Freeradius 2.2.0 I am trying to take an PEAP/MSCHAPv2 tunnel terminate it at 172.16.0.9 and then proxy it as MSCHAPv2 to an NPS server at 172.16.0.15. This is for a token server that does not allow PEAP. Everything works (I get an ACCEPT from 172.16.0.15) but then freeradius crashes. I have searched the forumns and it looks like others have had this issue but I can seem to find a resolution. Sometimes I get the mutex lock and sometimes I get a segmentation fault. Any help would be greatly appreciated. ----SNIP OF ERROR FROM DEBUG---- rad_recv: Access-Accept packet from host 172.16.0.15 port 1812, id=24, length=230 Proxy-State = 0x313137 Framed-Protocol = PPP Service-Type = Framed-User Class = 0xce4e0b840000013700010200ac10000f00000000c1f0b6db791d9ba301cdc5f9ffdd9c5000 00000000000013 MS-MPPE-Recv-Key = 0x23f719b0d45157837af9e2d7fbdba7dd MS-MPPE-Send-Key = 0x13a8461f37b23d89591fdb2a2f02f1ce MS-CHAP2-Success = 0x06533d45413643313739303838373942324634394134304233443137353646454131324346 373637443143 MS-CHAP-Domain = "\006SKL" # Executing section post-proxy from file /etc/freeradius/sites-enabled/default +- entering group post-proxy {...} [eap] Doing post-proxy callback [eap] Passing reply from proxy back into the tunnel. server inner-tunnel { [eap] Passing reply back for EAP-MS-CHAP-V2 # Executing section post-proxy from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group post-proxy {...} ++[eap] returns noop WARNING: Empty post-auth section. Using default return values. # Executing section post-auth from file /etc/freeradius/sites-enabled/inner-tunnel } # server inner-tunnel [eap] Final reply from tunneled session code 2 Proxy-State = 0x313137 Framed-Protocol = PPP Service-Type = Framed-User Class = 0xce4e0b840000013700010200ac10000f00000000c1f0b6db791d9ba301cdc5f9ffdd9c5000 00000000000013 MS-MPPE-Recv-Key = 0x23f719b0d45157837af9e2d7fbdba7dd MS-MPPE-Send-Key = 0x13a8461f37b23d89591fdb2a2f02f1ce MS-CHAP2-Success = 0x06533d45413643313739303838373942324634394134304233443137353646454131324346 373637443143 MS-CHAP-Domain = "\006SKL" [eap] Got reply 2 freeradius: pthread_mutex_lock.c:321: __pthread_mutex_lock_full: Assertion `robust || (oldval & 0x40000000) == 0' failed. Aborted ----FULL DEBUG----- rad_recv: Access-Request packet from host 172.16.0.5 port 50001, id=111, length=69 User-Name = "test" Calling-Station-Id = "0000005e556e" EAP-Message = 0x020000090174657374 Message-Authenticator = 0xf371f7a858c4cf3987dfbe6446f66f06 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "test", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 0 length 9 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 111 to 172.16.0.5 port 50001 EAP-Message = 0x010100061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xcbe5a788cbe4bedafb635b97ce195b6e Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.16.0.5 port 50001, id=112, length=294 User-Name = "test" Calling-Station-Id = "0000005e556e" EAP-Message = 0x020100d8190016030100cd010000c9030150aa424cdfae162e9899919d786b33090b4b323d aac9fbd35e022e21088cbfdf00005cc014c00a0039003800880087c00fc00500350084c012c0 0800160013c00dc003000ac013c00900330032009a009900450044c00ec004002f0096004100 07c011c007c00cc002000500040015001200090014001100080006000300ff01000044000b00 0403000102000a00340032000100020003000400050006000700080009000a000b000c000d00 0e000f001000110012001300140015001600170018001900230000 Message-Authenticator = 0xbc03ad926311fa1f509d8d04f055b2cb State = 0xcbe5a788cbe4bedafb635b97ce195b6e # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "test", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 1 length 216 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 00cd], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 0031], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 02b4], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange [peap] TLS_accept: SSLv3 write key exchange A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 112 to 172.16.0.5 port 50001 EAP-Message = 0x0102040019c00000050a16030100310200002d030150aa423a46727bd1519ab8bdd743c21e 7463afab834acd5ce281873209acfcfc000039000005ff0100010016030102b40b0002b00002 ad0002aa308202a63082018e020900ec3ae1766fcc1e58300d06092a864886f70d0101050500 3015311330110603550403130a46524545524144495553301e170d3132313131393132333234 365a170d3232313131373132333234365a3015311330110603550403130a4652454552414449 555330820122300d06092a864886f70d01010105000382010f003082010a0282010100ad2f22 a51811df31b40221b1c484460547f03549615668c1c9925ed33a EAP-Message = 0xc57811b046051eb5a8c3e8d5439e955d098320136f13d98d7be0d4681a9259b07cb65ff88c