FreeRadius 2.2.3 segfault
adrian.p.smith at bt.com
adrian.p.smith at bt.com
Mon Jan 27 19:10:15 CET 2014
I had "eap" in my post-proxy section and removing it solves this one. I will need to re-test but, as I have:
eap {
ok = return
}
In authorize section but no eap in authenticate section this should be ok?
-----Original Message-----
From: freeradius-users-bounces+adrian.p.smith=bt.com at lists.freeradius.org [mailto:freeradius-users-bounces+adrian.p.smith=bt.com at lists.freeradius.org] On Behalf Of adrian.p.smith at bt.com
Sent: 27 January 2014 16:44
To: freeradius-users at lists.freeradius.org
Subject: RE: FreeRadius 2.2.3 segfault
[root at bt sbin]# gdb radiusd
GNU gdb Fedora (6.8-27.el5)
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu"...
(gdb) set logging file gdb-radiusd.log
(gdb) set logging on
Copying output to gdb-radiusd.log.
(gdb) set args -f
(gdb) run
Starting program: /usr/local/sbin/radiusd -f [Thread debugging using libthread_db enabled] [New Thread 0x2ad9ae730210 (LWP 24676)] [New Thread 0x42176940 (LWP 24679)] [New Thread 0x42b77940 (LWP 24680)] [New Thread 0x43578940 (LWP 24681)] [New Thread 0x43f79940 (LWP 24682)] [New Thread 0x4497a940 (LWP 24683)]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x4497a940 (LWP 24683)] 0x00002ad9af95118c in eap_post_proxy (inst=0x5cddb50, request=0x5d08450) at rlm_eap.c:669
669 vp = request->proxy_reply->vps;
(gdb) info threads
* 6 Thread 0x4497a940 (LWP 24683) 0x00002ad9af95118c in eap_post_proxy (inst=0x5cddb50,
request=0x5d08450) at rlm_eap.c:669
5 Thread 0x43f79940 (LWP 24682) 0x00002ad9ac81c6b1 in sem_wait () from /lib64/libpthread.so.0
4 Thread 0x43578940 (LWP 24681) 0x00002ad9ac81c6b1 in sem_wait () from /lib64/libpthread.so.0
3 Thread 0x42b77940 (LWP 24680) 0x00002ad9ac81c6b1 in sem_wait () from /lib64/libpthread.so.0
2 Thread 0x42176940 (LWP 24679) 0x00002ad9ac81c6b1 in sem_wait () from /lib64/libpthread.so.0
1 Thread 0x2ad9ae730210 (LWP 24676) 0x00002ad9ad13b5f2 in select () from /lib64/libc.so.6
[root at bt sbin]# ./radiusd -xv
Mon Jan 27 16:41:58 2014 : Info: radiusd: FreeRADIUS Version 2.2.3, for host x86_64-unknown-linux-gnu, built on Jan 27 2014 at 15:38:07 Mon Jan 27 16:41:58 2014 : Debug: Server was built with:
Mon Jan 27 16:41:58 2014 : Debug: accounting
Mon Jan 27 16:41:58 2014 : Debug: authentication
Mon Jan 27 16:41:58 2014 : Debug: WITH_DHCP Mon Jan 27 16:41:58 2014 : Debug: WITH_VMPS Mon Jan 27 16:41:58 2014 : Debug: Server core libs:
Mon Jan 27 16:41:58 2014 : Debug: ssl: OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
Mon Jan 27 16:41:58 2014 : Info: Copyright (C) 1999-2013 The FreeRADIUS server project and contributors.
Mon Jan 27 16:41:58 2014 : Info: There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A Mon Jan 27 16:41:58 2014 : Info: PARTICULAR PURPOSE.
Mon Jan 27 16:41:58 2014 : Info: You may redistribute copies of FreeRADIUS under the terms of the Mon Jan 27 16:41:58 2014 : Info: GNU General Public License.
Mon Jan 27 16:41:58 2014 : Info: For more information about these matters, see the file named COPYRIGHT.
