Version 4 issue - Opening tacacs I/O interface failed
jeff cearniey
jeffcearniey at gmail.com
Wed Mar 6 18:04:44 UTC 2024
I've seen this error mentioned a few times with some google search and the
advice was to ensure libkqueue is the most recent version from git which is
2.6.1 and i've done that:
dpkg -l libkqueue
Desired=Unknown/Install/Remove/Purge/Hold
|
Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-==============-============-============-===================================================================
ii libkqueue 2.6.1 amd64 Userspace implementation of
the kqueue event notification mechanism
I'm on ubuntu 20.04 and everything is up to date.
I installed version 4 from the tar file here
https://freeradius.org/ftp/pub/freeradius/
here is the full error (i'm using v4 because i want tacacs)
radiusd -X
Info : Copyright 1999-2023 The FreeRADIUS server project and contributors
Info : There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
Info : PARTICULAR PURPOSE
Info : You may redistribute copies of FreeRADIUS under the terms of the
Info : GNU General Public License
Info : For more information about these matters, see the file named
COPYRIGHT
Info : Starting - reading configuration files ...
Debug : Including dictionary file "/usr/local/etc/raddb/dictionary"
gctx 0x5612a932aa40 report
internal refs src/lib/server/main_config.c (1)
internal refs src/lib/server/request.c (1)
internal refs src/lib/tls/base.c (1)
including configuration file /usr/local/etc/raddb/radiusd.conf
Including files in directory "/usr/local/etc/raddb/template.d/"
including configuration file /usr/local/etc/raddb/template.d/default
including configuration file /usr/local/etc/raddb/clients.conf
Including files in directory "/usr/local/etc/raddb/global.d/"
including configuration file /usr/local/etc/raddb/global.d/ldap
including configuration file /usr/local/etc/raddb/global.d/python
Including files in directory "/usr/local/etc/raddb/mods-enabled/"
including configuration file /usr/local/etc/raddb/mods-enabled/always
including configuration file /usr/local/etc/raddb/mods-enabled/attr_filter
including configuration file /usr/local/etc/raddb/mods-enabled/cache_eap
including configuration file /usr/local/etc/raddb/mods-enabled/chap
including configuration file /usr/local/etc/raddb/mods-enabled/client
including configuration file /usr/local/etc/raddb/mods-enabled/delay
including configuration file /usr/local/etc/raddb/mods-enabled/detail
including configuration file /usr/local/etc/raddb/mods-enabled/detail.log
including configuration file /usr/local/etc/raddb/mods-enabled/digest
including configuration file /usr/local/etc/raddb/mods-enabled/echo
including configuration file /usr/local/etc/raddb/mods-enabled/escape
including configuration file /usr/local/etc/raddb/mods-enabled/exec
including configuration file /usr/local/etc/raddb/mods-enabled/files
including configuration file /usr/local/etc/raddb/mods-enabled/linelog
including configuration file /usr/local/etc/raddb/mods-enabled/mschap
including configuration file /usr/local/etc/raddb/mods-enabled/ntlm_auth
including configuration file /usr/local/etc/raddb/mods-enabled/pap
including configuration file /usr/local/etc/raddb/mods-enabled/passwd
including configuration file /usr/local/etc/raddb/mods-enabled/radutmp
including configuration file /usr/local/etc/raddb/mods-enabled/sradutmp
including configuration file /usr/local/etc/raddb/mods-enabled/stats
including configuration file /usr/local/etc/raddb/mods-enabled/unix
including configuration file /usr/local/etc/raddb/mods-enabled/unpack
including configuration file /usr/local/etc/raddb/mods-enabled/utf8
Including files in directory "/usr/local/etc/raddb/policy.d/"
including configuration file /usr/local/etc/raddb/policy.d/abfab-tr
including configuration file /usr/local/etc/raddb/policy.d/accounting
including configuration file /usr/local/etc/raddb/policy.d/canonicalisation
including configuration file /usr/local/etc/raddb/policy.d/control
including configuration file /usr/local/etc/raddb/policy.d/cui
including configuration file /usr/local/etc/raddb/policy.d/debug
including configuration file /usr/local/etc/raddb/policy.d/dhcp
including configuration file /usr/local/etc/raddb/policy.d/eap
including configuration file /usr/local/etc/raddb/policy.d/filter
including configuration file /usr/local/etc/raddb/policy.d/operator-name
including configuration file /usr/local/etc/raddb/policy.d/time
including configuration file /usr/local/etc/raddb/policy.d/vendor
Including files in directory "/usr/local/etc/raddb/sites-enabled/"
including configuration file /usr/local/etc/raddb/sites-enabled/tacacs
Loaded module process_tacacs
Parsing initial logging configuration.