d05bfb0ee0ffc6896c506f3094dca3194c84cdc8ca0868a40dbc9f952ed4302303cd014a6333 4a3ef77d403245cc68c701809a26fb4e1e2f14b4855e75f2163a67693cc92ba0de98abd49e3a 57ba78c6be7afd6de760fcd2ac492ef2cde96961440e06af7ea294f16a00133a9daa4ceadb43 2a543340fcc35ebe2c153f128220380ab9495928eb792aac36367d2438ad7b5a6422efa0f9b7 80481ff5dce1161c17df10ae0460debaf6e7dd19de58510dba5807897b4590dd49f5f2074fb1 0203010001300d06092a864886f70d010105050003820101006f EAP-Message = 0x0f28b6c3f62e6ff85a23bc18537b888884499b4804bc075330eeeadf52814d0a6bf66e6486 f0c0aee368b8b832ae7e25998d3bea7588de8db72a36072b5d6655810b9c44e31c37357530df 6a7806c1d0fef5998c53b4dcc651cd32c6389361bf2fb4171432a9b353c2aaa767bd47ab9046 c2b349d4abab2c1358ec711687e1abfa000904df25baebdf4a3bf314a35e49dd3886e2078140 c3897425d1df13c244d32bf35d7ba7a0dcfc52583b62492e4c2f24dc5c0c895587975ba59d41 9836c9b444b33ee8c3a705b2fa42abcb1e558731ef77da6dcd41e01641cdab1b5896dff9f3f5 2da01680f0b2a463a3d153ea8dd12603093db20314a36da34c66 EAP-Message = 0x9ee1160301020d0c00020900809a9e58f82faf6e17e7ba9255156a584b7719f94b9fb5c434 222600ed1d577c73555bf5da1862faa858342f92c09c11939e07d568f9d6e6de29ad61711040 04316d4b294d479e940e83115b7ff42946a073ffb68f390c21a818ed3f30655f3a797836139b 16045513ab4274a64e1bc89e55dc8b001f9ea450f428e1790844b2d300010200801cf8f3a564 307d7a6164d27f26d0850a9c042b2d0bb060294e9a55cb8b54853e2ab5cde6c7521f80722a21 eb2b568c1776003554a8cceb7b22695fa11af58fcba9f01437851d4566ca12052683ff97ec3c 7cd3a8c334ab0fd222052bf3e9ca741b9c20fde566a80cbcb4a4 EAP-Message = 0xbe74f4d83a7b632d83614e4f Message-Authenticator = 0x00000000000000000000000000000000 State = 0xcbe5a788cae7bedafb635b97ce195b6e Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.16.0.5 port 50001, id=113, length=84 User-Name = "test" Calling-Station-Id = "0000005e556e" EAP-Message = 0x020200061900 Message-Authenticator = 0xf82d7391f32d9674b8c365a8c070aa0a State = 0xcbe5a788cae7bedafb635b97ce195b6e # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "test", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 2 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 113 to 172.16.0.5 port 50001 EAP-Message = 0x0103011a19002b842bb0ed7a481a97010061d39c216a910dff62ae7229be38c500aea894cb 5887c6d1c175513c880bc1175bb7db26a678eb9bfb97fd387d964974353f30eed2e2ce3f8db7 883ff0655249fe2aad3b10edc06b394d46b0a6ea6beb4886bdb5d4717ecdb2a65142bc357b62 5f7ec440f59e7d59b8e8d5b334be8291e620cb5d61915325397aaa47cffae9584d0f683dccce ba8fdb8df4f1adbb05643c83277dffb616859c4076628255f7d1c50437a44d31c3923372132a 29fd1cba2fea712798a8d9d900c69a82749b20749c4ff95f401ca6d963d351bf40dea3178b4d 78262c1ce7e498a4aae87c84c83e6f0ae8d404da69da7f528686 EAP-Message = 0x2630c8cf2cc7f8f07b501a5a9794ffe2af7c83dc16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xcbe5a788c9e6bedafb635b97ce195b6e Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.16.0.5 port 50001, id=114, length=282 User-Name = "test" Calling-Station-Id = "0000005e556e" EAP-Message = 0x020300cc19001603010086100000820080508b290f81a0214e6d10ff2fa89011d6f95aaa8a b474f85a09a7f1febd79f654512ccb197a153107474785ea2daa530e1aaf581d90a763bf295b 74daf18e92c23680c5010b079fe252b01c2aa3328764deb9637398f698fe2c61b391262d8837 fea96a3b488f43ccc01ab55ab312cff623542118ed4a3b4080702b2560a10f98140301000101 1603010030e82da932c8d42c1bcd8719e47f0fc80af867bd8de7ff82d489e8f098a2d0a1154f 280198c65ccfb36686e473c4bc67fc Message-Authenticator = 0xda4d0bbe297d0fcd218364debf022974 State = 0xcbe5a788c9e6bedafb635b97ce195b6e # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "test", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 3 length 204 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 114 to 172.16.0.5 port 50001 EAP-Message = 0x010400411900140301000101160301003003804d439cf6d9771eadef0ee312d8a10442d471 867c4c3c6f8532e90e532ae715a71209d82b320e508a2fd862df963b Message-Authenticator = 0x00000000000000000000000000000000 State = 0xcbe5a788c8e1bedafb635b97ce195b6e Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.16.0.5 port 50001, id=115, length=84 User-Name = "test" Calling-Station-Id = "0000005e556e" EAP-Message = 0x020400061900 Message-Authenticator = 0x6fc3b38cd2d22d3460957666f8c64d77 State = 0xcbe5a788c8e1bedafb635b97ce195b6e # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "test", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS [peap] Session established. Decoding tunneled attributes. [peap] Peap state TUNNEL ESTABLISHED ++[eap] returns handled Sending Access-Challenge of id 115 to 172.16.0.5 port 50001 EAP-Message = 0x0105002b1900170301002091dcf4fb8a45ff43f0b5b0a8ff1ec240a5954cede261fbffc541 537ce0ea8d16 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xcbe5a788cfe0bedafb635b97ce195b6e Finished request 4. