FreeRadius 2.2.3 segfault

adrian.p.smith at bt.com adrian.p.smith at bt.com
Mon Jan 27 19:10:15 CET 2014


I had "eap" in my post-proxy section and removing it solves this one. I will need to re-test but, as I have:

     eap {
                     ok = return
       }

In authorize section but no eap in authenticate section this should be ok?



-----Original Message-----
From: freeradius-users-bounces+adrian.p.smith=bt.com at lists.freeradius.org [mailto:freeradius-users-bounces+adrian.p.smith=bt.com at lists.freeradius.org] On Behalf Of adrian.p.smith at bt.com
Sent: 27 January 2014 16:44
To: freeradius-users at lists.freeradius.org
Subject: RE: FreeRadius 2.2.3 segfault

[root at bt sbin]# gdb radiusd
GNU gdb Fedora (6.8-27.el5)
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu"...
(gdb) set logging file gdb-radiusd.log
(gdb) set logging on
Copying output to gdb-radiusd.log.
(gdb) set args -f
(gdb) run
Starting program: /usr/local/sbin/radiusd -f [Thread debugging using libthread_db enabled] [New Thread 0x2ad9ae730210 (LWP 24676)] [New Thread 0x42176940 (LWP 24679)] [New Thread 0x42b77940 (LWP 24680)] [New Thread 0x43578940 (LWP 24681)] [New Thread 0x43f79940 (LWP 24682)] [New Thread 0x4497a940 (LWP 24683)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x4497a940 (LWP 24683)] 0x00002ad9af95118c in eap_post_proxy (inst=0x5cddb50, request=0x5d08450) at rlm_eap.c:669
669             vp = request->proxy_reply->vps;



(gdb) info threads
* 6 Thread 0x4497a940 (LWP 24683)  0x00002ad9af95118c in eap_post_proxy (inst=0x5cddb50,
    request=0x5d08450) at rlm_eap.c:669
  5 Thread 0x43f79940 (LWP 24682)  0x00002ad9ac81c6b1 in sem_wait () from /lib64/libpthread.so.0
  4 Thread 0x43578940 (LWP 24681)  0x00002ad9ac81c6b1 in sem_wait () from /lib64/libpthread.so.0
  3 Thread 0x42b77940 (LWP 24680)  0x00002ad9ac81c6b1 in sem_wait () from /lib64/libpthread.so.0
  2 Thread 0x42176940 (LWP 24679)  0x00002ad9ac81c6b1 in sem_wait () from /lib64/libpthread.so.0
  1 Thread 0x2ad9ae730210 (LWP 24676)  0x00002ad9ad13b5f2 in select () from /lib64/libc.so.6

[root at bt sbin]# ./radiusd -xv
Mon Jan 27 16:41:58 2014 : Info: radiusd: FreeRADIUS Version 2.2.3, for host x86_64-unknown-linux-gnu, built on Jan 27 2014 at 15:38:07 Mon Jan 27 16:41:58 2014 : Debug: Server was built with:
Mon Jan 27 16:41:58 2014 : Debug:   accounting
Mon Jan 27 16:41:58 2014 : Debug:   authentication
Mon Jan 27 16:41:58 2014 : Debug:  WITH_DHCP Mon Jan 27 16:41:58 2014 : Debug:  WITH_VMPS Mon Jan 27 16:41:58 2014 : Debug: Server core libs:
Mon Jan 27 16:41:58 2014 : Debug:   ssl: OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
Mon Jan 27 16:41:58 2014 : Info: Copyright (C) 1999-2013 The FreeRADIUS server project and contributors.
Mon Jan 27 16:41:58 2014 : Info: There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A Mon Jan 27 16:41:58 2014 : Info: PARTICULAR PURPOSE.
Mon Jan 27 16:41:58 2014 : Info: You may redistribute copies of FreeRADIUS under the terms of the Mon Jan 27 16:41:58 2014 : Info: GNU General Public License.
Mon Jan 27 16:41:58 2014 : Info: For more information about these matters, see the file named COPYRIGHT.



-----Original Message-----
From: freeradius-users-bounces+adrian.p.smith=bt.com at lists.freeradius.org [mailto:freeradius-users-bounces+adrian.p.smith=bt.com at lists.freeradius.org] On Behalf Of adrian.p.smith at bt.com
Sent: 27 January 2014 15:33
To: freeradius-users at lists.freeradius.org
Subject: RE: FreeRadius 2.2.3 segfault

OK, doing the thing in doc/bugs :-)



-----Original Message-----
From: freeradius-users-bounces+adrian.p.smith=bt.com at lists.freeradius.org [mailto:freeradius-users-bounces+adrian.p.smith=bt.com at lists.freeradius.org] On Behalf Of adrian.p.smith at bt.com
Sent: 27 January 2014 14:42
To: freeradius-users at lists.freeradius.org
Subject: FreeRadius 2.2.3 segfault

I'm getting a crash. /var/log/messages says:

Jan 27 14:24:05 localhost kernel: radiusd[14162]: segfault at 0000000000000070 rip 00002b17454280fc rsp 00007fff7b42b640 error 4

