> user1 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 1 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 1 Sending Access-Reject of id 217 to 127.0.0.1 port 53591 Waking up in 4.9 seconds. Cleaning up request 1 ID 217 with timestamp +96 I have checked all the file and everything is Ok. Then i dont know why the server doesnt success to authenticate the user??? As you see, we have a failed to authenticate the user. Do you have an ideas or suggestions please?? Thank you ________________________________ De : alan buxey <A.L.M.Buxey@lboro.ac.uk> À : arnauld ndefo <ndefo2002@yahoo.fr>; FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Cc : Alan DeKok <aland@deployingradius.com>; tatiana dibanda <tdibanda31@yahoo.fr>; "tdibanda2005@yahoo.fr" <tdibanda2005@yahoo.fr> Envoyé le : Mardi 18 septembre 2012 17h57 Objet : Re: error of segmentation during the implementation of eap2 Hi,
My project is to authenticate a client openpana with my radius server. The authentication method used by the client is based on the EAP-PSK, which is why I would have a radius server with authtentification method as EAP-PSK. After apply the instruction of doc/bugs, i have got a file gdb-radiusd.log which i have attached to the mail.
I take it that you've tried removing eap2 call from authorize and only have it in the authentication section? alan
Sorry to spam you, but we have #radtest user1 password 127.0.0.1:1812 0 testing1234 and #radtest user1 password 127.0.0.1:18120 0 testing1234 and we have got the same result for the client ________________________________ De : arnauld ndefo <ndefo2002@yahoo.fr> À : alan buxey <A.L.M.Buxey@lboro.ac.uk>; FreeRadius users mailing list <freeradius-users@lists.freeradius.org>; Arran Cudbard-Bell <a.cudbardb@freeradius.org> Cc : Alan DeKok <aland@deployingradius.com>; tatiana dibanda <tdibanda31@yahoo.fr>; "tdibanda2005@yahoo.fr" <tdibanda2005@yahoo.fr> Envoyé le : Mardi 18 septembre 2012 23h38 Objet : Re: error of segmentation during the implementation of eap2 Hi, Concerning the error of segmentation, we have removed in the section authorize the part eap2{ ok = return} in the default and inner-server file. After that we have got the output of the radiusd -X which is in the attached file radiusd.txt. Normally we think that it is fine because the eap2 module has been loaded and we have at the end the line ... adding new socket proxy address * port 52902 Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /usr/local/var/run/radiusd/radiusd.sock Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Listening on proxy address * port 1814 Ready to process requests. For the test of the eap2 module, we have put in the users file the line user1 Auth-Type :=eap2, Cleartext-Password :="password" On the client, we have got #radtest user1 password 127.0.0.1:18120 0 testing1234 sh: getcwd() failed: No such file or directory Sending Access-Request of id 217 to 127.0.0.1 port 18120 User-Name = "user1" User-Password = "password" NAS-IP-Address = 127.0.1.1 NAS-Port = 0 Message-Authenticator = 0x00000000000000000000000000000000 rad_recv: Access-Reject packet from host 127.0.0.1 port 18120, id=217, length=20 And on the server we have got rad_recv: Access-Request packet from host 127.0.0.1 port 53591, id=217, length=75 User-Name = "user1" User-Password = "password" NAS-IP-Address = 127.0.1.1 NAS-Port = 0 Message-Authenticator = 0xd755b04bec06d6babdc5c934be2aae5a server inner-tunnel { # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "user1", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [files] users: Matched entry user1 at line 204 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = eap2 # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel +- entering group authenticate {...} [eap2] No EAP-Message. Not doing EAP. ++[eap2] returns fail Failed to authenticate the user. } # server inner-tunnel Using Post-Auth-Type REJECT # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> user1 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 1 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 1 Sending Access-Reject of id 217 to 127.0.0.1 port 53591 Waking up in 4.9 seconds. Cleaning up request 1 ID 217 with timestamp +96 I have checked all the file and everything is Ok. Then i dont know why the server doesnt success to authenticate the user??? As you see, we have a failed to authenticate the user. Do you have an ideas or suggestions please?? Thank you ________________________________ De : alan buxey <A.L.M.Buxey@lboro.ac.uk> À : arnauld ndefo <ndefo2002@yahoo.fr>; FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Cc : Alan DeKok <aland@deployingradius.com>; tatiana dibanda <tdibanda31@yahoo.fr>; "tdibanda2005@yahoo.fr" <tdibanda2005@yahoo.fr> Envoyé le : Mardi 18 septembre 2012 17h57 Objet : Re: error of segmentation during the implementation of eap2 Hi,
My project is to authenticate a client openpana with my radius server. The authentication method used by the client is based on the EAP-PSK, which is why I would have a radius server with authtentification method as EAP-PSK. After apply the instruction of doc/bugs, i have got a file gdb-radiusd.log which i have attached to the mail.