-----Original Message-----
From: freeradius-users-bounces+adrian.p.smith=bt.com at lists.freeradius.org [mailto:freeradius-users-bounces+adrian.p.smith=bt.com at lists.freeradius.org] On Behalf Of adrian.p.smith at bt.com
Sent: 27 January 2014 15:33
To: freeradius-users at lists.freeradius.org
Subject: RE: FreeRadius 2.2.3 segfault
OK, doing the thing in doc/bugs :-)
-----Original Message-----
From: freeradius-users-bounces+adrian.p.smith=bt.com at lists.freeradius.org [mailto:freeradius-users-bounces+adrian.p.smith=bt.com at lists.freeradius.org] On Behalf Of adrian.p.smith at bt.com
Sent: 27 January 2014 14:42
To: freeradius-users at lists.freeradius.org
Subject: FreeRadius 2.2.3 segfault
I'm getting a crash. /var/log/messages says:
Jan 27 14:24:05 localhost kernel: radiusd[14162]: segfault at 0000000000000070 rip 00002b17454280fc rsp 00007fff7b42b640 error 4
Output from radius -X
radiusd: FreeRADIUS Version 2.2.3, for host x86_64-redhat-linux-gnu, built on Jan 27 2014 at 10:39:07 Copyright (C) 1999-2013 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License.
For more information about these matters, see the file named COPYRIGHT.
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf including configuration file /etc/raddb/proxy.conf including configuration file /etc/raddb/clients.conf including files in directory /etc/raddb/modules/ including configuration file /etc/raddb/modules/policy including configuration file /etc/raddb/modules/ntlm_auth including configuration file /etc/raddb/modules/radutmp including configuration file /etc/raddb/modules/passwd including configuration file /etc/raddb/modules/otp including configuration file /etc/raddb/modules/detail-store.btngh.openzone.com
including configuration file /etc/raddb/modules/acct_unique including configuration file /etc/raddb/modules/sql_log including configuration file /etc/raddb/modules/attr_filter including configuration file /etc/raddb/modules/sql_log_store including configuration file /etc/raddb/modules/detail.iptracker
including configuration file /etc/raddb/modules/chap including configuration file /etc/raddb/modules/sql_log.dist including configuration file /etc/raddb/modules/sradutmp including configuration file /etc/raddb/modules/ippool including configuration file /etc/raddb/modules/perl including configuration file /etc/raddb/modules/mac2vlan including configuration file /etc/raddb/modules/opendirectory including configuration file /etc/raddb/modules/inner-eap including configuration file /etc/raddb/modules/digest including configuration file /etc/raddb/modules/detail.example.com
including configuration file /etc/raddb/modules/smbpasswd including configuration file /etc/raddb/modules/checkval including configuration file /etc/raddb/modules/expiration including configuration file /etc/raddb/modules/cui including configuration file /etc/raddb/modules/counter including configuration file /etc/raddb/modules/linelog including configuration file /etc/raddb/modules/soh including configuration file /etc/raddb/modules/rediswho including configuration file /etc/raddb/modules/etc_group including configuration file /etc/raddb/modules/pap including configuration file /etc/raddb/modules/realm including configuration file /etc/raddb/modules/echo including configuration file /etc/raddb/modules/replicate including configuration file /etc/raddb/modules/wimax including configuration file /etc/raddb/modules/smsotp including configuration file /etc/raddb/modules/detail.btngh.openzone.com
including configuration file /etc/raddb/modules/exec including configuration file /etc/raddb/modules/detail including configuration file /etc/raddb/modules/pam including configuration file /etc/raddb/modules/redis including configuration file /etc/raddb/modules/detail.log including configuration file /etc/raddb/modules/preprocess including configuration file /etc/raddb/modules/files including configuration file /etc/raddb/modules/expr including configuration file /etc/raddb/modules/unix including configuration file /etc/raddb/modules/mac2ip including configuration file /etc/raddb/modules/attr_rewrite including configuration file /etc/raddb/modules/always including configuration file /etc/raddb/modules/detail.consulate
including configuration file /etc/raddb/modules/dynamic_clients