Output from radius -X

radiusd: FreeRADIUS Version 2.2.3, for host x86_64-redhat-linux-gnu, built on Jan 27 2014 at 10:39:07 Copyright (C) 1999-2013 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License.
For more information about these matters, see the file named COPYRIGHT.
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf including configuration file /etc/raddb/proxy.conf including configuration file /etc/raddb/clients.conf including files in directory /etc/raddb/modules/ including configuration file /etc/raddb/modules/policy including configuration file /etc/raddb/modules/ntlm_auth including configuration file /etc/raddb/modules/radutmp including configuration file /etc/raddb/modules/passwd including configuration file /etc/raddb/modules/otp including configuration file /etc/raddb/modules/detail-store.btngh.openzone.com
including configuration file /etc/raddb/modules/acct_unique including configuration file /etc/raddb/modules/sql_log including configuration file /etc/raddb/modules/attr_filter including configuration file /etc/raddb/modules/sql_log_store including configuration file /etc/raddb/modules/detail.iptracker
including configuration file /etc/raddb/modules/chap including configuration file /etc/raddb/modules/sql_log.dist including configuration file /etc/raddb/modules/sradutmp including configuration file /etc/raddb/modules/ippool including configuration file /etc/raddb/modules/perl including configuration file /etc/raddb/modules/mac2vlan including configuration file /etc/raddb/modules/opendirectory including configuration file /etc/raddb/modules/inner-eap including configuration file /etc/raddb/modules/digest including configuration file /etc/raddb/modules/detail.example.com
including configuration file /etc/raddb/modules/smbpasswd including configuration file /etc/raddb/modules/checkval including configuration file /etc/raddb/modules/expiration including configuration file /etc/raddb/modules/cui including configuration file /etc/raddb/modules/counter including configuration file /etc/raddb/modules/linelog including configuration file /etc/raddb/modules/soh including configuration file /etc/raddb/modules/rediswho including configuration file /etc/raddb/modules/etc_group including configuration file /etc/raddb/modules/pap including configuration file /etc/raddb/modules/realm including configuration file /etc/raddb/modules/echo including configuration file /etc/raddb/modules/replicate including configuration file /etc/raddb/modules/wimax including configuration file /etc/raddb/modules/smsotp including configuration file /etc/raddb/modules/detail.btngh.openzone.com
including configuration file /etc/raddb/modules/exec including configuration file /etc/raddb/modules/detail including configuration file /etc/raddb/modules/pam including configuration file /etc/raddb/modules/redis including configuration file /etc/raddb/modules/detail.log including configuration file /etc/raddb/modules/preprocess including configuration file /etc/raddb/modules/files including configuration file /etc/raddb/modules/expr including configuration file /etc/raddb/modules/unix including configuration file /etc/raddb/modules/mac2ip including configuration file /etc/raddb/modules/attr_rewrite including configuration file /etc/raddb/modules/always including configuration file /etc/raddb/modules/detail.consulate
including configuration file /etc/raddb/modules/dynamic_clients
including configuration file /etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /etc/raddb/modules/logintime including configuration file /etc/raddb/modules/mschap including configuration file /etc/raddb/eap.conf including configuration file /etc/raddb/policy.conf including files in directory /etc/raddb/sites-enabled/ including configuration file /etc/raddb/sites-enabled/consulate-server
including configuration file /etc/raddb/sites-enabled/acct_iptracker
including configuration file /etc/raddb/sites-enabled/status including configuration file /etc/raddb/sites-enabled/acct_consulate
including configuration file /etc/raddb/sites-enabled/default including configuration file /etc/raddb/sites-enabled/vf-server
including configuration file /etc/raddb/sites-enabled/control-socket
including configuration file /etc/raddb/sites-enabled/acct_aggregator
including configuration file /etc/raddb/sites-enabled/802.1x-server
main {
        user = "radiusd"
        group = "radiusd"
        allow_core_dumps = no
}
including dictionary file /etc/raddb/dictionary main {
        name = "radiusd"
        prefix = "/usr"
        localstatedir = "/var"
        sbindir = "/usr/sbin"
        logdir = "/var/log/radius"
        run_dir = "/var/run/radiusd"
        libdir = "/usr/lib64/freeradius"
        radacctdir = "/var/log/radius/radacct"
        hostname_lookups = no
        max_request_time = 30
        cleanup_delay = 5
        max_requests = 1024
        pidfile = "/var/run/radiusd/radiusd.pid"
        checkrad = "/usr/sbin/checkrad"
        debug_level = 0
        proxy_requests = yes
 log {
        stripped_names = no
        auth = no
        auth_badpass = no
        auth_goodpass = no
 }
 security {
        max_attributes = 200
        reject_delay = 1
        status_server = yes
 }
}
radiusd: #### Loading Realms and Home Servers ####  proxy server {
        retry_delay = 5