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.16.0.5 port 50001, id=116, length=158 User-Name = "test" Calling-Station-Id = "0000005e556e" EAP-Message = 0x0205005019001703010020147d574f2fd8de7e70c7c30c98ff2ff0a8d004e610e1eaa89469 c167ecb7f8e917030100205c7e6b0719ebf5c76c67d2d649bb2b122fe8486542ae427479c421 3aa84785d0 Message-Authenticator = 0x0e70611a43d9fc31d4169f19062666af State = 0xcbe5a788cfe0bedafb635b97ce195b6e # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "test", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 5 length 80 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state WAITING FOR INNER IDENTITY [peap] Identity - test [peap] Got inner identity 'test' [peap] Setting default EAP type for tunneled EAP session. [peap] Got tunneled request EAP-Message = 0x020500090174657374 server { PEAP: Setting User-Name to test Sending tunneled request EAP-Message = 0x020500090174657374 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "test" server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "test", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 5 length 9 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry DEFAULT at line 2 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop } # server inner-tunnel [peap] Got tunneled reply code 0 PEAP: Calling authenticate in order to initiate tunneled EAP session. # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled PEAP: Cancelling proxy to realm Safeword until the tunneled EAP session has been established [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x0106001e1a01060019101f1a5f6f1779ad4d6c22bf2399d769be74657374 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x25bce37525baf980c4060621f65c4ede [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 116 to 172.16.0.5 port 50001 EAP-Message = 0x0106003b19001703010030cd6d34dbb44dc4e38c249b3c54e1d985a5b4a218bd5e80642c4a 6e6ff5d886f3b4d3af297360c7bec81533c421d3e450 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xcbe5a788cee3bedafb635b97ce195b6e Finished request 5. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.16.0.5 port 50001, id=117, length=206 User-Name = "test" Calling-Station-Id = "0000005e556e" EAP-Message = 0x0206008019001703010020d3cf90430c96bb87065bc2e8a04898fbaf343f2266d1903cf633 83490462c40f17030100505cee622dae2fcfc2a313bb5d697bca04acfddc7a9423a9d8d38539 a20b3d06d0e3178899bb66bf63ca79d08d98db46eb495f61214abee133f2cc79ec6d2bfed174 b0bc6bebe00ea6e1954da9084ef5fb Message-Authenticator = 0x3c2e27330b44d0471cff932a68bb50ca State = 0xcbe5a788cee3bedafb635b97ce195b6e # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "test", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 6 length 128 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state phase2 [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x0206003f1a0206003a31b5d1d149fff8769167ae6daf7bc12c7d000000000000000081cf39 15134acdc91503d936b9a9be5832bff9ab46d42bf40074657374 server { PEAP: Setting User-Name to test Sending tunneled request EAP-Message = 0x0206003f1a0206003a31b5d1d149fff8769167ae6daf7bc12c7d000000000000000081cf39 15134acdc91503d936b9a9be5832bff9ab46d42bf40074657374 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "test" State = 0x25bce37525baf980c4060621f65c4ede server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "test", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 6 length 63 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry DEFAULT at line 2 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop } # server inner-tunnel [peap] Got tunneled reply code 0 PEAP: Calling authenticate in order to initiate tunneled EAP session. # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [eap] Not-EAP proxy set. Not composing EAP ++[eap] returns handled PEAP: Tunneled authentication will be proxied to Safeword PEAP: Remembering to do EAP-MS-CHAP-V2 post-proxy. [eap] Tunneled session will be proxied. Not doing EAP. ++[eap] returns handled WARNING: Empty pre-proxy section. Using default return values. Sending Access-Request of id 24 to 172.16.0.15 port 1812 User-Name = "test" MS-CHAP-Challenge = 0x1f1a5f6f1779ad4d6c22bf2399d769be MS-CHAP2-Response = 0x0665b5d1d149fff8769167ae6daf7bc12c7d000000000000000081cf3915134acdc91503d9 36b9a9be5832bff9ab46d42bf4 Proxy-State = 0x313137 Proxying request 6 to home server 172.16.0.15 port 1812 Sending Access-Request of id 24 to 172.16.0.15 port 1812 User-Name = "test" MS-CHAP-Challenge = 0x1f1a5f6f1779ad4d6c22bf2399d769be MS-CHAP2-Response = 0x0665b5d1d149fff8769167ae6daf7bc12c7d000000000000000081cf3915134acdc91503d9 