including configuration file /etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /etc/raddb/modules/logintime including configuration file /etc/raddb/modules/mschap including configuration file /etc/raddb/eap.conf including configuration file /etc/raddb/policy.conf including files in directory /etc/raddb/sites-enabled/ including configuration file /etc/raddb/sites-enabled/consulate-server
including configuration file /etc/raddb/sites-enabled/acct_iptracker
including configuration file /etc/raddb/sites-enabled/status including configuration file /etc/raddb/sites-enabled/acct_consulate
including configuration file /etc/raddb/sites-enabled/default including configuration file /etc/raddb/sites-enabled/vf-server
including configuration file /etc/raddb/sites-enabled/control-socket
including configuration file /etc/raddb/sites-enabled/acct_aggregator
including configuration file /etc/raddb/sites-enabled/802.1x-server
main {
user = "radiusd"
group = "radiusd"
allow_core_dumps = no
}
including dictionary file /etc/raddb/dictionary main {
name = "radiusd"
prefix = "/usr"
localstatedir = "/var"
sbindir = "/usr/sbin"
logdir = "/var/log/radius"
run_dir = "/var/run/radiusd"
libdir = "/usr/lib64/freeradius"
radacctdir = "/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "/var/run/radiusd/radiusd.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers #### proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server skyport-car {
ipaddr = 192.168.24.22
port = 1645
type = "auth+acct"
secret = "XXXXXXXX"
response_window = 20
max_outstanding = 65536
require_message_authenticator = no
zombie_period = 40
status_check = "request"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 300
status_check_timeout = 4
username = "test_user_please_reject_me"
password = "this is meaningless"
}
home_server eldon-car {
ipaddr = 192.168.149.22
port = 1645
type = "auth+acct"
secret = "XXXXXXXX"
response_window = 20
max_outstanding = 65536
require_message_authenticator = no
zombie_period = 40
status_check = "request"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 300
status_check_timeout = 4
username = "test_user_please_reject_me"
password = "this is meaningless"
}
home_server 802.1x-auth-server-1 {
ipaddr = 193.113.44.19
port = 1645
type = "auth"
secret = "XXXXXXXX"
response_window = 20
max_outstanding = 65536
require_message_authenticator = yes
zombie_period = 40
status_check = "request"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
username = "server at test.alive.com"
password = "this is meaningless"
}
home_server 802.1x-auth-server-2 {
ipaddr = 193.113.44.20
port = 1645
type = "auth"
secret = "XXXXXXXXXX"
response_window = 20
max_outstanding = 65536
require_message_authenticator = yes
zombie_period = 40
status_check = "request"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
username = "server at test.alive.com"
password = "this is meaningless"
}
home_server 802.1x-auth-server-3 {
ipaddr = 193.113.44.21
port = 1645
type = "auth"
secret = "XXXXXXXXX"
response_window = 20
max_outstanding = 65536
require_message_authenticator = yes
zombie_period = 40
status_check = "request"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
username = "server at test.alive.com"
password = "this is meaningless"
}
home_server 802.1x-auth-server-4 {
ipaddr = 193.113.44.22
port = 1645
type = "auth"
secret = "XXXXXXXX"
response_window = 20
max_outstanding = 65536
require_message_authenticator = yes
zombie_period = 40
status_check = "request"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
username = "server at test.alive.com"
password = "this is meaningless"
}
home_server IPTracker {
ipaddr = 193.113.44.16
port = 1813
type = "acct"
secret = "XXXXXXXX"
response_window = 20
max_outstanding = 65536
require_message_authenticator = yes
zombie_period = 40
status_check = "none"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
}
home_server testing-802.1x-auth-server {
ipaddr = 192.168.49.99
port = 1812
type = "auth+acct"
secret = "XXXXXXXX"
response_window = 20
max_outstanding = 65536
require_message_authenticator = yes
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
}
home_server 802.1x-acct-relay-server-1 {
ipaddr = 192.168.160.16
port = 1813
type = "acct"
secret = "XXXXXXXXX"
response_window = 20
max_outstanding = 65536
require_message_authenticator = yes
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
}
home_server 802.1x-acct-relay-server-2 {
ipaddr = 192.168.160.17
port = 1813
type = "acct"
secret = "XXXXXXXXXXXX"
