ippool problem

milver nisay mnisay at aim-consultants.com
Fri Jul 15 15:45:26 CEST 2005


Check user access and access permissions from radiusd.conf and from

the files and folders

 

  _____  

From: abernabe at mutua-mad.es [mailto:abernabe at mutua-mad.es] 
Sent: Friday, July 15, 2005 11:05 AM
To: mnisay at aim-consultants.com; FreeRadius users mailing list
Subject: RE: ippool problem

 


radius -X  doesn´t show any error or warning until the end (Segmentation fault). You can see the result of my last execution: 

Starting - reading configuration files ... 
reread_config:  reading radiusd.conf 
Config:   including file: /usr/local/etc/raddb/proxy.conf 
Config:   including file: /usr/local/etc/raddb/clients.conf 
Config:   including file: /usr/local/etc/raddb/snmp.conf 
Config:   including file: /usr/local/etc/raddb/eap.conf 
Config:   including file: /usr/local/etc/raddb/sql.conf 
 main: prefix = "/usr/local" 
 main: localstatedir = "/usr/local/var" 
 main: logdir = "/usr/local/var/log/radius" 
 main: libdir = "/usr/local/lib" 
 main: radacctdir = "/usr/local/var/log/radius/radacct" 
 main: hostname_lookups = no 
 main: max_request_time = 30 
 main: cleanup_delay = 5 
 main: max_requests = 1024 
 main: delete_blocked_requests = 0 
 main: port = 1645 
 main: allow_core_dumps = no 
 main: log_stripped_names = no 
 main: log_file = "/usr/local/var/log/radius/radius.log" 
 main: log_auth = no 
 main: log_auth_badpass = no 
 main: log_auth_goodpass = no 
 main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" 
 main: user = "(null)" 
 main: group = "(null)" 
 main: usercollide = no 
 main: lower_user = "no" 
 main: lower_pass = "no" 
 main: nospace_user = "no" 
 main: nospace_pass = "no" 
 main: checkrad = "/usr/local/sbin/checkrad" 
 main: proxy_requests = yes 
 proxy: retry_delay = 5 
 proxy: retry_count = 3 
 proxy: synchronous = no 
 proxy: default_fallback = yes 
 proxy: dead_time = 120 
 proxy: post_proxy_authorize = yes 
 proxy: wake_all_if_all_dead = no 
 security: max_attributes = 200 
 security: reject_delay = 1 
 security: status_server = no 
 main: debug_level = 0 
read_config_files:  reading dictionary 
read_config_files:  reading naslist 
Using deprecated naslist file.  Support for this will go away soon. 
read_config_files:  reading clients 
read_config_files:  reading realms 
radiusd:  entering modules setup 
Module: Library search path is /usr/local/lib 
Module: Loaded exec 
 exec: wait = yes 
 exec: program = "(null)" 
 exec: input_pairs = "request" 
 exec: output_pairs = "(null)" 
 exec: packet_type = "(null)" 
rlm_exec: Wait=yes but no output defined. Did you mean output=none? 
Module: Instantiated exec (exec) 
Module: Loaded expr 
Module: Instantiated expr (expr) 
Module: Loaded PAP 
 pap: encryption_scheme = "crypt" 
Module: Instantiated pap (pap) 
Module: Loaded CHAP 
Module: Instantiated chap (chap) 
Module: Loaded MS-CHAP 
 mschap: use_mppe = yes 
 mschap: require_encryption = no 
 mschap: require_strong = no 
 mschap: with_ntdomain_hack = no 
 mschap: passwd = "(null)" 
 mschap: authtype = "MS-CHAP" 
 mschap: ntlm_auth = "(null)" 
Module: Instantiated mschap (mschap) 
Module: Loaded System 
 unix: cache = no 
 unix: passwd = "(null)" 
 unix: shadow = "(null)" 
 unix: group = "(null)" 
 unix: radwtmp = "/usr/local/var/log/radius/radwtmp" 
 unix: usegroup = no 
 unix: cache_reload = 600 
Module: Instantiated unix (unix) 
Module: Loaded eap 
 eap: default_eap_type = "md5" 
 eap: timer_expire = 60 
 eap: ignore_unknown_eap_types = no 
 eap: cisco_accounting_username_bug = no 
rlm_eap: Loaded and initialized type md5 
rlm_eap: Loaded and initialized type leap 
 gtc: challenge = "Password: " 
 gtc: auth_type = "PAP" 
rlm_eap: Loaded and initialized type gtc 
 mschapv2: with_ntdomain_hack = no 
rlm_eap: Loaded and initialized type mschapv2 
Module: Instantiated eap (eap) 
Module: Loaded preprocess 
 preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" 
 preprocess: hints = "/usr/local/etc/raddb/hints" 
 preprocess: with_ascend_hack = no 
 preprocess: ascend_channels_per_line = 23 
 preprocess: with_ntdomain_hack = no 
 preprocess: with_specialix_jetstream_hack = no 
 preprocess: with_cisco_vsa_hack = no 
Module: Instantiated preprocess (preprocess) 
Module: Loaded realm 
 realm: format = "suffix" 
 realm: delimiter = "@" 
 realm: ignore_default = no 
 realm: ignore_null = no 
Module: Instantiated realm (suffix) 
Module: Loaded files 
 files: usersfile = "/usr/local/etc/raddb/users" 
 files: acctusersfile = "/usr/local/etc/raddb/acct_users" 
 files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users" 
 files: compat = "no" 
Module: Instantiated files (files) 
Module: Loaded Acct-Unique-Session-Id 
 acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" 
Module: Instantiated acct_unique (acct_unique) 
Module: Loaded detail 
 detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" 
 detail: detailperm = 384 
 detail: dirperm = 493 
 detail: locking = no 
Module: Instantiated detail (detail) 
Module: Loaded radutmp 
 radutmp: filename = "/usr/local/var/log/radius/radutmp" 
 radutmp: username = "%{User-Name}" 
 radutmp: case_sensitive = yes 
 radutmp: check_with_nas = yes 
 radutmp: perm = 384 
 radutmp: callerid = yes 
Module: Instantiated radutmp (radutmp) 
Segmentation fault 