        retry_count = 3
        default_fallback = no
        dead_time = 120
        wake_all_if_all_dead = no
 }
 home_server skyport-car {
        ipaddr = 192.168.24.22
        port = 1645
        type = "auth+acct"
        secret = "XXXXXXXX"
        response_window = 20
        max_outstanding = 65536
        require_message_authenticator = no
        zombie_period = 40
        status_check = "request"
        ping_interval = 30
        check_interval = 30
        num_answers_to_alive = 3
        num_pings_to_alive = 3
        revive_interval = 300
        status_check_timeout = 4
        username = "test_user_please_reject_me"
        password = "this is meaningless"
 }
 home_server eldon-car {
        ipaddr = 192.168.149.22
        port = 1645
        type = "auth+acct"
        secret = "XXXXXXXX"
        response_window = 20
        max_outstanding = 65536
        require_message_authenticator = no
        zombie_period = 40
        status_check = "request"
        ping_interval = 30
        check_interval = 30
        num_answers_to_alive = 3
        num_pings_to_alive = 3
        revive_interval = 300
        status_check_timeout = 4
        username = "test_user_please_reject_me"
        password = "this is meaningless"
 }
 home_server 802.1x-auth-server-1 {
        ipaddr = 193.113.44.19
        port = 1645
        type = "auth"
        secret = "XXXXXXXX"
        response_window = 20
        max_outstanding = 65536
        require_message_authenticator = yes
        zombie_period = 40
        status_check = "request"
        ping_interval = 30
        check_interval = 30
        num_answers_to_alive = 3
        num_pings_to_alive = 3
        revive_interval = 120
        status_check_timeout = 4
        username = "server at test.alive.com"
        password = "this is meaningless"
 }
 home_server 802.1x-auth-server-2 {
        ipaddr = 193.113.44.20
        port = 1645
        type = "auth"
        secret = "XXXXXXXXXX"
        response_window = 20
        max_outstanding = 65536
        require_message_authenticator = yes
        zombie_period = 40
        status_check = "request"
        ping_interval = 30
        check_interval = 30
        num_answers_to_alive = 3
        num_pings_to_alive = 3
        revive_interval = 120
        status_check_timeout = 4
        username = "server at test.alive.com"
        password = "this is meaningless"
 }
 home_server 802.1x-auth-server-3 {
        ipaddr = 193.113.44.21
        port = 1645
        type = "auth"
        secret = "XXXXXXXXX"
        response_window = 20
        max_outstanding = 65536
        require_message_authenticator = yes
        zombie_period = 40
        status_check = "request"
        ping_interval = 30
        check_interval = 30
        num_answers_to_alive = 3
        num_pings_to_alive = 3
        revive_interval = 120
        status_check_timeout = 4
        username = "server at test.alive.com"
        password = "this is meaningless"
 }
 home_server 802.1x-auth-server-4 {
        ipaddr = 193.113.44.22
        port = 1645
        type = "auth"
        secret = "XXXXXXXX"
        response_window = 20
        max_outstanding = 65536
        require_message_authenticator = yes
        zombie_period = 40
        status_check = "request"
        ping_interval = 30
        check_interval = 30
        num_answers_to_alive = 3
        num_pings_to_alive = 3
        revive_interval = 120
        status_check_timeout = 4
        username = "server at test.alive.com"
        password = "this is meaningless"
 }
 home_server IPTracker {
        ipaddr = 193.113.44.16
        port = 1813
        type = "acct"
        secret = "XXXXXXXX"
        response_window = 20
        max_outstanding = 65536
        require_message_authenticator = yes
        zombie_period = 40
        status_check = "none"
        ping_interval = 30
        check_interval = 30
        num_answers_to_alive = 3
        num_pings_to_alive = 3
        revive_interval = 120
        status_check_timeout = 4
 }
 home_server testing-802.1x-auth-server {
        ipaddr = 192.168.49.99
        port = 1812
        type = "auth+acct"
        secret = "XXXXXXXX"
        response_window = 20
        max_outstanding = 65536
        require_message_authenticator = yes
        zombie_period = 40
        status_check = "status-server"
        ping_interval = 30
        check_interval = 30
        num_answers_to_alive = 3
        num_pings_to_alive = 3
        revive_interval = 120
        status_check_timeout = 4
 }
 home_server 802.1x-acct-relay-server-1 {
        ipaddr = 192.168.160.16
        port = 1813
        type = "acct"
        secret = "XXXXXXXXX"
        response_window = 20
        max_outstanding = 65536
        require_message_authenticator = yes
        zombie_period = 40
        status_check = "status-server"
        ping_interval = 30
        check_interval = 30
        num_answers_to_alive = 3
        num_pings_to_alive = 3
        revive_interval = 120
        status_check_timeout = 4
 }
 home_server 802.1x-acct-relay-server-2 {
        ipaddr = 192.168.160.17
        port = 1813
        type = "acct"
        secret = "XXXXXXXXXXXX"
        response_window = 20
        max_outstanding = 65536
        require_message_authenticator = yes
        zombie_period = 40