response_window = 20
max_outstanding = 65536
require_message_authenticator = yes
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
}
home_server 802.1x-acct-spool-server {
virtual_server = "802.1x-server-acct"
port = 0
type = "acct"
response_window = 30
max_outstanding = 65536
require_message_authenticator = yes
zombie_period = 40
status_check = "none"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 300
status_check_timeout = 4
}
home_server eldon-eap-server {
ipaddr = 192.168.149.97
port = 1812
type = "auth+acct"
secret = "XXXXXXXXXXXX"
response_window = 30
max_outstanding = 65536
require_message_authenticator = yes
zombie_period = 40
status_check = "none"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 300
status_check_timeout = 4
}
home_server consulate-server-1 {
ipaddr = 193.113.24.74
port = 1645
type = "auth+acct"
secret = "XXXXXXXXXXX"
response_window = 30
max_outstanding = 65536
require_message_authenticator = yes
zombie_period = 40
status_check = "none"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 300
status_check_timeout = 4
}
home_server consulate-acct {
virtual_server = "consulate-server-acct"
port = 0
response_window = 30
max_outstanding = 65536
require_message_authenticator = yes
zombie_period = 40
status_check = "none"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 300
status_check_timeout = 4
}
home_server_pool IPTracker_pool {
home_server = IPTracker
}
realm iptracker {
acct_pool = IPTracker_pool
}
home_server_pool testing-802.1x-auth-pool {
virtual_server = 802.1x-server-auth
home_server = testing-802.1x-auth-server } home_server_pool 802.1x-acct-pool {
home_server = 802.1x-acct-spool-server } realm 1xTesting {
auth_pool = testing-802.1x-auth-pool
acct_pool = 802.1x-acct-pool
nostrip
}
home_server_pool 802.1x-auth-pool {
type = fail-over
virtual_server = 802.1x-server-auth
home_server = 802.1x-auth-server-1
home_server = 802.1x-auth-server-2
home_server = 802.1x-auth-server-3
home_server = 802.1x-auth-server-4 } realm 8021x:BTRCon {
auth_pool = 802.1x-auth-pool
acct_pool = 802.1x-acct-pool
nostrip
}
home_server_pool 802.1x-acct-relay-pool {
type = fail-over
home_server = 802.1x-acct-relay-server-1
home_server = 802.1x-acct-relay-server-2 } realm acct_8021x:BTRCon {
acct_pool = 802.1x-acct-relay-pool } home_server_pool vf_auth_failover {
type = fail-over
virtual_server = vf-server-auth
home_server = skyport-car
home_server = eldon-car
}
realm wlan.mnc015.mcc234.3gppnetwork.org {
auth_pool = vf_auth_failover
nostrip
}
home_server_pool eap-pool {
home_server = eldon-eap-server
}
realm thistle8021x.btwifi.com {
pool = eap-pool
nostrip
}
home_server_pool consulate-auth-pool {
virtual_server = consulate-server-auth
home_server = consulate-server-1 } home_server_pool consulate-acct-pool {
home_server = consulate-acct
}
realm wlan.mnc008.mcc234.3gppnetwork.org {
auth_pool = consulate-auth-pool
acct_pool = consulate-acct-pool
nostrip
}
home_server_pool consulate-acct-relay-pool {
home_server = consulate-server-1 } realm acct_consulate {
acct_pool = consulate-acct-relay-pool
nostrip
}
realm LOCAL {
}
home_server_pool testing-802.1x-acct-pool {
home_server = testing-802.1x-auth-server }
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "XXXXXXXXXXX"
shortname = "localhost"
nastype = "other"
}
client 192.168.70.0/24 {
require_message_authenticator = no
secret = "XXXXXXXXXXX"
shortname = "isg-ssg-net-1"
nastype = "cisco"
}
client 192.168.170.0/24 {
require_message_authenticator = no
secret = "XXXXXXXXXXX"
shortname = "isg-ssg-net-2"
nastype = "cisco"
}
client 192.168.14.0/24 {
require_message_authenticator = no
secret = "XXXXXXXXXX"
shortname = "isg-ssg-net-3"
nastype = "cisco"
}
client 192.168.100.31 {
require_message_authenticator = no
secret = "XXXXXXXXXXX"
shortname = "monitor-1"
}
client 192.168.160.31 {
require_message_authenticator = no
secret = "XXXXXXXXXX"
shortname = "monitor-2"
}
client 192.168.24.22 {
require_message_authenticator = no
secret = "XXXXXXXXXXXX"
shortname = "test-car"
nastype = "cisco"
}
client 192.168.79.2 {
require_message_authenticator = no
secret = "XXXXXXXXXXX"
shortname = "ACE-Probe"
nastype = "cisco"
}
client 192.168.79.3 {
require_message_authenticator = no
secret = "XXXXXXXXXXXXX"
shortname = "ACE-Probe"
nastype = "cisco"
}
client 192.168.179.2 {
require_message_authenticator = no
secret = "XXXXXXXXXX"
shortname = "ACE-Probe"