I take it that you've tried removing eap2 call from authorize and only have it in the authentication section? alan
Hi,
Sorry to spam you, but we have #radtest user1 password 127.0.0.1:1812 0 testing1234 and #radtest user1 password 127.0.0.1:18120 0 testing1234 and we have got the same result for the client
radtest doesnt send EAP packets
line user1 Auth-Type :=eap2, Cleartext-Password :="password"
you ant do that - read the docs, never set the Auth-Type. the packet needs to have the right contents to be dealt with
[eap2] No EAP-Message. Not doing EAP. ++[eap2] returns fail
see. eap2 isnt happy. if you are wanting to test EAP-whateverflavour, then you need to use a client that can send EAP-whateverflavour (like when testing EAP-PWD, I was using the latest beta of wpa_supplicant ) alan
As Alan B just said, radtest does not send EAP packets, no matter where you send the RADIUS packets, to the inner tunnel or the outer tunnel, radtest doesn't send EAP-Message. You have hardcoded auth-type eap2 in your users file, so when the request enters the authenticate section, the eap2 module is called instead of the PAP module. The EAP module says, WTH dude why am I being called when there's no EAP-message, and the server sends back a reject. I can't remember if the eap2 module has the code to check for eap-message and set the appropriate Auth-Type, and i'm not going to check, because you still haven't confirmed whether that patch fixed the segfault or not. Grrr. Instead of the users file entry, do something like authorize { if (EAP-Message) { update control { Auth-Type := eap2 } } } And please stop CCing everyone, mailman is smart enough not to send send duplicates, but it's still annoying. -Arran
We dont know how to use the git pull command that you have sent to us. Then to fix the error of segmentation, we have just removed in the authorize section of the default and innet-tunnel file the part eap2 { ok=return}. We have not used the patch that you have recommand. We have done in the freeradius-server directory the command git pull / git repository and we have got nothing. I you have some suggestion to know how to Confirm that your git repository head is at commit 02567cf3c5aa758d7153c0bd7020e27a5067f7c3 (git pull), please tell us. Thank you ________________________________ De : Arran Cudbard-Bell <a.cudbardb@freeradius.org> À : arnauld ndefo <ndefo2002@yahoo.fr> Cc : FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Envoyé le : Mercredi 19 septembre 2012 0h06 Objet : Re: error of segmentation during the implementation of eap2 As Alan B just said, radtest does not send EAP packets, no matter where you send the RADIUS packets, to the inner tunnel or the outer tunnel, radtest doesn't send EAP-Message. You have hardcoded auth-type eap2 in your users file, so when the request enters the authenticate section, the eap2 module is called instead of the PAP module. The EAP module says, WTH dude why am I being called when there's no EAP-message, and the server sends back a reject. I can't remember if the eap2 module has the code to check for eap-message and set the appropriate Auth-Type, and i'm not going to check, because you still haven't confirmed whether that patch fixed the segfault or not. Grrr. Instead of the users file entry, do something like authorize { if (EAP-Message) {
update control { Auth-Type := eap2 } } }
And please stop CCing everyone, mailman is smart enough not to send send duplicates, but it's still annoying. -Arran
On 18 Sep 2012, at 15:07, arnauld ndefo <ndefo2002@yahoo.fr> wrote:
My project is to authenticate a client openpana with my radius server. The authentication method used by the client is based on the EAP-PSK, which is why I would have a radius server with authtentification method as EAP-PSK. After apply the instruction of doc/bugs, i have got a file gdb-radiusd.log which i have attached to the mail.