        status_check = "status-server"
        ping_interval = 30
        check_interval = 30
        num_answers_to_alive = 3
        num_pings_to_alive = 3
        revive_interval = 120
        status_check_timeout = 4
 }
 home_server 802.1x-acct-spool-server {
        virtual_server = "802.1x-server-acct"
        port = 0
        type = "acct"
        response_window = 30
        max_outstanding = 65536
        require_message_authenticator = yes
        zombie_period = 40
        status_check = "none"
        ping_interval = 30
        check_interval = 30
        num_answers_to_alive = 3
        num_pings_to_alive = 3
        revive_interval = 300
        status_check_timeout = 4
 }
 home_server eldon-eap-server {
        ipaddr = 192.168.149.97
        port = 1812
        type = "auth+acct"
        secret = "XXXXXXXXXXXX"
        response_window = 30
        max_outstanding = 65536
        require_message_authenticator = yes
        zombie_period = 40
        status_check = "none"
        ping_interval = 30
        check_interval = 30
        num_answers_to_alive = 3
        num_pings_to_alive = 3
        revive_interval = 300
        status_check_timeout = 4
 }
 home_server consulate-server-1 {
        ipaddr = 193.113.24.74
        port = 1645
        type = "auth+acct"
        secret = "XXXXXXXXXXX"
        response_window = 30
        max_outstanding = 65536
        require_message_authenticator = yes
        zombie_period = 40
        status_check = "none"
        ping_interval = 30
        check_interval = 30
        num_answers_to_alive = 3
        num_pings_to_alive = 3
        revive_interval = 300
        status_check_timeout = 4
 }
 home_server consulate-acct {
        virtual_server = "consulate-server-acct"
        port = 0
        response_window = 30
        max_outstanding = 65536
        require_message_authenticator = yes
        zombie_period = 40
        status_check = "none"
        ping_interval = 30
        check_interval = 30
        num_answers_to_alive = 3
        num_pings_to_alive = 3
        revive_interval = 300
        status_check_timeout = 4
 }
 home_server_pool IPTracker_pool {
        home_server = IPTracker
 }
 realm iptracker {
        acct_pool = IPTracker_pool
 }
 home_server_pool testing-802.1x-auth-pool {
        virtual_server = 802.1x-server-auth
        home_server = testing-802.1x-auth-server  }  home_server_pool 802.1x-acct-pool {
        home_server = 802.1x-acct-spool-server  }  realm 1xTesting {
        auth_pool = testing-802.1x-auth-pool
        acct_pool = 802.1x-acct-pool
        nostrip
 }
 home_server_pool 802.1x-auth-pool {
        type = fail-over
        virtual_server = 802.1x-server-auth
        home_server = 802.1x-auth-server-1
        home_server = 802.1x-auth-server-2
        home_server = 802.1x-auth-server-3
        home_server = 802.1x-auth-server-4  }  realm 8021x:BTRCon {
        auth_pool = 802.1x-auth-pool
        acct_pool = 802.1x-acct-pool
        nostrip
 }
 home_server_pool 802.1x-acct-relay-pool {
        type = fail-over
        home_server = 802.1x-acct-relay-server-1
        home_server = 802.1x-acct-relay-server-2  }  realm acct_8021x:BTRCon {
        acct_pool = 802.1x-acct-relay-pool  }  home_server_pool vf_auth_failover {
        type = fail-over
        virtual_server = vf-server-auth
        home_server = skyport-car
        home_server = eldon-car
 }
 realm wlan.mnc015.mcc234.3gppnetwork.org {
        auth_pool = vf_auth_failover
        nostrip
 }
 home_server_pool eap-pool {
        home_server = eldon-eap-server
 }
 realm thistle8021x.btwifi.com {
        pool = eap-pool
        nostrip
 }
 home_server_pool consulate-auth-pool {
        virtual_server = consulate-server-auth
        home_server = consulate-server-1  }  home_server_pool consulate-acct-pool {
        home_server = consulate-acct
 }
 realm wlan.mnc008.mcc234.3gppnetwork.org {
        auth_pool = consulate-auth-pool
        acct_pool = consulate-acct-pool
        nostrip
 }
 home_server_pool consulate-acct-relay-pool {
        home_server = consulate-server-1  }  realm acct_consulate {
        acct_pool = consulate-acct-relay-pool
        nostrip
 }
 realm LOCAL {
 }
 home_server_pool testing-802.1x-acct-pool {
        home_server = testing-802.1x-auth-server  }
radiusd: #### Loading Clients ####
 client localhost {
        ipaddr = 127.0.0.1
        require_message_authenticator = no
        secret = "XXXXXXXXXXX"
        shortname = "localhost"
        nastype = "other"
 }
 client 192.168.70.0/24 {
        require_message_authenticator = no
        secret = "XXXXXXXXXXX"
        shortname = "isg-ssg-net-1"
        nastype = "cisco"
 }
 client 192.168.170.0/24 {
        require_message_authenticator = no
        secret = "XXXXXXXXXXX"
        shortname = "isg-ssg-net-2"
        nastype = "cisco"
 }
 client 192.168.14.0/24 {
        require_message_authenticator = no
        secret = "XXXXXXXXXX"
        shortname = "isg-ssg-net-3"
        nastype = "cisco"
 }
 client 192.168.100.31 {
        require_message_authenticator = no
        secret = "XXXXXXXXXXX"
        shortname = "monitor-1"
 }
 client 192.168.160.31 {
        require_message_authenticator = no
        secret = "XXXXXXXXXX"
        shortname = "monitor-2"
 }
 client 192.168.24.22 {
