Start FreeRadius 4.0 with rlm_tacacs failed due to segV error
bryan xiang
bryanxiang82 at gmail.com
Wed Apr 23 14:34:05 UTC 2025
Hi Experts:
I use the latest FreeRadius 4.0 from github and I only use the rlm_tacacs
module build in FreeRadius
I would like to use FreeRadius forward auth request to remote TACACS server
like Cicso ISE using the rlm_tacacs module
why I use FreeRadius tacacs module is currently all my authenticate request
will go to FreeRadius 1812 port and we have a new request that the local
server should send authenticate request to remote TACACS server, so I would
like to use rlm_tacacs module to do this work
I downloaded the zip package from github and build in local, the
src/modules/stable file only contain the rlm_tacacs module, build has no
problem and I replaced the radiusd and all dependent so files to server
side.
When I try to start the radiusd daemon with -X, I encounter one segV error,
and start option with -XC has no problem for configuration
The config file for modules like:
# cat modules/tacacs
#modules {
tacacs {
transport = tcp
type = Authentication-Start
type = Authentication-Continue
type = Authorization-Request
type = Accounting-Request
tcp {
ipaddr = 10.76.xx.xx
port = 49
secret = testkey123
}
pool {
start = 1
min = 1
max = 1
}
#}
}
and the virtual server config like below, not sure this config will forward
the auth request to tacacs module as above IP and port:
#
# Does nothing other than send packets. It doesn't listen on any input
sockets.
#
server default {
namespace = tacacs
listen {
type = Authentication-Start
type = Authentication-Continue
type = Authorization-Request
type = Accounting-Request
}
recv Authentication-Start {
tacacs
}
recv Authentication-Continue {
tacacs
}
recv Authorization-Request {
tacacs
}
recv Accounting-Request {
tacacs
}
}
below is the output for radiusd with -X option
Info : Copyright 1999-2024 The FreeRADIUS server project and contributors
Info : There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
Info : PARTICULAR PURPOSE
Info : You may redistribute copies of FreeRADIUS under the terms of the
Info : GNU General Public License
Info : For more information about these matters, see the file named
COPYRIGHT
Info : Starting - reading configuration files ...
Debug : including configuration file
/etc/opt/LU3Pfreeradius-server/radiusd.conf
Debug : including configuration file
/etc/opt/LU3Pfreeradius-server/clients.conf
Debug : Including files in directory
"/etc/opt/LU3Pfreeradius-server/modules/"
Debug : including configuration file
/etc/opt/LU3Pfreeradius-server/modules/tacacs
Debug : including configuration file
/etc/opt/LU3Pfreeradius-server/sites-cpm/cpm_radius_config
Debug : Loaded module process_tacacs
Debug : Parsing initial logging configuration.
Debug : main {
Debug : prefix = /opt/LU3P
Debug : log {
Debug : destination = files
Debug : syslog_facility = daemon
Debug : local_state_dir = "/opt/LU3P/var"
Debug : logdir = "/opt/LU3P/var/log"
Debug : file = /var/opt/log/freeradius-server/radius.log
Debug : suppress_secrets = no
Debug : }
Debug : }
Debug : Parsing security rules to bootstrap UID / GID / chroot / etc.
Debug : main {
Debug : log {
Debug : }
Debug : security {
Debug : allow_core_dumps = no
Debug : allow_vulnerable_openssl = "no"
Debug : }
Debug : name = radiusd
Debug : local_state_dir = "/opt/LU3P/var"
Debug : run_dir = /var/opt/run
Debug : }
Debug : Parsing main configuration
Debug : main {
Debug : server default {
Debug : namespace = tacacs
Debug : tacacs {
Debug : Authentication {
Debug : session {
Debug : timeout = 15
Debug : max = 4096
Debug : max_rounds = 4
Debug : }
Debug : }
Debug : }
Debug : Loaded module proto_tacacs
Debug : listen {
Debug : type = Authentication-Start
Debug : type = Authentication-Continue
Debug : type = Authorization-Request
Debug : type = Accounting-Request
Debug : limit {
Debug : idle_timeout = 30.0
Debug : max_connections = 1024
Debug : }
Debug : priority {
Debug : Authentication-Start = high
Debug : Authentication-Continue = high
Debug : Authorization-Request = normal
Debug : Accounting-Request = low
Debug : }
Debug : }
Debug : }
Debug : log {
Debug : }
Debug : security {
Debug : }
Debug : sbin_dir = "/opt/LU3P/sbin"
Debug : logdir = /var/opt/log/freeradius-server
Debug : radacctdir = /var/opt/log/freeradius-server/radacct
Debug : reverse_lookups = no
Debug : hostname_lookups = no
Debug : max_request_time = 30
Debug : pidfile = /var/opt/run/radiusd.pid
Debug : debug_level = 0
Debug : max_requests = 1024
Debug : resources {
Debug : }
Debug : thread pool {
Debug : num_networks = 1
Info : Dynamically determined thread.workers = 2
Debug : num_workers = 2
Debug : }
Debug : migrate {
Debug : }
Debug : }
Info : Switching to configured log settings