nastype = "cisco"
}
client 192.168.179.3 {
require_message_authenticator = no
secret = "XXXXXXXXXX"
shortname = "ACE-Probe"
nastype = "cisco"
}
client 192.168.18.2 {
require_message_authenticator = no
secret = "XXXXXXXXXXX"
shortname = "ACE-Probe"
nastype = "cisco"
}
client 192.168.18.3 {
require_message_authenticator = no
secret = "XXXXXXXXXX"
shortname = "ACE-Probe"
nastype = "cisco"
}
client 192.168.49.96 {
require_message_authenticator = no
secret = "XXXXXXXXX"
}
radiusd: #### Instantiating modules #### instantiate {
Module: Linked to module rlm_exec
Module: Instantiating module "exec" from file /etc/raddb/modules/exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating module "expr" from file /etc/raddb/modules/expr
Module: Linked to module rlm_expiration
Module: Instantiating module "expiration" from file /etc/raddb/modules/expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating module "logintime" from file /etc/raddb/modules/logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
}
radiusd: #### Loading Virtual Servers #### server { # from file /etc/raddb/radiusd.conf modules {
Module: Creating Post-Auth-Type = REJECT
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating module "preprocess" from file /etc/raddb/modules/preprocess
preprocess {
huntgroups = "/etc/raddb/huntgroups"
hints = "/etc/raddb/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
reading pairlist file /etc/raddb/huntgroups reading pairlist file /etc/raddb/hints
Module: Linked to module rlm_chap
Module: Instantiating module "chap" from file /etc/raddb/modules/chap
Module: Linked to module rlm_mschap
Module: Instantiating module "mschap" from file /etc/raddb/modules/mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = no
allow_retry = yes
}
Module: Linked to module rlm_digest
Module: Instantiating module "digest" from file /etc/raddb/modules/digest
Module: Linked to module rlm_realm
Module: Instantiating module "IPASS" from file /etc/raddb/modules/realm
realm IPASS {
format = "prefix"
delimiter = "/"
ignore_default = no
ignore_null = no
}
Module: Instantiating module "suffix" from file /etc/raddb/modules/realm
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_eap
Module: Instantiating module "eap" from file /etc/raddb/eap.conf
eap {
default_eap_type = "md5"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 4096
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
CA_path = "/etc/raddb/certs"
pem_file_type = yes
private_key_file = "/etc/raddb/certs/server.pem"
certificate_file = "/etc/raddb/certs/server.pem"
CA_file = "/etc/raddb/certs/ca.pem"
private_key_password = "whatever"
dh_file = "/etc/raddb/certs/dh"
random_file = "/etc/raddb/certs/random"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
make_cert_command = "/etc/raddb/certs/bootstrap"
cache {
enable = no
lifetime = 24
max_entries = 255
}
verify {
}
ocsp {
enable = no
override_cert_url = yes
url = "http://127.0.0.1/ocsp/"
use_nonce = yes
timeout = 0
softfail = no
}
}
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = "md5"
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
include_length = yes
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
soh = no
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
send_error = no
}
Module: Linked to module rlm_files
Module: Instantiating module "files" from file /etc/raddb/modules/files
files {
usersfile = "/etc/raddb/users"
acctusersfile = "/etc/raddb/acct_users"
preproxy_usersfile = "/etc/raddb/preproxy_users"
compat = "no"
}
reading pairlist file /etc/raddb/users
reading pairlist file /etc/raddb/acct_users reading pairlist file /etc/raddb/preproxy_users
Module: Linked to module rlm_pap
Module: Instantiating module "pap" from file /etc/raddb/modules/pap
pap {
encryption_scheme = "auto"
auto_header = no
}
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating module "acct_unique" from file /etc/raddb/modules/acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Framed-IP-Address, NAS-Port-Id"
}
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_always
Module: Instantiating module "ok" from file /etc/raddb/modules/always
always ok {
rcode = "ok"
simulcount = 0
mpp = no
}
Module: Linked to module rlm_attr_filter
Module: Instantiating module "attr_filter.accounting_response" from file /etc/raddb/modules/attr_filter
attr_filter attr_filter.accounting_response {
attrsfile = "/etc/raddb/attrs.accounting_response"