36b9a9be5832bff9ab46d42bf4 Proxy-State = 0x313137 Going to the next request Waking up in 0.9 seconds. rad_recv: Access-Accept packet from host 172.16.0.15 port 1812, id=24, length=230 Proxy-State = 0x313137 Framed-Protocol = PPP Service-Type = Framed-User Class = 0xce4e0b840000013700010200ac10000f00000000c1f0b6db791d9ba301cdc5f9ffdd9c5000 00000000000013 MS-MPPE-Recv-Key = 0x23f719b0d45157837af9e2d7fbdba7dd MS-MPPE-Send-Key = 0x13a8461f37b23d89591fdb2a2f02f1ce MS-CHAP2-Success = 0x06533d45413643313739303838373942324634394134304233443137353646454131324346 373637443143 MS-CHAP-Domain = "\006SKL" # Executing section post-proxy from file /etc/freeradius/sites-enabled/default +- entering group post-proxy {...} [eap] Doing post-proxy callback [eap] Passing reply from proxy back into the tunnel. server inner-tunnel { [eap] Passing reply back for EAP-MS-CHAP-V2 # Executing section post-proxy from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group post-proxy {...} ++[eap] returns noop WARNING: Empty post-auth section. Using default return values. # Executing section post-auth from file /etc/freeradius/sites-enabled/inner-tunnel } # server inner-tunnel [eap] Final reply from tunneled session code 2 Proxy-State = 0x313137 Framed-Protocol = PPP Service-Type = Framed-User Class = 0xce4e0b840000013700010200ac10000f00000000c1f0b6db791d9ba301cdc5f9ffdd9c5000 00000000000013 MS-MPPE-Recv-Key = 0x23f719b0d45157837af9e2d7fbdba7dd MS-MPPE-Send-Key = 0x13a8461f37b23d89591fdb2a2f02f1ce MS-CHAP2-Success = 0x06533d45413643313739303838373942324634394134304233443137353646454131324346 373637443143 MS-CHAP-Domain = "\006SKL" [eap] Got reply 2 freeradius: pthread_mutex_lock.c:321: __pthread_mutex_lock_full: Assertion `robust || (oldval & 0x40000000) == 0' failed. Aborted ]0;root@FREERADIUS: /etc/freeradiusroot@FREERADIUS:/etc/freeradius#
Seth Lampman wrote:
I am trying to take an PEAP/MSCHAPv2 tunnel terminate it at 172.16.0.9 and then proxy it as MSCHAPv2 to an NPS server at 172.16.0.15. This is for a token server that does not allow PEAP. Everything works (I get an ACCEPT from 172.16.0.15) but then freeradius crashes. I have searched the forumns and it looks like others have had this issue but I can seem to find a resolution. Sometimes I get the mutex lock and sometimes I get a segmentation fault.
See doc/bugs
freeradius: pthread_mutex_lock.c:321: __pthread_mutex_lock_full: Assertion `robust || (oldval & 0x40000000) == 0' failed.
That's... bad. Mutexes dying are very bad. At least it's not in the FreeRADIUS code. I'd suggest running a memory checker on the machine. Odds are that the memory is bad. Alan DeKok.
It's a VM and my third one I have created so I am not sure it would be the memory? I am currently using Ubuntu would trying another OS be of any help? I don't always get the mutex, 99% of the time I get segmentation fault. Where do I find docs/bugs? Forgive the noob question but I have looked all over and cant seem to find anything -----Original Message----- From: freeradius-users-bounces+sethklampman=gmail.com@lists.freeradius.org [mailto:freeradius-users-bounces+sethklampman=gmail.com@lists.freeradius.org ] On Behalf Of Alan DeKok Sent: Monday, November 19, 2012 11:30 AM To: FreeRadius users mailing list Subject: Re: Proxying PEAP/MSCHAPv2 to NPS errors Seth Lampman wrote:
I am trying to take an PEAP/MSCHAPv2 tunnel terminate it at 172.16.0.9 and then proxy it as MSCHAPv2 to an NPS server at 172.16.0.15. This is for a token server that does not allow PEAP. Everything works (I get an ACCEPT from 172.16.0.15) but then freeradius crashes. I have searched the forumns and it looks like others have had this issue but I can seem to find a resolution. Sometimes I get the mutex lock and sometimes I get a segmentation fault.
See doc/bugs
freeradius: pthread_mutex_lock.c:321: __pthread_mutex_lock_full: Assertion `robust || (oldval & 0x40000000) == 0' failed.
That's... bad. Mutexes dying are very bad. At least it's not in the FreeRADIUS code. I'd suggest running a memory checker on the machine. Odds are that the memory is bad. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Seth Lampman wrote:
It's a VM and my third one I have created so I am not sure it would be the memory? I am currently using Ubuntu would trying another OS be of any help?
I don't always get the mutex, 99% of the time I get segmentation fault.
Where do I find docs/bugs? Forgive the noob question but I have looked all over and cant seem to find anything
It's in the distribution "tar" file. See also https://github.com/FreeRADIUS/freeradius-server You can wander through the files there. Alan DeKok.