main {
prefix = /usr/local
log {
destination = files
syslog_facility = daemon
local_state_dir = "/usr/local/var"
logdir = "/usr/local/var/log"
file = /usr/local/var/log/radius/radius.log
suppress_secrets = no
}
}
Parsing security rules to bootstrap UID / GID / chroot / etc.
main {
log {
}
security {
allow_core_dumps = no
allow_vulnerable_openssl = no
openssl_fips_mode = no
}
name = radiusd
local_state_dir = "/usr/local/var"
run_dir = /usr/local/var/run/radiusd
}
Parsing main configuration
main {
server tacacs {
namespace = tacacs
tacacs {
Authentication {
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
msg_denied = "You are already logged in - access denied"
}
session {
timeout = 15
max = 4096
max_rounds = 4
}
}
}
Loaded module proto_tacacs
listen {
type = Authentication-Start
type = Authentication-Continue
type = Authorization-Request
type = Accounting-Request
transport = tcp
Loaded module proto_tacacs_tcp
tcp {
ipaddr = 10.10.10.10
port = 49
networks {
}
max_packet_size = 4096
max_attributes = 256
}
limit {
idle_timeout = 60.0
max_connections = 256
}
priority {
Authentication-Start = high
Authentication-Continue = high
Authorization-Request = normal
Accounting-Request = low
}
}
}
log {
colourise = yes
}
security {
}
sbin_dir = "/usr/local/sbin"
logdir = /usr/local/var/log/radius
radacctdir = /usr/local/var/log/radius/radacct
reverse_lookups = no
hostname_lookups = yes
max_request_time = 30
pidfile = /usr/local/var/run/radiusd/radiusd.pid
debug_level = 0
max_requests = 16384
resources {
}
thread pool {
num_networks = 1
Dynamically determined thread.workers = 31
num_workers = 31
openssl_async_pool_init = 64
openssl_async_pool_max = 1024
}
migrate {
rewrite_update = false
forbid_update = false
}
interpret {
}
}
Switching to configured log settings
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
secret = <<< secret >>>
require_message_authenticator = no
proto = *
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client localhost_ipv6 {
ipv6addr = ::1
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30s
}
}
Debugger not attached
trigger { ... } subsection not found, triggers will be disabled
#### Instantiating libraries ####
#### Bootstrapping process modules ####
Bootstrapping process_tacacs "tacacs"
Creating Auth-Type = PAP
Creating Auth-Type = CHAP
Creating Auth-Type = ASCII
#### Bootstrapping protocol modules ####
Bootstrapping proto_tacacs "tacacs.tacacs"
Ignoring "nak_lifetime = 0", forcing to "nak_lifetime = 1"
client tacacs {
ipaddr = 10.81.1.195
secret = <<< secret >>>
proto = tcp
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30s
}
}
#### Instantiating libraries ####
#### Bootstrapping modules ####
modules {
Loaded module rlm_always
always reject {
rcode = reject
simulcount = 0
mpp = no
}
always fail {
rcode = fail
simulcount = 0
mpp = no
}
always ok {
rcode = ok
simulcount = 0
mpp = no
}
always handled {
rcode = handled
simulcount = 0
mpp = no
}
always invalid {
rcode = invalid
simulcount = 0
mpp = no
}
always disallow {
rcode = disallow
simulcount = 0
mpp = no
}
always notfound {
rcode = notfound
simulcount = 0
mpp = no
}
always noop {
rcode = noop
simulcount = 0
mpp = no
}
always updated {
rcode = updated
simulcount = 0
mpp = no
}
Loaded module rlm_attr_filter
attr_filter attr_filter.pre-proxy {
filename = /usr/local/etc/raddb/mods-config/attr_filter/pre-proxy
key = "%{Realm}"
relaxed = no
}
attr_filter attr_filter.post-proxy {
filename = /usr/local/etc/raddb/mods-config/attr_filter/post-proxy
key = "%{Realm}"
relaxed = no
}
attr_filter attr_filter.access_reject {
filename = /usr/local/etc/raddb/mods-config/attr_filter/access_reject
key = "%{User-Name}"
relaxed = no
}
attr_filter attr_filter.access_challenge {
filename =
/usr/local/etc/raddb/mods-config/attr_filter/access_challenge
key = "%{User-Name}"
relaxed = no
}
attr_filter attr_filter.accounting_response {
filename =
/usr/local/etc/raddb/mods-config/attr_filter/accounting_response
key = "%{User-Name}"
relaxed = no
}
Loaded module rlm_cache
cache cache_eap {
driver = rbtree
Loaded module rlm_cache_rbtree
key = %{&control.State || &reply.State || &State}
ttl = 15
max_entries = 0
epoch = 0
add_stats = no
}
Loaded module rlm_chap
chap {
min_challenge_len = 16
}
Loaded module rlm_client
Loaded module rlm_delay
delay {
delay = 1.0s
relative = no
force_reschedule = no
}
delay delay_reject {