key = "%{User-Name}"
relaxed = no
}
reading pairlist file /etc/raddb/attrs.accounting_response
Module: Checking session {...} for more modules to load
Module: Linked to module rlm_radutmp
Module: Instantiating module "radutmp" from file /etc/raddb/modules/radutmp
radutmp {
filename = "/var/log/radius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Linked to module rlm_sql_log
Module: Instantiating module "sql_log" from file /etc/raddb/modules/sql_log
sql_log {
path = "/var/log/radius/radacct/relay-acct/reject-%Y%m%d:%H"
Post-Auth = "%t Acct-Status-Type = Interim-Update User-Name = "%{User-Name}" Acct-Session-Id = "REJECT" BTOpenzone-Reject-Message = "8021xReject:%{reply:Reply-Message}" NAS-IP-Address = %{NAS-IP-Address} Framed-IP-Address = %{Framed-IP-Address} Called-Station-Id = %{Called-Station-Id} Calling-Station-Id = %{Calling-Station-Id} Acct-Delay-Time = 0 Timestamp = %l "
sql_user_name = "%{%{User-Name}:-DEFAULT}"
utf8 = yes
safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
}
Module: Instantiating module "sql_log_store" from file /etc/raddb/modules/sql_log_store
sql_log sql_log_store {
path = "/var/log/radius/radacct/store-acct/reject-%Y%m%d:%H"
Post-Auth = "%t Acct-Status-Type = Interim-Update User-Name = "%{User-Name}" Acct-Session-Id = "REJECT" BTOpenzone-Reject-Message = "8021xReject:%{reply:Reply-Message}" NAS-IP-Address = %{NAS-IP-Address} Framed-IP-Address = %{Framed-IP-Address} Called-Station-Id = %{Called-Station-Id} Calling-Station-Id = %{Calling-Station-Id} Acct-Delay-Time = 0 Timestamp = %l "
sql_user_name = "%{%{User-Name}:-DEFAULT}"
utf8 = yes
safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
}
Module: Instantiating module "attr_filter.access_reject" from file /etc/raddb/modules/attr_filter
attr_filter attr_filter.access_reject {
attrsfile = "/etc/raddb/attrs.access_reject"
key = "%{User-Name}"
relaxed = no
}
reading pairlist file /etc/raddb/attrs.access_reject } # modules } # server server consulate-server-auth { # from file /etc/raddb/sites-enabled/consulate-server
modules {
Module: Checking post-proxy {...} for more modules to load } # modules } # server server consulate-server-acct { # from file /etc/raddb/sites-enabled/consulate-server
modules {
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating module "detail.btngh.openzone.com" from file /etc/raddb/modules/detail.btngh.openzone.com
detail detail.btngh.openzone.com {
detailfile = "/var/log/radius/radacct/relay-acct/detail-%Y%m%d:%H"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Instantiating module "detail-store.btngh.openzone.com" from file /etc/raddb/modules/detail-store.btngh.openzone.com
detail detail-store.btngh.openzone.com {
detailfile = "/var/log/radius/radacct/store-acct/detail-%Y%m%d:%H"
header = "%t"
detailperm = 416
dirperm = 493
locking = no
log_packet_header = no
}
Module: Instantiating module "detail.consulate" from file /etc/raddb/modules/detail.consulate
detail detail.consulate {
detailfile = "/var/log/radius/radacct/consulate/detail-%Y%m%d:%H"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
} # modules
} # server
server acct_iptracker { # from file /etc/raddb/sites-enabled/acct_iptracker
modules {
Module: Checking accounting {...} for more modules to load } # modules } # server server status { # from file /etc/raddb/sites-enabled/status modules {
Module: Creating Autz-Type = Status-Server
Module: Checking authorize {...} for more modules to load } # modules } # server server acct_consulate { # from file /etc/raddb/sites-enabled/acct_consulate
modules {
Module: Checking accounting {...} for more modules to load } # modules } # server server vf-server-auth { # from file /etc/raddb/sites-enabled/vf-server
modules {
Module: Checking pre-proxy {...} for more modules to load
Module: Instantiating module "reject" from file /etc/raddb/modules/always
always reject {
rcode = "reject"
simulcount = 0
mpp = no
}
} # modules
} # server
server acct_aggregator { # from file /etc/raddb/sites-enabled/acct_aggregator
modules {
Module: Checking accounting {...} for more modules to load } # modules } # server server 802.1x-server-auth { # from file /etc/raddb/sites-enabled/802.1x-server
modules {
Module: Checking post-proxy {...} for more modules to load
Module: Instantiating module "noop" from file /etc/raddb/modules/always
always noop {
rcode = "noop"
simulcount = 0
mpp = no
}