I've been to that site and looked around before as well as countless Google searches. The only thing remotely close to my issue is the certificate and windows XP issue. I rebuilt my environment and this time used the sample certs that according to the readme, are created with the correct attributes when the freeradius -X debug mode is enabled. This is my error that I get most of the time, segmentation fault rad_recv: Access-Request packet from host 172.16.0.5 port 50001, id=163, length=69 User-Name = "seth" Calling-Station-Id = "0000005e5578" EAP-Message = 0x020000090173657468 Message-Authenticator = 0xbc17ddf7a88642004721cbce9340ac69 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "seth", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 0 length 9 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 163 to 172.16.0.5 port 50001 EAP-Message = 0x010100061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb3f7fb74b3f6e22ff520fc1c1d318d6d Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.16.0.5 port 50001, id=164, length=294 User-Name = "seth" Calling-Station-Id = "0000005e5578" EAP-Message = 0x020100d8190016030100cd010000c9030150aa6d36e34704b816ecbf8ba93a0a218168c856 300e80f647154d9f91e5250700005cc014c00a0039003800880087c00fc00500350084c012c0 0800160013c00dc003000ac013c00900330032009a009900450044c00ec004002f0096004100 07c011c007c00cc002000500040015001200090014001100080006000300ff01000044000b00 0403000102000a00340032000100020003000400050006000700080009000a000b000c000d00 0e000f001000110012001300140015001600170018001900230000 Message-Authenticator = 0x8eb56515952e384336bc5ae2817cf375 State = 0xb3f7fb74b3f6e22ff520fc1c1d318d6d # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "seth", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 1 length 216 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 00cd], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 0031], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 02b4], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange [peap] TLS_accept: SSLv3 write key exchange A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 164 to 172.16.0.5 port 50001 EAP-Message = 0x0102040019c00000050a16030100310200002d030150aa6d2183ad3f781358ecb038c84aa5 3d8ecdbaae608ee5fb06a14cbe534e7a000039000005ff0100010016030102b40b0002b00002 ad0002aa308202a63082018e020900ec3ae1766fcc1e58300d06092a864886f70d0101050500 3015311330110603550403130a46524545524144495553301e170d3132313131393132333234 365a170d3232313131373132333234365a3015311330110603550403130a4652454552414449 555330820122300d06092a864886f70d01010105000382010f003082010a0282010100ad2f22 a51811df31b40221b1c484460547f03549615668c1c9925ed33a EAP-Message = 0xc57811b046051eb5a8c3e8d5439e955d098320136f13d98d7be0d4681a9259b07cb65ff88c d05bfb0ee0ffc6896c506f3094dca3194c84cdc8ca0868a40dbc9f952ed4302303cd014a6333 4a3ef77d403245cc68c701809a26fb4e1e2f14b4855e75f2163a67693cc92ba0de98abd49e3a 57ba78c6be7afd6de760fcd2ac492ef2cde96961440e06af7ea294f16a00133a9daa4ceadb43 2a543340fcc35ebe2c153f128220380ab9495928eb792aac36367d2438ad7b5a6422efa0f9b7 80481ff5dce1161c17df10ae0460debaf6e7dd19de58510dba5807897b4590dd49f5f2074fb1 0203010001300d06092a864886f70d010105050003820101006f EAP-Message = 0x0f28b6c3f62e6ff85a23bc18537b888884499b4804bc075330eeeadf52814d0a6bf66e6486 f0c0aee368b8b832ae7e25998d3bea7588de8db72a36072b5d6655810b9c44e31c37357530df 6a7806c1d0fef5998c53b4dcc651cd32c6389361bf2fb4171432a9b353c2aaa767bd47ab9046 c2b349d4abab2c1358ec711687e1abfa000904df25baebdf4a3bf314a35e49dd3886e2078140 c3897425d1df13c244d32bf35d7ba7a0dcfc52583b62492e4c2f24dc5c0c895587975ba59d41 9836c9b444b33ee8c3a705b2fa42abcb1e558731ef77da6dcd41e01641cdab1b5896dff9f3f5 2da01680f0b2a463a3d153ea8dd12603093db20314a36da34c66 EAP-Message = 0x9ee1160301020d0c00020900809a9e58f82faf6e17e7ba9255156a584b7719f94b9fb5c434 222600ed1d577c73555bf5da1862faa858342f92c09c11939e07d568f9d6e6de29ad61711040 04316d4b294d479e940e83115b7ff42946a073ffb68f390c21a818ed3f30655f3a797836139b 16045513ab4274a64e1bc89e55dc8b001f9ea450f428e1790844b2d3000102008049ad739880 e60cd5ab6cbfb975e09c7be684be43e60ca36bea77b864a676aeaf0b1a7d0735442b2e4cf9e4 ab09db8e571436d50c07755af1f1fdf2f2f26ea48ec68ea3bbf03341079c7e4be60a920838b6 59371aaa0b0eddde3071c434048106856c487571bdb60c8daacd EAP-Message = 0xeea8af6be108602a972da786 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb3f7fb74b2f5e22ff520fc1c1d318d6d Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.16.0.5 port 50001, id=165, length=84 User-Name = "seth" Calling-Station-Id = "0000005e5578" EAP-Message = 0x020200061900 Message-Authenticator = 0xda9c475758c7e807e5258014a244ebc0 State = 0xb3f7fb74b2f5e22ff520fc1c1d318d6d # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "seth", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 2 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 