        require_message_authenticator = no
        secret = "XXXXXXXXXXXX"
        shortname = "test-car"
        nastype = "cisco"
 }
 client 192.168.79.2 {
        require_message_authenticator = no
        secret = "XXXXXXXXXXX"
        shortname = "ACE-Probe"
        nastype = "cisco"
 }
 client 192.168.79.3 {
        require_message_authenticator = no
        secret = "XXXXXXXXXXXXX"
        shortname = "ACE-Probe"
        nastype = "cisco"
 }
 client 192.168.179.2 {
        require_message_authenticator = no
        secret = "XXXXXXXXXX"
        shortname = "ACE-Probe"
        nastype = "cisco"
 }
 client 192.168.179.3 {
        require_message_authenticator = no
        secret = "XXXXXXXXXX"
        shortname = "ACE-Probe"
        nastype = "cisco"
 }
 client 192.168.18.2 {
        require_message_authenticator = no
        secret = "XXXXXXXXXXX"
        shortname = "ACE-Probe"
        nastype = "cisco"
 }
 client 192.168.18.3 {
        require_message_authenticator = no
        secret = "XXXXXXXXXX"
        shortname = "ACE-Probe"
        nastype = "cisco"
 }
 client 192.168.49.96 {
        require_message_authenticator = no
        secret = "XXXXXXXXX"
 }
radiusd: #### Instantiating modules ####  instantiate {
 Module: Linked to module rlm_exec
 Module: Instantiating module "exec" from file /etc/raddb/modules/exec
  exec {
        wait = no
        input_pairs = "request"
        shell_escape = yes
  }
 Module: Linked to module rlm_expr
 Module: Instantiating module "expr" from file /etc/raddb/modules/expr
 Module: Linked to module rlm_expiration
 Module: Instantiating module "expiration" from file /etc/raddb/modules/expiration
  expiration {
        reply-message = "Password Has Expired  "
  }
 Module: Linked to module rlm_logintime
 Module: Instantiating module "logintime" from file /etc/raddb/modules/logintime
  logintime {
        reply-message = "You are calling outside your allowed timespan  "
        minimum-timeout = 60
  }
 }
radiusd: #### Loading Virtual Servers #### server { # from file /etc/raddb/radiusd.conf  modules {
  Module: Creating Post-Auth-Type = REJECT
 Module: Checking authorize {...} for more modules to load
 Module: Linked to module rlm_preprocess
 Module: Instantiating module "preprocess" from file /etc/raddb/modules/preprocess
  preprocess {
        huntgroups = "/etc/raddb/huntgroups"
        hints = "/etc/raddb/hints"
        with_ascend_hack = no
        ascend_channels_per_line = 23
        with_ntdomain_hack = no
        with_specialix_jetstream_hack = no
        with_cisco_vsa_hack = no
        with_alvarion_vsa_hack = no
  }
reading pairlist file /etc/raddb/huntgroups reading pairlist file /etc/raddb/hints
 Module: Linked to module rlm_chap
 Module: Instantiating module "chap" from file /etc/raddb/modules/chap
 Module: Linked to module rlm_mschap
 Module: Instantiating module "mschap" from file /etc/raddb/modules/mschap
  mschap {
        use_mppe = yes
        require_encryption = no
        require_strong = no
        with_ntdomain_hack = no
        allow_retry = yes
  }
 Module: Linked to module rlm_digest
 Module: Instantiating module "digest" from file /etc/raddb/modules/digest
 Module: Linked to module rlm_realm
 Module: Instantiating module "IPASS" from file /etc/raddb/modules/realm
  realm IPASS {
        format = "prefix"
        delimiter = "/"
        ignore_default = no
        ignore_null = no
  }
 Module: Instantiating module "suffix" from file /etc/raddb/modules/realm
  realm suffix {
        format = "suffix"
        delimiter = "@"
        ignore_default = no
        ignore_null = no
  }
 Module: Linked to module rlm_eap
 Module: Instantiating module "eap" from file /etc/raddb/eap.conf
  eap {
        default_eap_type = "md5"
        timer_expire = 60
        ignore_unknown_eap_types = no
        cisco_accounting_username_bug = no
        max_sessions = 4096
  }
 Module: Linked to sub-module rlm_eap_md5
 Module: Instantiating eap-md5
 Module: Linked to sub-module rlm_eap_leap
 Module: Instantiating eap-leap
 Module: Linked to sub-module rlm_eap_gtc
 Module: Instantiating eap-gtc
   gtc {
        challenge = "Password: "
        auth_type = "PAP"
   }
 Module: Linked to sub-module rlm_eap_tls
 Module: Instantiating eap-tls
   tls {
        rsa_key_exchange = no
        dh_key_exchange = yes
        rsa_key_length = 512
        dh_key_length = 512
        verify_depth = 0
        CA_path = "/etc/raddb/certs"
        pem_file_type = yes
        private_key_file = "/etc/raddb/certs/server.pem"
        certificate_file = "/etc/raddb/certs/server.pem"
        CA_file = "/etc/raddb/certs/ca.pem"
        private_key_password = "whatever"
        dh_file = "/etc/raddb/certs/dh"
        random_file = "/etc/raddb/certs/random"
        fragment_size = 1024
        include_length = yes
        check_crl = no
        cipher_list = "DEFAULT"
        make_cert_command = "/etc/raddb/certs/bootstrap"
    cache {
        enable = no
        lifetime = 24
        max_entries = 255
    }
    verify {
    }
    ocsp {
        enable = no
        override_cert_url = yes
        url = "http://127.0.0.1/ocsp/"
        use_nonce = yes
        timeout = 0
        softfail = no
    }
   }
 Module: Linked to sub-module rlm_eap_ttls
 Module: Instantiating eap-ttls
   ttls {
        default_eap_type = "md5"