} # modules
} # server
server 802.1x-server-acct { # from file /etc/raddb/sites-enabled/802.1x-server
modules {
Module: Checking accounting {...} for more modules to load
Module: Instantiating module "detail.iptracker" from file /etc/raddb/modules/detail.iptracker
detail detail.iptracker {
detailfile = "/var/log/radius/radacct/iptracker/detail-%Y%m%d:%H"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
} # modules
} # server
radiusd: #### Opening IP addresses and Ports #### listen {
type = "auth"
ipaddr = *
port = 0
}
listen {
type = "acct"
ipaddr = *
port = 0
}
listen {
type = "control"
listen {
socket = "/var/run/radiusd/radiusd.sock"
mode = "rw"
}
}
listen {
type = "detail"
listen {
filename = "/var/log/radius/radacct/iptracker/*"
load_factor = 10
poll_interval = 1
retry_interval = 30
}
}
listen {
type = "status"
ipaddr = 127.0.0.1
port = 18120
client admin {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "adminsecret"
}
}
listen {
type = "detail"
listen {
filename = "/var/log/radius/radacct/consulate/*"
load_factor = 10
poll_interval = 1
retry_interval = 30
}
}
listen {
type = "detail"
listen {
filename = "/var/log/radius/radacct/relay-acct/*"
load_factor = 10
poll_interval = 1
retry_interval = 30
}
}
... adding new socket proxy address * port 40182 ... adding new socket proxy address * port 54630 ... adding new socket proxy address * port 41460 ... adding new socket proxy address * port 46468 ... adding new socket proxy address * port 55955 ... adding new socket proxy address * port 40148 ... adding new socket proxy address * port 55333 ... adding new socket proxy address * port 58120 ... adding new socket proxy address * port 42133 ... adding new socket proxy address * port 52148 ... adding new socket proxy address * port 33849 ... adding new socket proxy address * port 58632 ... adding new socket proxy address * port 36516 ... adding new socket proxy address * port 60425 ... adding new socket proxy address * port 43158 ... adding new socket proxy address * port 47771 ... adding new socket proxy address * port 48703 Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /var/run/radiusd/radi!
usd.sock Listening on detail file /var/log/radius/radacct/iptracker/* as server acct_iptracker Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.000000 sec Listening on status address 127.0.0.1 port 18120 as server status Listening on detail file /var/log/radius/radacct/consulate/* as server acct_consulate Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.000000 sec Listening on detail file /var/log/radius/radacct/relay-acct/* as server acct_aggregator Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.000000 sec Listening on proxy address * port 1814 Waking up in 0.9 seconds.
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.173734 sec Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.928983 sec Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.835711 sec Waking up in 0.8 seconds.
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.036269 sec Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.882089 sec Waking up in 0.2 seconds.
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.019558 sec Waking up in 0.6 seconds.
Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.197507 sec Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.850833 sec Waking up in 0.3 seconds.
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.078351 sec Waking up in 0.5 seconds.
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.931512 sec Waking up in 0.2 seconds.
Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.203859 sec Waking up in 0.2 seconds.
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.085231 sec Waking up in 0.3 seconds.
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.212170 sec Waking up in 0.5 seconds.
Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.975271 sec Waking up in 0.1 seconds.
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.823461 sec Waking up in 0.5 seconds.
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.150286 sec Waking up in 0.3 seconds.
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.219787 sec Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.916838 sec Waking up in 0.8 seconds.
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.938346 sec Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.059003 sec Waking up in 0.2 seconds.