165 to 172.16.0.5 port 50001 EAP-Message = 0x0103011a1900933f108371577c78a801000c1860fa6efc03a1a3e8a32626f84bc2ae2546c8 1f310d24a501c85e20dca446334a853b6362810a97c1448258628f25dfb7d26d1343c139b14c 000fc5d8a6ab9297a022dd6187a99e2459ff68ee85d0207091ba50f4dfd7b6be7ec7f12c04dc caacbdb0da838456d46c0590c7861f786643cf7162f5a37c5f1a206f6bec3b09f5e9f815f435 66253f39feb1efd37f50678c9c91b898f5eff1e34ce36b578d342a5cd70d45a7c43f8e166ed2 af85cd905dbaeaf34c39fb7c68cc4510a9326bdcb4b5b043ea143a0ce70b6ac5c451701eadc9 43cf2f646258a1367367a2aed101650e201ae76588b345cb9a7d EAP-Message = 0xe838bb5b00d5f6336bb64efa1a7c23de45225a2b16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb3f7fb74b1f4e22ff520fc1c1d318d6d Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.16.0.5 port 50001, id=166, length=282 User-Name = "seth" Calling-Station-Id = "0000005e5578" EAP-Message = 0x020300cc190016030100861000008200805019c0695be0e54a719c0242ef0aace901421719 825c01f28d1d4f081451e0bfe6cb42c8d454eba6fd94c1c6e846ccf81059cce89960000a0c7f fffece9b16e0059cf5c6d0f0db0e11fe56010957b6d21f45a8fb7b8035a281bb9c9abfef1c60 e34542f3cab9d30a61749bc4bb60a4dd11fe8f415089f5b5362dea5c3ec5245e140301000101 1603010030ee97b56ff364cd0b1c7cee916614ba9e8737b23efd37470c47faeca770d34b592c 07d3b723dc135fcff01fc5c6fd863a Message-Authenticator = 0x3b338d63e94f7486a21cc273de803835 State = 0xb3f7fb74b1f4e22ff520fc1c1d318d6d # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "seth", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 3 length 204 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 166 to 172.16.0.5 port 50001 EAP-Message = 0x010400411900140301000101160301003043c4e00f2601293467b6fb58f047ef50ee7dde9f f4b97b7a8e86954b458914794445b936597275f225b4719401ed1b36 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb3f7fb74b0f3e22ff520fc1c1d318d6d Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.16.0.5 port 50001, id=167, length=84 User-Name = "seth" Calling-Station-Id = "0000005e5578" EAP-Message = 0x020400061900 Message-Authenticator = 0xab23e1b9844cfa58d3307f9ebc20385d State = 0xb3f7fb74b0f3e22ff520fc1c1d318d6d # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "seth", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS [peap] Session established. Decoding tunneled attributes. [peap] Peap state TUNNEL ESTABLISHED ++[eap] returns handled Sending Access-Challenge of id 167 to 172.16.0.5 port 50001 EAP-Message = 0x0105002b19001703010020c710eafcfd876aa9316fcc41e5e905f791a021460fe3850a7e99 28d6cfa8305b Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb3f7fb74b7f2e22ff520fc1c1d318d6d Finished request 4. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.16.0.5 port 50001, id=168, length=158 User-Name = "seth" Calling-Station-Id = "0000005e5578" EAP-Message = 0x02050050190017030100202c5ac8e99adca13b1a6c098ea6dc0cb178d151dfc43cdf970544 c3e2e9e3b1ec170301002015109a5fcbcd44cbca1dd5dd6673304998bd2492a440c94848652e 2f1a035e9c Message-Authenticator = 0x213122e61bf7a8bc3e6bff3be796d62f State = 0xb3f7fb74b7f2e22ff520fc1c1d318d6d # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "seth", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 5 length 80 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state WAITING FOR INNER IDENTITY [peap] Identity - seth [peap] Got inner identity 'seth' [peap] Setting default EAP type for tunneled EAP session. [peap] Got tunneled request EAP-Message = 0x020500090173657468 server { PEAP: Setting User-Name to seth Sending tunneled request EAP-Message = 0x020500090173657468 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "seth" Calling-Station-Id = "0000005e5578" NAS-IP-Address = 172.16.0.5 server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "seth", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 5 length 9 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry DEFAULT at line 2 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop } # server inner-tunnel [peap] Got tunneled reply code 0 PEAP: Calling authenticate in order to initiate tunneled EAP session. # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled PEAP: Cancelling proxy to realm Safeword until the tunneled EAP session has been established [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x0106001e1a01060019107aeaed2dcb79f4fb0ee4cdb4dc8d670673657468 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x69fe80c169f89a9253f2ef21c2e94100 [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 168 to 172.16.0.5 port 50001 EAP-Message = 0x0106003b190017030100308bc2f072cb4578e12d618bb6e2a69569b23eda4f9faa20ef5422 ba59802274a06ccc253658006784b09cb70a2c8aaa4c Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb3f7fb74b6f1e22ff520fc1c1d318d6d Finished request 5. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.16.0.5 port 50001, id=169, length=206 User-Name = "seth" Calling-Station-Id = "0000005e5578" EAP-Message = 0x020600801900170301002015bf4b731b9f75694b700d2ea5ea707c6de1cc4e6e54bfd9ccda 2482d5a6baa2170301005067f8a3546cb54746390681b138e7b238e2a9d55db4953363c729ef 946bf26d8be2406ab290dfd965ee9e18d6bc1d42d9b433675817b5c34958f22b142fc17b2c7a 8e637482fd2a2d0878226c5b9303a1 Message-Authenticator = 0xc83ab7bcbdc56f1cc6c953dd563e473f State = 0xb3f7fb74b6f1e22ff520fc1c1d318d6d # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "seth", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 6 length 128 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state phase2 [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x0206003f1a0206003a3190378276dcde5c5ff6a54ad1eb9cf4bd0000000000000000554292 e609cc06712699b8aa934a67af0fe4041f8280bde30073657468 server { PEAP: Setting User-Name to seth Sending tunneled request EAP-Message = 0x0206003f1a0206003a3190378276dcde5c5ff6a54ad1eb9cf4bd0000000000000000554292 e609cc06712699b8aa934a67af0fe4041f8280bde30073657468 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "seth" State = 0x69fe80c169f89a9253f2ef21c2e94100 Calling-Station-Id = "0000005e5578" NAS-IP-Address = 172.16.0.5 server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "seth", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 6 length 63 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry DEFAULT at line 2 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop } # server inner-tunnel [peap] Got tunneled reply code 0 PEAP: Calling authenticate in order to initiate tunneled EAP session. # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [eap] Not-EAP proxy set. Not composing EAP ++[eap] returns handled PEAP: Tunneled authentication will be proxied to Safeword PEAP: Remembering to do EAP-MS-CHAP-V2 post-proxy. [eap] Tunneled session will be proxied. Not doing EAP. ++[eap] returns handled WARNING: Empty pre-proxy section. Using default return values. Sending Access-Request of id 169 to 172.16.0.15 port 1812 User-Name = "seth" Calling-Station-Id = "0000005e5578" NAS-IP-Address = 172.16.0.5 MS-CHAP-Challenge = 0x7aeaed2dcb79f4fb0ee4cdb4dc8d6706 MS-CHAP2-Response = 0x066590378276dcde5c5ff6a54ad1eb9cf4bd0000000000000000554292e609cc06712699b8 aa934a67af0fe4041f8280bde3 Proxy-State = 0x313639 Proxying request 6 to home server 172.16.0.15 port 1812 Sending Access-Request of id 169 to 172.16.0.15 port 1812 User-Name = "seth" Calling-Station-Id = "0000005e5578" NAS-IP-Address = 172.16.0.5 MS-CHAP-Challenge = 0x7aeaed2dcb79f4fb0ee4cdb4dc8d6706 MS-CHAP2-Response = 0x066590378276dcde5c5ff6a54ad1eb9cf4bd0000000000000000554292e609cc06712699b8 aa934a67af0fe4041f8280bde3 Proxy-State = 0x313639 Going to the next request Waking up in 0.9 seconds. rad_recv: Access-Accept packet from host 172.16.0.15 port 1812, id=169, length=230 Proxy-State = 0x313639 Framed-Protocol = PPP Service-Type = Framed-User Class = 0xce510b870000013700010200ac10000f00000000c1f0b6db791d9ba301cdc5f9ffdd9c5000 00000000000016 MS-MPPE-Recv-Key = 0xd4fda3950a54e46e9f1d2100f5fd2849 MS-MPPE-Send-Key = 0xe32328a8112e1ff06f5dba33df953287 MS-CHAP2-Success = 0x06533d46443130454631324241314635313645354433383831304430423639384344433645 453141383734 MS-CHAP-Domain = "\006SKL" # Executing section post-proxy from file /etc/freeradius/sites-enabled/default +- entering group post-proxy {...} [eap] Doing post-proxy callback [eap] Passing reply from proxy back into the tunnel. server inner-tunnel { [eap] Passing reply back for EAP-MS-CHAP-V2 # Executing section post-proxy from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group post-proxy {...} ++[eap] returns noop WARNING: Empty post-auth section. Using default return values. # Executing section post-auth from file /etc/freeradius/sites-enabled/inner-tunnel } # server inner-tunnel [eap] Final reply from tunneled session code 2 Proxy-State = 0x313639 Framed-Protocol = PPP Service-Type = Framed-User Class = 0xce510b870000013700010200ac10000f00000000c1f0b6db791d9ba301cdc5f9ffdd9c5000 00000000000016 MS-MPPE-Recv-Key = 0xd4fda3950a54e46e9f1d2100f5fd2849 MS-MPPE-Send-Key = 0xe32328a8112e1ff06f5dba33df953287 MS-CHAP2-Success = 0x06533d46443130454631324241314635313645354433383831304430423639384344433645 453141383734 MS-CHAP-Domain = "\006SKL" [eap] Got reply 2 Segmentation fault -----Original Message----- From: freeradius-users-bounces+sethklampman=gmail.com@lists.freeradius.org [mailto:freeradius-users-bounces+sethklampman=gmail.com@lists.freeradius.org ] On Behalf Of Alan DeKok Sent: Monday, November 19, 2012 12:17 PM To: FreeRadius users mailing list Subject: Re: Proxying PEAP/MSCHAPv2 to NPS errors Seth Lampman wrote:
It's a VM and my third one I have created so I am not sure it would be the memory? I am currently using Ubuntu would trying another OS be of any help?
I don't always get the mutex, 99% of the time I get segmentation fault.