1. Confirm that your git repository head is at commit 02567cf3c5aa758d7153c0bd7020e27a5067f7c3 (git pull). 2. Confirm that you have rebuilt the server. 3. If you still experience the segfault please edit the Makefile to remove the -O2 flag and rebuild the server, then post the output of gdb 'bt all'. 4. http://www.youtube.com/watch?v=0M7ibPk37_U -Arran
On 18 Sep 2012, at 13:42, arnauld ndefo <ndefo2002@yahoo.fr> wrote:
Thank you for your reply Alan. I am working on a project which is based on EAP_PSK and implement this is the first part.
As you have recommend, i have used the gdb to debug and see the problem. The output that i have is below # gdb radiusd GNU gdb (GDB) 7.1-ubuntu Copyright (C) 2010 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i486-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /usr/local/sbin/radiusd...done. (gdb) set logging file gdb-radiusd.log (gdb) set logging on Copying output to gdb-radiusd.log. (gdb) set args -f (gdb) run Starting program: /usr/local/sbin/radiusd -f [Thread debugging using libthread_db enabled]
Program received signal SIGSEGV, Segmentation fault. 0x080529d3 in cf_log_err (ci=0x0, fmt=0x8085210 "\"%s\" modules aren't allowed in '%s' sections -- they have no such method.") at conffile.c:2641 2641 radlog(L_ERR, "%s[%d]: %s", ci->filename, ci->lineno, buffer);
Seems that in some part of a code, the eap2 module is not allowed.
Please provide a backtrace from GDB. -Arran
Hi,
Starting program: /usr/local/sbin/radiusd -f [Thread debugging using libthread_db enabled] Program received signal SIGSEGV, Segmentation fault. 0x080529d3 in cf_log_err (ci=0x0, fmt=0x8085210 "\"%s\" modules aren't allowed in '%s' sections -- they have no such method.") at conffile.c:2641
send output of 'radiusd -X' - looks like you have a fundamental configuration problem alan
On 18 Sep 2012, at 13:58, alan buxey <A.L.M.Buxey@LBORO.AC.UK> wrote:
Hi,
Starting program: /usr/local/sbin/radiusd -f [Thread debugging using libthread_db enabled] Program received signal SIGSEGV, Segmentation fault. 0x080529d3 in cf_log_err (ci=0x0, fmt=0x8085210 "\"%s\" modules aren't allowed in '%s' sections -- they have no such method.") at conffile.c:2641
send output of 'radiusd -X' - looks like you have a fundamental configuration problem
alan
Comitted a fix for the segfault. Please build from v2.1.x or master. Still won't work, but at least you'll get a proper error. -Arran
We have built the v2.1.X version. After that i have followed the experimental.conf file to configure the eap2.conf. The "long term support" release. The only changes to this code will be minor bug fixes. All new development is done in the "stable" branch. $ git clone git://git.freeradius.org/freeradius-server.git $ cd freeradius-server $ git fetch origin v2.1.x:v2.1.x $ git checkout v2.1.x ________________________________ De : Arran Cudbard-Bell <a.cudbardb@freeradius.org> À : FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Cc : arnauld ndefo <ndefo2002@yahoo.fr>; tatiana dibanda <tdibanda31@yahoo.fr>; "tdibanda2005@yahoo.fr" <tdibanda2005@yahoo.fr>; Alan DeKok <aland@deployingradius.com> Envoyé le : Mardi 18 septembre 2012 15h19 Objet : Re: error of segmentation during the implementation of eap2 On 18 Sep 2012, at 13:58, alan buxey <A.L.M.Buxey@LBORO.AC.UK> wrote:
Hi,
Starting program: /usr/local/sbin/radiusd -f [Thread debugging using libthread_db enabled] Program received signal SIGSEGV, Segmentation fault. 0x080529d3 in cf_log_err (ci=0x0, fmt=0x8085210 "\"%s\" modules aren't allowed in '%s' sections -- they have no such method.") at conffile.c:2641
send output of 'radiusd -X' - looks like you have a fundamental configuration problem
alan
Comitted a fix for the segfault. Please build from v2.1.x or master. Still won't work, but at least you'll get a proper error. -Arran
Hi,
We have built the v2.1.X version. After that i have followed the experimental.conf file to configure the eap2.conf. The "long term support" release. The only changes to this code will be minor bug fixes. All new development is done in the "stable" branch. $ git clone git://git.freeradius.org/freeradius-server.git $ cd freeradius-server $ git fetch origin v2.1.x:v2.1.x $ git checkout v2.1.x
did you do this AFTER Arrans email? If so, when you run the program (after recompiling etc) you should now get a different error code. alan