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.888133 sec Waking up in 0.5 seconds.
rad_recv: Accounting-Request packet from host 127.0.0.1 port 53787, id=242, length=375
Acct-Session-Id = "00000838"
Framed-Protocol = PPP
Cisco-SSG-Service-Info = "NConsulate_8021X_Roaming"
Cisco-AVPair = "parent-session-id=00000837"
Framed-IP-Address = 10.50.49.11
User-Name = "1234081219000082 at wlan.mnc008.mcc234.3gppnetwork.org"
Cisco-SSG-Control-Info = "I0;443495"
Cisco-SSG-Control-Info = "O0;141604"
Acct-Input-Packets = 851
Acct-Output-Packets = 1035
Acct-Input-Octets = 141604
Acct-Output-Octets = 443495
Acct-Session-Time = 10069
Acct-Status-Type = Interim-Update
Cisco-AVPair = "portbundle=enable"
Cisco-SSG-Account-Info = "S192.168.89.94:22"
Calling-Station-Id = "bc20.a4cd.dfaa"
NAS-Port-Type = Virtual
NAS-Port = 0
NAS-Port-Id = "0/0/4/0"
Service-Type = Framed-User
NAS-IP-Address = 192.168.70.11
Event-Timestamp = "Jan 24 2014 13:42:55 GMT"
NAS-Identifier = "bay-isg1-asr1004.btopenzone.com"
Acct-Delay-Time = 0
# Executing section preacct from file /etc/raddb/sites-enabled/default
+group preacct {
++[preprocess] = ok
[acct_unique] Hashing 'NAS-Port-Id = "0/0/4/0",Framed-IP-Address = 10.50.49.11,NAS-IP-Address = 192.168.70.11,Acct-Session-Id = "00000838",User-Name = "1234081219000082 at wlan.mnc008.mcc234.3gppnetwork.org"'
[acct_unique] Acct-Unique-Session-ID = "6740450b0490a636".
++[acct_unique] = ok
[IPASS] No '/' in User-Name = "1234081219000082 at wlan.mnc008.mcc234.3gppnetwork.org", looking up realm NULL [IPASS] No such realm "NULL"
++[IPASS] = noop
[suffix] Looking up realm "wlan.mnc008.mcc234.3gppnetwork.org" for User-Name = "1234081219000082 at wlan.mnc008.mcc234.3gppnetwork.org"
[suffix] Found realm "wlan.mnc008.mcc234.3gppnetwork.org"
[suffix] Adding Realm = "wlan.mnc008.mcc234.3gppnetwork.org"
[suffix] Proxying request from user 1234081219000082 to realm wlan.mnc008.mcc234.3gppnetwork.org
[suffix] Preparing to proxy accounting request to realm "wlan.mnc008.mcc234.3gppnetwork.org"
++[suffix] = updated
+} # group preacct = updated
# Executing section accounting from file /etc/raddb/sites-enabled/default
+group accounting {
++? if (noop)
? Evaluating (noop) -> FALSE
++? if (noop) -> FALSE
++[exec] = noop
[attr_filter.accounting_response] expand: %{User-Name} -> 1234081219000082 at wlan.mnc008.mcc234.3gppnetwork.org
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] = updated
+} # group accounting = updated
WARNING: Empty pre-proxy section. Using default return values.
>>> Sending proxied request internally to virtual server.
server consulate-server-acct {
WARNING: Empty preacct section. Using default return values.
# Executing section accounting from file /etc/raddb/sites-enabled/consulate-server
+group accounting {
++? if (! (Cisco-SSG-Service-Info) && ( "%{Acct-Status-Type}" == "Stop"
++) && ( "%{Tunnel-Type}" != "VLAN") )
?? Evaluating (Cisco-SSG-Service-Info) -> TRUE ? Converting !TRUE -> FALSE ?? Skipping ("%{Acct-Status-Type}" == "Stop" ) ?? Skipping ("%{Tunnel-Type}" != "VLAN")
++? if (! (Cisco-SSG-Service-Info) && ( "%{Acct-Status-Type}" == "Stop"
++) && ( "%{Tunnel-Type}" != "VLAN") ) -> FALSE ? if (!
++(Cisco-SSG-Service-Info) )
?? Evaluating (Cisco-SSG-Service-Info) -> TRUE ? Converting !TRUE -> FALSE
++? if (! (Cisco-SSG-Service-Info) ) -> FALSE
+} # group accounting = noop
} # server consulate-server-acct
Going to the next request
<<< Received proxied response code 0 from internal virtual server.
# Executing section post-proxy from file /etc/raddb/sites-enabled/default
+group post-proxy {
[eap] No pre-existing handler found
I can re-create at will by sending in the packet using radclient.
All help appreciated.
Adrian Smith
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list