        copy_request_to_tunnel = no
        use_tunneled_reply = no
        virtual_server = "inner-tunnel"
        include_length = yes
   }
 Module: Linked to sub-module rlm_eap_peap
 Module: Instantiating eap-peap
   peap {
        default_eap_type = "mschapv2"
        copy_request_to_tunnel = no
        use_tunneled_reply = no
        proxy_tunneled_request_as_eap = yes
        virtual_server = "inner-tunnel"
        soh = no
   }
 Module: Linked to sub-module rlm_eap_mschapv2
 Module: Instantiating eap-mschapv2
   mschapv2 {
        with_ntdomain_hack = no
        send_error = no
   }
 Module: Linked to module rlm_files
 Module: Instantiating module "files" from file /etc/raddb/modules/files
  files {
        usersfile = "/etc/raddb/users"
        acctusersfile = "/etc/raddb/acct_users"
        preproxy_usersfile = "/etc/raddb/preproxy_users"
        compat = "no"
  }
reading pairlist file /etc/raddb/users
reading pairlist file /etc/raddb/acct_users reading pairlist file /etc/raddb/preproxy_users
 Module: Linked to module rlm_pap
 Module: Instantiating module "pap" from file /etc/raddb/modules/pap
  pap {
        encryption_scheme = "auto"
        auto_header = no
  }
 Module: Checking preacct {...} for more modules to load
 Module: Linked to module rlm_acct_unique
 Module: Instantiating module "acct_unique" from file /etc/raddb/modules/acct_unique
  acct_unique {
        key = "User-Name, Acct-Session-Id, NAS-IP-Address, Framed-IP-Address, NAS-Port-Id"
  }
 Module: Checking accounting {...} for more modules to load
 Module: Linked to module rlm_always
 Module: Instantiating module "ok" from file /etc/raddb/modules/always
  always ok {
        rcode = "ok"
        simulcount = 0
        mpp = no
  }
 Module: Linked to module rlm_attr_filter
 Module: Instantiating module "attr_filter.accounting_response" from file /etc/raddb/modules/attr_filter
  attr_filter attr_filter.accounting_response {
        attrsfile = "/etc/raddb/attrs.accounting_response"
        key = "%{User-Name}"
        relaxed = no
  }
reading pairlist file /etc/raddb/attrs.accounting_response
 Module: Checking session {...} for more modules to load
 Module: Linked to module rlm_radutmp
 Module: Instantiating module "radutmp" from file /etc/raddb/modules/radutmp
  radutmp {
        filename = "/var/log/radius/radutmp"
        username = "%{User-Name}"
        case_sensitive = yes
        check_with_nas = yes
        perm = 384
        callerid = yes
  }
 Module: Checking post-proxy {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 Module: Linked to module rlm_sql_log
 Module: Instantiating module "sql_log" from file /etc/raddb/modules/sql_log
  sql_log {
        path = "/var/log/radius/radacct/relay-acct/reject-%Y%m%d:%H"
        Post-Auth = "%t         Acct-Status-Type = Interim-Update       User-Name = "%{User-Name}"      Acct-Session-Id = "REJECT"      BTOpenzone-Reject-Message = "8021xReject:%{reply:Reply-Message}"        NAS-IP-Address = %{NAS-IP-Address}      Framed-IP-Address = %{Framed-IP-Address}        Called-Station-Id = %{Called-Station-Id}        Calling-Station-Id = %{Calling-Station-Id}      Acct-Delay-Time = 0     Timestamp = %l "
        sql_user_name = "%{%{User-Name}:-DEFAULT}"
        utf8 = yes
        safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
  }
 Module: Instantiating module "sql_log_store" from file /etc/raddb/modules/sql_log_store
  sql_log sql_log_store {
        path = "/var/log/radius/radacct/store-acct/reject-%Y%m%d:%H"
        Post-Auth = "%t         Acct-Status-Type = Interim-Update       User-Name = "%{User-Name}"      Acct-Session-Id = "REJECT"      BTOpenzone-Reject-Message = "8021xReject:%{reply:Reply-Message}"        NAS-IP-Address = %{NAS-IP-Address}      Framed-IP-Address = %{Framed-IP-Address}        Called-Station-Id = %{Called-Station-Id}        Calling-Station-Id = %{Calling-Station-Id}      Acct-Delay-Time = 0     Timestamp = %l "
        sql_user_name = "%{%{User-Name}:-DEFAULT}"
        utf8 = yes
        safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
  }
 Module: Instantiating module "attr_filter.access_reject" from file /etc/raddb/modules/attr_filter
  attr_filter attr_filter.access_reject {
        attrsfile = "/etc/raddb/attrs.access_reject"
        key = "%{User-Name}"
        relaxed = no
  }
reading pairlist file /etc/raddb/attrs.access_reject  } # modules } # server server consulate-server-auth { # from file /etc/raddb/sites-enabled/consulate-server
 modules {
 Module: Checking post-proxy {...} for more modules to load  } # modules } # server server consulate-server-acct { # from file /etc/raddb/sites-enabled/consulate-server
 modules {
 Module: Checking accounting {...} for more modules to load
 Module: Linked to module rlm_detail
 Module: Instantiating module "detail.btngh.openzone.com" from file /etc/raddb/modules/detail.btngh.openzone.com
  detail detail.btngh.openzone.com {
        detailfile = "/var/log/radius/radacct/relay-acct/detail-%Y%m%d:%H"
        header = "%t"
        detailperm = 384
        dirperm = 493
        locking = no
        log_packet_header = no
  }
 Module: Instantiating module "detail-store.btngh.openzone.com" from file /etc/raddb/modules/detail-store.btngh.openzone.com
  detail detail-store.btngh.openzone.com {