delay = "%{&reply.FreeRADIUS-Response-Delay || 1}"
relative = yes
force_reschedule = no
}
Loaded module rlm_detail
detail {
filename =
/usr/local/var/log/radius/radacct/%{Net.Src.IP}/detail-%Y-%m-%d
header = %t
permissions = 0600
locking = no
escape_filenames = no
log_packet_header = no
}
detail auth_log {
filename =
/usr/local/var/log/radius/radacct/%{Net.Src.IP}/auth-detail-%Y-%m-%d
header = %t
permissions = 0600
locking = no
escape_filenames = no
log_packet_header = no
}
detail reply_log {
filename =
/usr/local/var/log/radius/radacct/%{Net.Src.IP}/reply-detail-%Y-%m-%d
header = %t
permissions = 0600
locking = no
escape_filenames = no
log_packet_header = no
}
detail pre_proxy_log {
filename =
/usr/local/var/log/radius/radacct/%{Net.Src.IP}/pre-proxy-detail-%Y-%m-%d
header = %t
permissions = 0600
locking = no
escape_filenames = no
log_packet_header = no
}
detail post_proxy_log {
filename =
/usr/local/var/log/radius/radacct/%{Net.Src.IP}/post-proxy-detail-%Y-%m-%d
header = %t
permissions = 0600
locking = no
escape_filenames = no
log_packet_header = no
}
Loaded module rlm_digest
Loaded module rlm_exec
exec echo {
wait = yes
input_pairs = &request
output_pairs = &reply
shell_escape = yes
env_inherit = no
}
Loaded module rlm_escape
escape {
safe_characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_:
/äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
}
exec {
wait = yes
input_pairs = &request
shell_escape = yes
env_inherit = no
timeout = 10
}
Loaded module rlm_files
files {
filename = /usr/local/etc/raddb/mods-config/files/authorize
acctusersfile = /usr/local/etc/raddb/mods-config/files/accounting
key = %{%{Stripped-User-Name}:-%{User-Name}}
}
Loaded module rlm_linelog
linelog {
destination = file
delimiter = "\n"
format = "This is a log message for %{User-Name}"
reference = "messages.%{&reply.Packet-Type || 'default'}"
file {
filename = /usr/local/var/log/radius/linelog
permissions = 0600
escape_filenames = no
}
syslog {
severity = "info"
}
unix {
}
tcp {
server = localhost
port = 514
timeout = 2.0
}
udp {
server = localhost
port = 514
timeout = 2.0
}
}
linelog log_accounting {
destination = file
delimiter = "\n"
format = ""
reference = "Accounting-Request.%{&Acct-Status-Type || 'unknown'}"
file {
filename = /usr/local/var/log/radius/linelog-accounting
permissions = 0600
escape_filenames = no
}
syslog {
severity = "info"
}
unix {
}
tcp {
timeout = 1000
}
udp {
timeout = 1000
}
}
Loaded module rlm_mschap
mschap {
normalise = yes
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = yes
passchange {
}
allow_retry = yes
winbind {
}
}
exec ntlm_auth {
wait = yes
shell_escape = yes
env_inherit = no
}
Loaded module rlm_pap
pap {
normalise = yes
}
Loaded module rlm_passwd
passwd etc_passwd {
filename = /etc/passwd
format = "*User-Name:Crypt-Password:"
delimiter = ":"
ignore_nislike = no
ignore_empty = yes
allow_multiple_keys = no
hash_size = 100
}
Loaded module rlm_radutmp
radutmp {
filename = /usr/local/var/log/radius/radutmp
username = %{User-Name}
check_with_nas = yes
permissions = 0600
caller_id = no
}
radutmp sradutmp {
filename = /usr/local/var/log/radius/sradutmp
username = "%{User-Name}"
check_with_nas = yes
permissions = 0644
caller_id = no
}
Loaded module rlm_stats
stats {
}
Loaded module rlm_unix
unix {
}
Loaded module rlm_unpack
Loaded module rlm_utf8
#### Bootstrapping rlm modules ####
Bootstrapping rlm_cache "cache_eap"
Bootstrapping rlm_chap "chap"
Bootstrapping rlm_delay "delay"
Bootstrapping rlm_delay "delay_reject"
Bootstrapping rlm_always "disallow"
Bootstrapping rlm_exec "echo"
Bootstrapping rlm_escape "escape"
Bootstrapping rlm_exec "exec"
Bootstrapping rlm_always "fail"
Bootstrapping rlm_always "handled"
Bootstrapping rlm_always "invalid"
Bootstrapping rlm_linelog "linelog"
Bootstrapping rlm_linelog "log_accounting"
Bootstrapping rlm_mschap "mschap"
Bootstrapping rlm_always "noop"
Bootstrapping rlm_always "notfound"
Bootstrapping rlm_exec "ntlm_auth"
Bootstrapping rlm_always "ok"
Bootstrapping rlm_always "reject"
Bootstrapping rlm_unix "unix"
Bootstrapping rlm_always "updated"
} # modules
#### Instantiating listeners ####
Compiling policies in server tacacs { ... }
Instantiating proto_tacacs "tacacs.tacacs"
Instantiating process_tacacs "tacacs"
Compiling policies in - recv Authentication-Start {...}
/usr/local/etc/raddb/sites-enabled/tacacs[287]: Ignoring "-sql" as the
"sql" module is not enabled.
