Invalid Operator on 64bit Systems (amd64)

Bernd Strehhuber freeradius at inti.inka.de
Sat Jul 18 13:46:33 CEST 2009


Hi,

just found a weird behavior on 64bit Systems (Ubuntu 8.04 LTS amd64) 
with freeradius 1.1.7 (Dist Package 1.1.7-1build4).

I created a setup with Validity Ranges for usernames and/or realms
(Data is stored in a mysql Database):

- for the realm -

| id  | Realm | Attribute      | op | Value       | Type        |
| 178 | test  | group-validity | <= | 1388534400  | RadiusCheck | 
| 177 | test  | group-validity | >= | 1143849600  | RadiusCheck | 

- for the user -

| id  | User | Realm | Attribute        | op | Value      | Type        |
| 201 | user | test  | account-validity | >= | 1226448000 | RadiusCheck | 
| 202 | user | test  | account-validity | <= | 1860105600 | RadiusCheck | 

freeradius on amd64 refuses to accept my access request to the user
user at test:

 Sat Jul 18 12:19:55 2009 : Error: Invalid operator for item
   account-validity: reverting to '=='
 Sat Jul 18 12:19:55 2009 : Auth: Login incorrect: [user at test] 
   (from client local port 0)

If I delete the validity for the username, a access request is still
refused:

 Sat Jul 18 12:23:03 2009 : Error: Invalid operator for item
   group-validity: reverting to '=='
 Sat Jul 18 12:23:03 2009 : Auth: Login incorrect: [user at test]
   (from client local port 0)

If I delete the validity for the realm too, everything is ok:

 Sat Jul 18 12:25:28 2009 : Auth: Login OK: [user at test] 
   (from client local port 0)

I found a question about Expiration/rlm_sql bug in 64-bit architecture
here on the List dated two years ago. But no solution for the problem.

So it might be a problem on 64bit Systems. I checked that with a 
fresh install of Ubuntu 8.04 LTS i386 (32bit) and freeradius also in
Version 1.1.7 (same Dist Package Version 1.1.7-1build4), but as i386 Package 
of course. Config is the same as on the 64bit System (also with mysql as 
storage for the user credentials).

The result is, that on 32bit Ubuntu, a access request is accepted,
and account/group validity is checked correctly:

 Sat Jul 18 12:36:29 2009 : Auth: Login OK: [user at test] 
   (from client local port 0)

The question is now, what can be done to get the Operators "<=" and ">="
working with freeradius 1.1.7 on amd64 Systems?

TIA
Bernd




More information about the Freeradius-Users mailing list