Where do I find docs/bugs? Forgive the noob question but I have looked all over and cant seem to find anything
It's in the distribution "tar" file. See also https://github.com/FreeRADIUS/freeradius-server You can wander through the files there. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
I've been to that site and looked around before as well as countless Google searches. The only thing remotely close to my issue is the certificate and windows XP issue. I rebuilt my environment and this time used the sample certs that according to the readme, are created with the correct attributes when the freeradius -X debug mode is enabled.
doc/bugs is in the distribution archive. it contains info about what to do when you hit such a segmentation fault. basically, a good start is to run the server through gdb alan
Seth Lampman wrote:
I've been to that site and looked around before as well as countless Google searches.
You HAVE NOT READ the doc/bugs file. It's easily reachable from the URL I sent you. Click on the "doc" directory, and then the "bugs" file. Read it. Follow the instructions in the file. Honestly, this shouldn't be rocket science.
The only thing remotely close to my issue is the certificate and windows XP issue. I rebuilt my environment and this time used the sample certs that according to the readme, are created with the correct attributes when the freeradius -X debug mode is enabled.
This is my error that I get most of the time, segmentation fault
Which you said before. I *did* read your message. I also told you what *we* needed in order to help you. You didn't seem to read *my* message. Follow instructions, or you will be unsubscribed and banned from the list. That seems harsh, but it's the *only* thing we've done in the past 12 years which makes people follow instructions. Alan DeKok.
On 19/11/12 17:42, Seth Lampman wrote:
I've been to that site and looked around before as well as countless Google searches. The only thing remotely close to my issue is the certificate and
No, this issue is a crash. Totally different. doc/bugs basically describes running the server under "gdb" and getting a traceback. It's here: https://github.com/FreeRADIUS/freeradius-server/blob/master/doc/bugs I don't understand how you're not finding it - it's the 2nd hit on Google for "freeradius doc/bugs" Anyway - read and follow those instructions, and we can help.
Sorry guys... I am not a software developer and my Linux experience is really lacking. I tried following the doc and the first thing I am greeted with on the freeradius server is ./configure --enable-developer, No such file or directory. This doc is supposed to be for a user not a developer but I am totally lost. Basically I do not know what I am doing and can't expect you guys to stoop to my level. -----Original Message----- From: freeradius-users-bounces+sethklampman=gmail.com@lists.freeradius.org [mailto:freeradius-users-bounces+sethklampman=gmail.com@lists.freeradius.org ] On Behalf Of Phil Mayers Sent: Monday, November 19, 2012 1:31 PM To: freeradius-users@lists.freeradius.org Subject: Re: Proxying PEAP/MSCHAPv2 to NPS errors On 19/11/12 17:42, Seth Lampman wrote:
I've been to that site and looked around before as well as countless Google searches. The only thing remotely close to my issue is the certificate and
No, this issue is a crash. Totally different. doc/bugs basically describes running the server under "gdb" and getting a traceback. It's here: https://github.com/FreeRADIUS/freeradius-server/blob/master/doc/bugs I don't understand how you're not finding it - it's the 2nd hit on Google for "freeradius doc/bugs" Anyway - read and follow those instructions, and we can help. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Seth Lampman wrote:
Sorry guys... I am not a software developer and my Linux experience is really lacking.
Well, we don't have access to your system, so we can't figure out the problem, either.
I tried following the doc and the first thing I am greeted with on the freeradius server is ./configure --enable-developer, No such file or directory.
It presumes you're building from the "tar" file, and not using a pre-installed package. Alan DeKok.
There is my problem. I did the pre-installed package. I will do some research and see if I can do the tar package and then start over -----Original Message----- From: freeradius-users-bounces+sethklampman=gmail.com@lists.freeradius.org [mailto:freeradius-users-bounces+sethklampman=gmail.com@lists.freeradius.org ] On Behalf Of Alan DeKok Sent: Monday, November 19, 2012 2:12 PM To: FreeRadius users mailing list Subject: Re: Proxying PEAP/MSCHAPv2 to NPS errors Seth Lampman wrote:
Sorry guys... I am not a software developer and my Linux experience is really lacking.
Well, we don't have access to your system, so we can't figure out the problem, either.
I tried following the doc and the first thing I am greeted with on the freeradius server is ./configure --enable-developer, No such file or directory.
It presumes you're building from the "tar" file, and not using a pre-installed package. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Figured it out sorry for the confusion. I installed a FreeBSD VM an repeated the same config and it works great. Not sure why the same exact config crashes and burns on Ubuntu. Anyway the end result is what counts Thanks again -----Original Message----- From: freeradius-users-bounces+sethklampman=gmail.com@lists.freeradius.org [mailto:freeradius-users-bounces+sethklampman=gmail.com@lists.freeradius.org ] On Behalf Of Alan DeKok Sent: Monday, November 19, 2012 2:12 PM To: FreeRadius users mailing list Subject: Re: Proxying PEAP/MSCHAPv2 to NPS errors Seth Lampman wrote:
Sorry guys... I am not a software developer and my Linux experience is really lacking.
Well, we don't have access to your system, so we can't figure out the problem, either.
I tried following the doc and the first thing I am greeted with on the freeradius server is ./configure --enable-developer, No such file or directory.
It presumes you're building from the "tar" file, and not using a pre-installed package. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (4)
-
alan buxey -
Alan DeKok -
Phil Mayers -
Seth Lampman