Hi Alan, The output of raduisd -X is below root@dibus-laptop:~/freeradius-server# export LD_PRELOAD=/home/dibus/hostap-06/eap_example/libeap.so && radiusd -X FreeRADIUS Version 2.2.0, for host i686-pc-linux-gnu, built on Sep 16 2012 at 03:55:41 Copyright (C) 1999-2012 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/proxy.conf including configuration file /usr/local/etc/raddb/clients.conf including files in directory /usr/local/etc/raddb/modules/ including configuration file /usr/local/etc/raddb/modules/otp including configuration file /usr/local/etc/raddb/modules/radutmp including configuration file /usr/local/etc/raddb/modules/echo including configuration file /usr/local/etc/raddb/modules/exec including configuration file /usr/local/etc/raddb/modules/counter including configuration file /usr/local/etc/raddb/modules/soh including configuration file /usr/local/etc/raddb/modules/dhcp_sqlippool including configuration file /usr/local/etc/raddb/sql/mysql/ippool-dhcp.conf including configuration file /usr/local/etc/raddb/modules/mac2vlan including configuration file /usr/local/etc/raddb/modules/sql_log including configuration file /usr/local/etc/raddb/modules/realm including configuration file /usr/local/etc/raddb/modules/checkval including configuration file /usr/local/etc/raddb/modules/cache including configuration file /usr/local/etc/raddb/modules/smbpasswd including configuration file /usr/local/etc/raddb/modules/redis including configuration file /usr/local/etc/raddb/modules/rediswho including configuration file /usr/local/etc/raddb/modules/digest including configuration file /usr/local/etc/raddb/modules/linelog including configuration file /usr/local/etc/raddb/modules/preprocess including configuration file /usr/local/etc/raddb/modules/wimax including configuration file /usr/local/etc/raddb/modules/always including configuration file /usr/local/etc/raddb/modules/inner-eap including configuration file /usr/local/etc/raddb/modules/expr including configuration file /usr/local/etc/raddb/modules/replicate including configuration file /usr/local/etc/raddb/modules/pam including configuration file /usr/local/etc/raddb/modules/krb5 including configuration file /usr/local/etc/raddb/modules/ldap including configuration file /usr/local/etc/raddb/modules/detail.log including configuration file /usr/local/etc/raddb/modules/pap including configuration file /usr/local/etc/raddb/modules/smsotp including configuration file /usr/local/etc/raddb/modules/expiration including configuration file /usr/local/etc/raddb/modules/unix including configuration file /usr/local/etc/raddb/modules/radrelay including configuration file /usr/local/etc/raddb/modules/detail.example.com including configuration file /usr/local/etc/raddb/modules/logintime including configuration file /usr/local/etc/raddb/modules/sqlcounter_expire_on_login including configuration file /usr/local/etc/raddb/modules/opendirectory including configuration file /usr/local/etc/raddb/modules/files including configuration file /usr/local/etc/raddb/modules/attr_filter including configuration file /usr/local/etc/raddb/modules/acct_unique including configuration file /usr/local/etc/raddb/modules/chap including configuration file /usr/local/etc/raddb/modules/etc_group including configuration file /usr/local/etc/raddb/modules/perl including configuration file /usr/local/etc/raddb/modules/cui including configuration file /usr/local/etc/raddb/modules/ippool including configuration file /usr/local/etc/raddb/modules/mschap including configuration file /usr/local/etc/raddb/modules/ntlm_auth including configuration file /usr/local/etc/raddb/modules/passwd including configuration file /usr/local/etc/raddb/modules/attr_rewrite including configuration file /usr/local/etc/raddb/modules/sradutmp including configuration file /usr/local/etc/raddb/modules/detail including configuration file /usr/local/etc/raddb/modules/dynamic_clients including configuration file /usr/local/etc/raddb/modules/policy including configuration file /usr/local/etc/raddb/modules/mac2ip including configuration file /usr/local/etc/raddb/eap2.conf including configuration file /usr/local/etc/raddb/policy.conf including files in directory /usr/local/etc/raddb/sites-enabled/ including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel including configuration file /usr/local/etc/raddb/sites-enabled/default including configuration file /usr/local/etc/raddb/sites-enabled/control-socket main { allow_core_dumps = no } including dictionary file /usr/local/etc/raddb/dictionary main { name = "radiusd" prefix = "/usr/local" localstatedir = "/usr/local/var" sbindir = "/usr/local/sbin" logdir = "/usr/local/var/log/radius" run_dir = "/usr/local/var/run/radiusd" libdir = "/usr/local/lib" radacctdir = "/usr/local/var/log/radius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/usr/local/var/run/radiusd/radiusd.pid" checkrad = "/usr/local/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = "testing123" response_window = 20 max_outstanding = 65536 require_message_authenticator = yes zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "testing123" nastype = "other" } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating module "exec" from file /usr/local/etc/raddb/modules/exec exec { wait = no input_pairs = "request" shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating module "expr" from file /usr/local/etc/raddb/modules/expr Module: Linked to module rlm_expiration Module: Instantiating module "expiration" from file /usr/local/etc/raddb/modules/expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating module "logintime" from file /usr/local/etc/raddb/modules/logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: #### Loading Virtual Servers #### server { # from file /usr/local/etc/raddb/radiusd.conf modules { Module: Creating Auth-Type = digest Module: Creating Auth-Type = eap2 Module: Creating Post-Auth-Type = REJECT Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating module "pap" from file /usr/local/etc/raddb/modules/pap pap { encryption_scheme = "auto" auto_header = no } Module: Linked to module rlm_chap Module: Instantiating module "chap" from file /usr/local/etc/raddb/modules/chap Module: Linked to module rlm_mschap Module: Instantiating module "mschap" from file /usr/local/etc/raddb/modules/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = no allow_retry = yes } Module: Linked to module rlm_digest Module: Instantiating module "digest" from file /usr/local/etc/raddb/modules/digest Module: Linked to module rlm_unix Module: Instantiating module "unix" from file /usr/local/etc/raddb/modules/unix unix { radwtmp = "/usr/local/var/log/radius/radwtmp" } Module: Linked to module rlm_eap2 Module: Instantiating module "eap2" from file /usr/local/etc/raddb/eap2.conf eap2 { timer_expire = 60 cisco_accounting_username_bug = no backend_auth = yes tls { ca_cert = "/usr/local/etc/raddb/certs/ca.pem" server_cert = "/usr/local/etc/raddb/certs/server.pem" private_key_file = "/usr/local/etc/raddb/certs/server.pem" private_key_password = "whatever" dh_file = "/usr/local/etc/raddb/certs/dh" } } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating module "preprocess" from file /usr/local/etc/raddb/modules/preprocess preprocess { huntgroups = "/usr/local/etc/raddb/huntgroups" hints = "/usr/local/etc/raddb/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } reading pairlist file /usr/local/etc/raddb/huntgroups reading pairlist file /usr/local/etc/raddb/hints Module: Linked to module rlm_realm Module: Instantiating module "suffix" from file /usr/local/etc/raddb/modules/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Erreur de segmentation ________________________________ De : alan buxey <A.L.M.Buxey@lboro.ac.uk> À : arnauld ndefo <ndefo2002@yahoo.fr>; FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Cc : Alan DeKok <aland@deployingradius.com>; tatiana dibanda <tdibanda31@yahoo.fr>; "tdibanda2005@yahoo.fr" <tdibanda2005@yahoo.fr> Envoyé le : Mardi 18 septembre 2012 14h58 Objet : Re: error of segmentation during the implementation of eap2 Hi,
Starting program: /usr/local/sbin/radiusd -f [Thread debugging using libthread_db enabled] Program received signal SIGSEGV, Segmentation fault. 0x080529d3 in cf_log_err (ci=0x0, fmt=0x8085210 "\"%s\" modules aren't allowed in '%s' sections -- they have no such method.") at conffile.c:2641
send output of 'radiusd -X' - looks like you have a fundamental configuration problem alan
participants (4)
-
alan buxey -
Alan DeKok -
arnauld ndefo -
Arran Cudbard-Bell