        detailfile = "/var/log/radius/radacct/store-acct/detail-%Y%m%d:%H"
        header = "%t"
        detailperm = 416
        dirperm = 493
        locking = no
        log_packet_header = no
  }
 Module: Instantiating module "detail.consulate" from file /etc/raddb/modules/detail.consulate
  detail detail.consulate {
        detailfile = "/var/log/radius/radacct/consulate/detail-%Y%m%d:%H"
        header = "%t"
        detailperm = 384
        dirperm = 493
        locking = no
        log_packet_header = no
  }
 } # modules
} # server
server acct_iptracker { # from file /etc/raddb/sites-enabled/acct_iptracker
 modules {
 Module: Checking accounting {...} for more modules to load  } # modules } # server server status { # from file /etc/raddb/sites-enabled/status  modules {
  Module: Creating Autz-Type = Status-Server
 Module: Checking authorize {...} for more modules to load  } # modules } # server server acct_consulate { # from file /etc/raddb/sites-enabled/acct_consulate
 modules {
 Module: Checking accounting {...} for more modules to load  } # modules } # server server vf-server-auth { # from file /etc/raddb/sites-enabled/vf-server
 modules {
 Module: Checking pre-proxy {...} for more modules to load
 Module: Instantiating module "reject" from file /etc/raddb/modules/always
  always reject {
        rcode = "reject"
        simulcount = 0
        mpp = no
  }
 } # modules
} # server
server acct_aggregator { # from file /etc/raddb/sites-enabled/acct_aggregator
 modules {
 Module: Checking accounting {...} for more modules to load  } # modules } # server server 802.1x-server-auth { # from file /etc/raddb/sites-enabled/802.1x-server
 modules {
 Module: Checking post-proxy {...} for more modules to load
 Module: Instantiating module "noop" from file /etc/raddb/modules/always
  always noop {
        rcode = "noop"
        simulcount = 0
        mpp = no
  }
 } # modules
} # server
server 802.1x-server-acct { # from file /etc/raddb/sites-enabled/802.1x-server
 modules {
 Module: Checking accounting {...} for more modules to load
 Module: Instantiating module "detail.iptracker" from file /etc/raddb/modules/detail.iptracker
  detail detail.iptracker {
        detailfile = "/var/log/radius/radacct/iptracker/detail-%Y%m%d:%H"
        header = "%t"
        detailperm = 384
        dirperm = 493
        locking = no
        log_packet_header = no
  }
 } # modules
} # server
radiusd: #### Opening IP addresses and Ports #### listen {
        type = "auth"
        ipaddr = *
        port = 0
}
listen {
        type = "acct"
        ipaddr = *
        port = 0
}
listen {
        type = "control"
 listen {
        socket = "/var/run/radiusd/radiusd.sock"
        mode = "rw"
 }
}
listen {
        type = "detail"
  listen {
        filename = "/var/log/radius/radacct/iptracker/*"
        load_factor = 10
        poll_interval = 1
        retry_interval = 30
  }
}
listen {
        type = "status"
        ipaddr = 127.0.0.1
        port = 18120
  client admin {
        ipaddr = 127.0.0.1
        require_message_authenticator = no
        secret = "adminsecret"
  }
}
listen {
        type = "detail"
  listen {
        filename = "/var/log/radius/radacct/consulate/*"
        load_factor = 10
        poll_interval = 1
        retry_interval = 30
  }
}
listen {
        type = "detail"
  listen {
        filename = "/var/log/radius/radacct/relay-acct/*"
        load_factor = 10
        poll_interval = 1
        retry_interval = 30
  }
}
 ... adding new socket proxy address * port 40182  ... adding new socket proxy address * port 54630  ... adding new socket proxy address * port 41460  ... adding new socket proxy address * port 46468  ... adding new socket proxy address * port 55955  ... adding new socket proxy address * port 40148  ... adding new socket proxy address * port 55333  ... adding new socket proxy address * port 58120  ... adding new socket proxy address * port 42133  ... adding new socket proxy address * port 52148  ... adding new socket proxy address * port 33849  ... adding new socket proxy address * port 58632  ... adding new socket proxy address * port 36516  ... adding new socket proxy address * port 60425  ... adding new socket proxy address * port 43158  ... adding new socket proxy address * port 47771  ... adding new socket proxy address * port 48703 Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /var/run/radiusd/radi!
 usd.sock Listening on detail file /var/log/radius/radacct/iptracker/* as server acct_iptracker Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.000000 sec Listening on status address 127.0.0.1 port 18120 as server status Listening on detail file /var/log/radius/radacct/consulate/* as server acct_consulate Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.000000 sec Listening on detail file /var/log/radius/radacct/relay-acct/* as server acct_aggregator Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.000000 sec Listening on proxy address * port 1814 Waking up in 0.9 seconds.
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.173734 sec Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.928983 sec Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.835711 sec Waking up in 0.8 seconds.
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.036269 sec Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.882089 sec Waking up in 0.2 seconds.