Debug : radiusd: #### Loading Clients ####
Debug : client 127.0.0.1 {
Debug : ipaddr = 127.0.0.1
Debug : secret = <<< secret >>>
Debug : shortname = sig03-oam-b
Debug : require_message_authenticator = no
Debug : limit_proxy_state = auto
Debug : limit {
Debug : max_connections = 16
Debug : lifetime = 0
Debug : idle_timeout = 30s
Debug : }
Debug : }
Debug : client 169.254.64.0/20 {
Debug : ipaddr = 169.254.64.0/20
Debug : secret = <<< secret >>>
Debug : shortname = sig03-oam-b
Debug : require_message_authenticator = no
Debug : limit_proxy_state = auto
Debug : limit {
Debug : max_connections = 16
Debug : lifetime = 0
Debug : idle_timeout = 30s
Debug : }
Debug : }
Debug : client 169.254.128.0/17 {
Debug : ipaddr = 169.254.128.0/17
Debug : secret = <<< secret >>>
Debug : shortname = sig03-oam-b
Debug : require_message_authenticator = no
Debug : limit_proxy_state = auto
Debug : limit {
Debug : max_connections = 16
Debug : lifetime = 0
Debug : idle_timeout = 30s
Debug : }
Debug : }
Info : Debugger not attached
Info : Configuration version: 1F5FA0A8-6BD9-4091-B482-B90249BB93BD
Info : systemd watchdog is disabled
Info : pre-suid-down capabilities: =ep
*Error : _tmpl_global_init: Autoloader attribute "Packet-Type" not found in
"RADIUS" dictionary*
Warn : trigger { ... } subsection not found, triggers will be disabled
Debug : #### Instantiating libraries ####
Debug : #### Bootstrapping process modules ####
Debug : Bootstrapping process_tacacs "default"
Debug : #### Bootstrapping protocol modules ####
Debug : #### Instantiating libraries ####
Debug : #### Bootstrapping static modules ####
Debug : modules {
Debug : static {
Debug : Loaded module rlm_tacacs
Debug : tacacs {
Debug : transport = tcp
Debug : Loaded module rlm_tacacs_tcp
Debug : tcp {
Debug : ipaddr = 10.76.xx.xx
Debug : port = 49
Debug : secret = testkey123
Debug : max_packet_size = 4096
Debug : max_send_coalesce = 1024
Debug : }
Debug : type = Authentication-Start
Debug : type = Authentication-Continue
Debug : type = Authorization-Request
Debug : type = Accounting-Request
Debug : max_attributes = 255
Debug : response_window = 20
Debug : zombie_period = 40
Debug : pool {
Debug : start = 1
Debug : min = 1
Debug : max = 1
Debug : connecting = 2
Debug : uses = 0
Debug : lifetime = 0
Debug : idle_timeout = 0
Debug : open_delay = 0.2
Debug : close_delay = 10.0
Debug : manage_interval = 0.2
Debug : max_backlog = 1000
Debug : connection {
Debug : connect_timeout = 3.0
Debug : reconnect_delay = 1
Debug : }
Debug : request {
Debug : per_connection_max = 2000
Debug : per_connection_target = 1000
Debug : free_delay = 10.0
Debug : }
Debug : }
Debug : retry {
Debug : initial_rtx_time = 2
Debug : max_rtx_time = 16
Debug : max_rtx_count = 5
Debug : max_rtx_duration = 30
Debug : }
Debug : }
Debug : } # static
Debug : #### Bootstrapping rlm modules ####
Debug : Including dictionary file
"/etc/opt/LU3Pfreeradius-server/dictionary"
Debug : #### Instantiating listeners ####
Debug : Compiling policies in server default { ... }
Debug : Compiling policies in - recv Authentication-Start {...}
Debug : Compiling policies in - recv Authentication-Continue {...}
Debug : Compiling policies in - recv Authorization-Request {...}
Debug : Compiling policies in - recv Accounting-Request {...}
Warn :* tacacs { ... } section is unused*
Debug : #### Instantiating process modules ####
Debug : Instantiating process_tacacs "default"
Debug : #### Instantiating protocol modules ####
Debug : Instantiating proto_tacacs "default.tacacs.generic"
Debug : #### Instantiating rlm modules ####
Debug : Instantiating rlm_tacacs "tacacs"
Warn : Ignoring "trunk.per_connection_max = 2000", forcing to
"trunk.per_connection_max = 255"
Warn : Ignoring "trunk.per_connection_target = 1000", forcing to
"trunk.per_connection_target = 127"
Warn : Ignoring "revive_interval = 0", forcing to "revive_interval = 10"
Debug : Instantiating rlm_tacacs_tcp "tacacs.tcp"
CAUGHT SIGNAL: Segmentation fault
Backtrace of last 11 frames:
/opt/LU3P/lib64/libfreeradius-util.so(+0x32fc9)[0x7f2d3e4e3fc9]
/opt/LU3P/lib64/libfreeradius-util.so(fr_fault+0x75)[0x7f2d3e4e4465]
/lib64/libpthread.so.0(+0x12d10)[0x7f2d3c454d10]
/opt/LU3P/lib64/rlm_tacacs_tcp.so(+0x266f)[0x7f2d339f266f]
/opt/LU3P/lib64/libfreeradius-server.so(module_thread_instantiate+0xda)[0x7f2d3dff1e3a]
/opt/LU3P/lib64/libfreeradius-server.so(modules_thread_instantiate+0x65)[0x7f2d3dff2045]
/opt/LU3P/sbin/radiusd[0x4056d1]
/opt/LU3P/lib64/libfreeradius-io.so(fr_schedule_create+0x126)[0x7f2d3dae4d16]
/opt/LU3P/sbin/radiusd(main+0xdff)[0x404bcf]
/lib64/libc.so.6(__libc_start_main+0xe5)[0x7f2d3bd5a7e5]
/opt/LU3P/sbin/radiusd(_start+0x2e)[0x40533e]
No panic action set
regards,
Bryan
More information about the Freeradius-Users
mailing list