Compiling policies in - send Authentication-Pass {...}
Compiling policies in - send Authentication-Fail {...}
Compiling policies in - send Authentication-GetUser {...}
Compiling policies in - send Authentication-GetPass {...}
Compiling policies in - recv Authentication-Continue {...}
Compiling policies in - authenticate PAP {...}
Compiling policies in - authenticate CHAP {...}
Compiling policies in - authenticate ASCII {...}
Compiling policies in - recv Authorization-Request {...}
Compiling policies in - send Authorization-Pass-Add {...}
Compiling policies in - recv Accounting-Request {...}
Compiling policies in - send Accounting-Success {...}
Compiling policies in - send Accounting-Error {...}
Compiling policies in - accounting Start {...}
Compiling policies in - accounting Watchdog-Update {...}
Compiling policies in - accounting Watchdog {...}
Compiling policies in - accounting Stop {...}
/usr/local/etc/raddb/sites-enabled/tacacs[24]: tacacs { ... } section is
unused
#### Instantiating rlm modules ####
Instantiating rlm_attr_filter "attr_filter.access_challenge"
Reading file /usr/local/etc/raddb/mods-config/attr_filter/access_challenge
Instantiating rlm_attr_filter "attr_filter.access_reject"
Reading file /usr/local/etc/raddb/mods-config/attr_filter/access_reject
Instantiating rlm_attr_filter "attr_filter.accounting_response"
Reading file
/usr/local/etc/raddb/mods-config/attr_filter/accounting_response
Instantiating rlm_attr_filter "attr_filter.post-proxy"
Reading file /usr/local/etc/raddb/mods-config/attr_filter/post-proxy
Instantiating rlm_attr_filter "attr_filter.pre-proxy"
Reading file /usr/local/etc/raddb/mods-config/attr_filter/pre-proxy
Instantiating rlm_detail "auth_log"
auth_log - 'User-Password' suppressed, will not appear in detail output
Instantiating rlm_cache "cache_eap"
Instantiating rlm_chap "chap"
Instantiating rlm_detail "detail"
Instantiating rlm_digest "digest"
Failed to find 'authenticate digest {...}' section. Digest authentication
will likely not work
Instantiating rlm_always "disallow"
Instantiating rlm_passwd "etc_passwd"
Instantiating rlm_always "fail"
Instantiating rlm_files "files"
Reading file /usr/local/etc/raddb/mods-config/files/authorize
Reading file /usr/local/etc/raddb/mods-config/files/accounting
Instantiating rlm_always "handled"
Instantiating rlm_always "invalid"
Instantiating rlm_linelog "linelog"
Instantiating rlm_linelog "log_accounting"
Instantiating rlm_mschap "mschap"
mschap - Failed to find 'authenticate mschap {...}' section. MS-CHAP
authentication will likely not work
mschap - Using internal authentication
Instantiating rlm_always "noop"
Instantiating rlm_always "notfound"
Instantiating rlm_always "ok"
Instantiating rlm_pap "pap"
Instantiating rlm_detail "post_proxy_log"
Instantiating rlm_detail "pre_proxy_log"
Instantiating rlm_always "reject"
Instantiating rlm_detail "reply_log"
Instantiating rlm_stats "stats"
Instantiating rlm_always "updated"
Instantiating _cache_rbtree "cache_eap.rbtree"
Scheduler created in single-threaded mode
#### Opening listener interfaces ####
Network - Failed adding new socket to network event loop: Failed inserting
filters for FD 15: EFAULT: Bad address
/usr/local/etc/raddb/sites-enabled/tacacs[144]: Opening tacacs I/O
interface failed
More information about the Freeradius-Users
mailing list