And the config for the post-auth and accounting: 

# 
#  Accounting.  Log the accounting data. 
# 
accounting { 
        # 
        #  Create a 'detail'ed log of the packets. 
        #  Note that accounting requests which are proxied 
        #  are also logged in the detail file. 
        detail 
#       daily 

        #  Update the wtmp file 
        # 
        #  If you don't use "radlast", you can delete this line. 
        unix 

        # 
        #  For Simultaneous-Use tracking. 
        # 
        #  Due to packet losses in the network, the data here 
        #  may be incorrect.  There is little we can do about it. 
        radutmp 
#       sradutmp 

        #  Return an address to the IP Pool when we see a stop record. 
#       main_pool 
######### My two ippools 
        1 
        2 
        # 
        #  Log traffic to an SQL database. 
        # 
        #  See "Accounting queries" in sql.conf 
#       sql 


        #  Cisco VoIP specific bulk accounting 
#       pgsql-voip 

} 


#  Post-Authentication 
#  Once we KNOW that the user has been authenticated, there are 
#  additional steps we can take. 
post-auth { 
        #  Get an address from the IP Pool. 
#       main_pool 
###### My two ippools 
        1 
        2 
        # 
        #  If you want to have a log of authentication replies, 
        #  un-comment the following line, and the 'detail reply_log' 
        #  section, above. 
#       reply_log 

        # 
        #  After authenticating the user, do another SQL qeury. 
        # 
        #  See "Authentication Logging Queries" in sql.conf 
#       sql 

        # 
        #  Un-comment the following if you have set 
        #  'edir_account_policy_check = yes' in the ldap module sub-section of 
        #  the 'modules' section. 
        # 
#       ldap 
        # 
        #  Access-Reject packets are sent through the REJECT sub-section of the 
        #  post-auth section. 
        #  Uncomment the following and set the module name to the ldap instance 
        #  name if you have set 'edir_account_policy_check = yes' in the ldap 
        #  module sub-section of the 'modules' section. 
        # 
#       Post-Auth-Type REJECT { 
#               insert-module-name-here 
#       } 

} 



freeradius-users-bounces at lists.freeradius.org escribió el 15/07/2005 10:44:20:

> What does radiusd –X tells you? 
> Can you post more info from your accounting and post-auth section? 
>   
> 
> From: freeradius-users-bounces at lists.freeradius.org [mailto:
> freeradius-users-bounces at lists.freeradius.org] On Behalf Of 
> abernabe at mutua-mad.es
> Sent: Friday, July 15, 2005 7:42 AM
> To: freeradius-users at lists.freeradius.org
> Subject: ippool problem 
>   
> 
> Hello, 
> 
> I´m trying to configure a FreeRadius 1.0.4 in Red Hat 8.0. 
> Everything works OK until I add the ippool in the "post-auth" and 
> "accounting" section. 
> 
> When I start the server I get always the error "Segmentation Fault" 
> after loading radutmp, just when it tries to load the ippool in the 
> "accounting" section 
> 
> I have the following configuration in the ippool module: 
> 
>         ippool 2 { 
>                 range-start = 172.20.1.1 
>                 range-stop = 172.20.1.254 
>                 netmask = 255.255.255.0 
>                 cache-size = 254 
>                 session-db = ${raddbdir}/db.ippool 
>                 ip-index = ${raddbdir}/db.ipindex 
>                 override = yes 
>                 maximum-timeout = 0 
>         } 
> 
> Do you know if I´m doing something wrong? 
> 
> Thanks - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20050715/2973a0c6/attachment.html>


More information about the Freeradius-Users mailing list