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.019558 sec Waking up in 0.6 seconds.
Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.197507 sec Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.850833 sec Waking up in 0.3 seconds.
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.078351 sec Waking up in 0.5 seconds.
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.931512 sec Waking up in 0.2 seconds.
Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.203859 sec Waking up in 0.2 seconds.
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.085231 sec Waking up in 0.3 seconds.
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.212170 sec Waking up in 0.5 seconds.
Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.975271 sec Waking up in 0.1 seconds.
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.823461 sec Waking up in 0.5 seconds.
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.150286 sec Waking up in 0.3 seconds.
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.219787 sec Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.916838 sec Waking up in 0.8 seconds.
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.938346 sec Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.059003 sec Waking up in 0.2 seconds.
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.888133 sec Waking up in 0.5 seconds.
rad_recv: Accounting-Request packet from host 127.0.0.1 port 53787, id=242, length=375
        Acct-Session-Id = "00000838"
        Framed-Protocol = PPP
        Cisco-SSG-Service-Info = "NConsulate_8021X_Roaming"
        Cisco-AVPair = "parent-session-id=00000837"
        Framed-IP-Address = 10.50.49.11
        User-Name = "1234081219000082 at wlan.mnc008.mcc234.3gppnetwork.org"
        Cisco-SSG-Control-Info = "I0;443495"
        Cisco-SSG-Control-Info = "O0;141604"
        Acct-Input-Packets = 851
        Acct-Output-Packets = 1035
        Acct-Input-Octets = 141604
        Acct-Output-Octets = 443495
        Acct-Session-Time = 10069
        Acct-Status-Type = Interim-Update
        Cisco-AVPair = "portbundle=enable"
        Cisco-SSG-Account-Info = "S192.168.89.94:22"
        Calling-Station-Id = "bc20.a4cd.dfaa"
        NAS-Port-Type = Virtual
        NAS-Port = 0
        NAS-Port-Id = "0/0/4/0"
        Service-Type = Framed-User
        NAS-IP-Address = 192.168.70.11
        Event-Timestamp = "Jan 24 2014 13:42:55 GMT"
        NAS-Identifier = "bay-isg1-asr1004.btopenzone.com"
        Acct-Delay-Time = 0
# Executing section preacct from file /etc/raddb/sites-enabled/default
+group preacct {
++[preprocess] = ok
[acct_unique] Hashing 'NAS-Port-Id = "0/0/4/0",Framed-IP-Address = 10.50.49.11,NAS-IP-Address = 192.168.70.11,Acct-Session-Id = "00000838",User-Name = "1234081219000082 at wlan.mnc008.mcc234.3gppnetwork.org"'
[acct_unique] Acct-Unique-Session-ID = "6740450b0490a636".
++[acct_unique] = ok
[IPASS] No '/' in User-Name = "1234081219000082 at wlan.mnc008.mcc234.3gppnetwork.org", looking up realm NULL [IPASS] No such realm "NULL"
++[IPASS] = noop
[suffix] Looking up realm "wlan.mnc008.mcc234.3gppnetwork.org" for User-Name = "1234081219000082 at wlan.mnc008.mcc234.3gppnetwork.org"
[suffix] Found realm "wlan.mnc008.mcc234.3gppnetwork.org"
[suffix] Adding Realm = "wlan.mnc008.mcc234.3gppnetwork.org"
[suffix] Proxying request from user 1234081219000082 to realm wlan.mnc008.mcc234.3gppnetwork.org
[suffix] Preparing to proxy accounting request to realm "wlan.mnc008.mcc234.3gppnetwork.org"
++[suffix] = updated
+} # group preacct = updated
# Executing section accounting from file /etc/raddb/sites-enabled/default
+group accounting {
++? if (noop)
? Evaluating (noop) -> FALSE
++? if (noop) -> FALSE
++[exec] = noop
[attr_filter.accounting_response]       expand: %{User-Name} -> 1234081219000082 at wlan.mnc008.mcc234.3gppnetwork.org
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] = updated
+} # group accounting = updated
  WARNING: Empty pre-proxy section.  Using default return values.
>>> Sending proxied request internally to virtual server.
server consulate-server-acct {
  WARNING: Empty preacct section.  Using default return values.
# Executing section accounting from file /etc/raddb/sites-enabled/consulate-server
+group accounting {
++? if (! (Cisco-SSG-Service-Info) && ( "%{Acct-Status-Type}" == "Stop"
++) && ( "%{Tunnel-Type}" != "VLAN") )
?? Evaluating (Cisco-SSG-Service-Info) -> TRUE ? Converting !TRUE -> FALSE ?? Skipping ("%{Acct-Status-Type}" == "Stop" ) ?? Skipping ("%{Tunnel-Type}" != "VLAN")
++? if (! (Cisco-SSG-Service-Info) && ( "%{Acct-Status-Type}" == "Stop"
++) && ( "%{Tunnel-Type}" != "VLAN") ) -> FALSE ? if (!
++(Cisco-SSG-Service-Info) )
?? Evaluating (Cisco-SSG-Service-Info) -> TRUE ? Converting !TRUE -> FALSE
++? if (! (Cisco-SSG-Service-Info) ) -> FALSE
+} # group accounting = noop
} # server consulate-server-acct
Going to the next request
<<< Received proxied response code 0 from internal virtual server.
# Executing section post-proxy from file /etc/raddb/sites-enabled/default
+group post-proxy {
[eap] No pre-existing handler found

I can re-create at will by sending in the packet using radclient.


All help appreciated.

Adrian Smith


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list