Start FreeRadius 4.0 with rlm_tacacs failed due to segV error

bryan xiang bryanxiang82 at gmail.com
Thu Apr 24 06:34:49 UTC 2025 

I just see your patch fix, I use your patch load and rebuild again
This time no crash, and I can see log like:
Debug : Instantiating rlm_tacacs "tacacs"
Warn  : Ignoring "trunk.per_connection_max = 2000", forcing to
"trunk.per_connection_max = 255"
Warn  : Ignoring "trunk.per_connection_target = 1000", forcing to
"trunk.per_connection_target = 127"
Warn  : Ignoring "revive_interval = 0", forcing to "revive_interval = 10"
Debug : Instantiating rlm_tacacs_tcp "tacacs.tcp"
Debug : tacacs - [0] Starting initial connection
Debug : tacacs - [1] - Signalled to start from HALTED state
Debug : tacacs - [1] - Connection changed state HALTED -> INIT
Debug : tacacs - [1] Trunk connection changed state HALTED -> INIT
Debug : tacacs - [1] - Connection changed state INIT -> CONNECTING
Info  : tacacs - [1] Trunk connection changed state INIT -> CONNECTING
Debug : Scheduler created in single-threaded mode
Debug : #### Opening listener interfaces ####
Info  : post-suid-down capabilities: =ep
Info  : Ready to process requests
Debug : tacacs - [1] - Connection changed state CONNECTING -> CONNECTED
Debug : tacacs - [1] - Connection established
Debug : tacacs - [1] Trunk connection changed state CONNECTING -> ACTIVE


but I didn't see FreeRadius server listen port 1812
before I use tacacs module, my radiusd could print logs as below:
Listening on auth address 10.76.xx.xx port 1812
Listening on auth address 169.254.195.0 port 1812
Listening on auth address 127.0.0.1 port 1812
Listening on auth address ::1 port 1812
Listening on command file /var/opt/run/radiusd.sock
but with talacs module, no such log, so my login to shell failed due to
request not send to radiusd port 1812

my request flow is :
login to Shell to one server which running FreeRadius with rlm_tacacs
module, the username/password will send to FreeRadius via port 1812, and
radiusd will send request to remote Tacacs server which configed in tacacs
module, my example is 10.76.x.x with port 49
from log seems virtual server could connect the remote tacacs serve with
port 49, but can't receive auth request from port 1812, what is the problem
here?
thanks,
Bryan

On Thu, Apr 24, 2025 at 9:46 AM bryan xiang <bryanxiang82 at gmail.com> wrote:

> Thank you Alan for the quick response, glad to know you can reproduce it
> in local
> When the master branch will include your code?
> after you fix it, you could see below log in your local?
> Listening on auth address xx.xx.xx.xx port 1812
> Listening on auth address 169.254.195.0 port 1812
> Listening on auth address 127.0.0.1 port 1812
> Listening on auth address ::1 port 1812
> Listening on command file /var/opt/run/radiusd.sock
> Ready to process requests
>
> thanks,
> Bryan
>
> On Wed, Apr 23, 2025 at 11:47 PM Alan DeKok <aland at deployingradius.com>
> wrote:
>
>> On Apr 23, 2025, at 10:34 AM, bryan xiang <bryanxiang82 at gmail.com> wrote:
>> > I use the latest FreeRadius 4.0 from github and I only use the
>> rlm_tacacs
>> > module build in FreeRadius
>>
>>   I don't think that module is included in the testing framework.  It
>> hasn't really seen any code changes in a while.
>>
>> > When I try to start the radiusd daemon with -X, I encounter one segV
>> error,
>> > and start option with -XC has no problem for configuration
>> > ...
>> > Debug : Instantiating rlm_tacacs_tcp "tacacs.tcp"
>> > CAUGHT SIGNAL: Segmentation fault
>> > Backtrace of last 11 frames:
>> > /opt/LU3P/lib64/libfreeradius-util.so(+0x32fc9)[0x7f2d3e4e3fc9]
>> > /opt/LU3P/lib64/libfreeradius-util.so(fr_fault+0x75)[0x7f2d3e4e4465]
>> > /lib64/libpthread.so.0(+0x12d10)[0x7f2d3c454d10]
>> > /opt/LU3P/lib64/rlm_tacacs_tcp.so(+0x266f)[0x7f2d339f266f]
>> >
>> /opt/LU3P/lib64/libfreeradius-server.so(module_thread_instantiate+0xda)[0x7f2d3dff1e3a]
>> >
>> /opt/LU3P/lib64/libfreeradius-server.so(modules_thread_instantiate+0x65)[0x7f2d3dff2045]
>> > /opt/LU3P/sbin/radiusd[0x4056d1]
>> >
>> /opt/LU3P/lib64/libfreeradius-io.so(fr_schedule_create+0x126)[0x7f2d3dae4d16]
>> > /opt/LU3P/sbin/radiusd(main+0xdff)[0x404bcf]
>> > /lib64/libc.so.6(__libc_start_main+0xe5)[0x7f2d3bd5a7e5]
>> > /opt/LU3P/sbin/radiusd(_start+0x2e)[0x40533e]
>> > No panic action set
>>
>>   Oops.  :(    When I try it locally, I see it crash, too.
>>
>>   I've pushed a patch which makes it not crash.  But I haven't tested the
>> actual TACACS+ functionality.
>>
>>   Alan DeKok.
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>

More information about the Freeradius-Users mailing list