Start FreeRadius 4.0 with rlm_tacacs failed due to segV error

Timothy M Butterworth timothy.m.butterworth at gmail.com
Thu Apr 24 06:57:12 UTC 2025 

On Thu, Apr 24, 2025 at 2:35 AM bryan xiang <bryanxiang82 at gmail.com> wrote:

> I just see your patch fix, I use your patch load and rebuild again
> This time no crash, and I can see log like:
> Debug : Instantiating rlm_tacacs "tacacs"
> Warn  : Ignoring "trunk.per_connection_max = 2000", forcing to
> "trunk.per_connection_max = 255"
> Warn  : Ignoring "trunk.per_connection_target = 1000", forcing to
> "trunk.per_connection_target = 127"
> Warn  : Ignoring "revive_interval = 0", forcing to "revive_interval = 10"
> Debug : Instantiating rlm_tacacs_tcp "tacacs.tcp"
> Debug : tacacs - [0] Starting initial connection
> Debug : tacacs - [1] - Signalled to start from HALTED state
> Debug : tacacs - [1] - Connection changed state HALTED -> INIT
> Debug : tacacs - [1] Trunk connection changed state HALTED -> INIT
> Debug : tacacs - [1] - Connection changed state INIT -> CONNECTING
> Info  : tacacs - [1] Trunk connection changed state INIT -> CONNECTING
> Debug : Scheduler created in single-threaded mode
> Debug : #### Opening listener interfaces ####
> Info  : post-suid-down capabilities: =ep
> Info  : Ready to process requests
> Debug : tacacs - [1] - Connection changed state CONNECTING -> CONNECTED
> Debug : tacacs - [1] - Connection established
> Debug : tacacs - [1] Trunk connection changed state CONNECTING -> ACTIVE
>
>
> but I didn't see FreeRadius server listen port 1812
> before I use tacacs module, my radiusd could print logs as below:
> Listening on auth address 10.76.xx.xx port 1812
>

You do not have to xx.xx a 10.0.0.0 network address. The 10 network is a
private non-routable network and no one will be able to access it anyway.

Listening on auth address 169.254.195.0 port 1812
> Listening on auth address 127.0.0.1 port 1812
> Listening on auth address ::1 port 1812
> Listening on command file /var/opt/run/radiusd.sock
> but with talacs module, no such log, so my login to shell failed due to
> request not send to radiusd port 1812
>
> my request flow is :
> login to Shell to one server which running FreeRadius with rlm_tacacs
> module, the username/password will send to FreeRadius via port 1812, and
> radiusd will send request to remote Tacacs server which configed in tacacs
> module, my example is 10.76.x.x with port 49
> from log seems virtual server could connect the remote tacacs serve with
> port 49, but can't receive auth request from port 1812, what is the problem
> here?
> thanks,
> Bryan
>
> On Thu, Apr 24, 2025 at 9:46 AM bryan xiang <bryanxiang82 at gmail.com>
> wrote:
>
> > Thank you Alan for the quick response, glad to know you can reproduce it
> > in local
> > When the master branch will include your code?
> > after you fix it, you could see below log in your local?
> > Listening on auth address xx.xx.xx.xx port 1812
> > Listening on auth address 169.254.195.0 port 1812
> > Listening on auth address 127.0.0.1 port 1812
> > Listening on auth address ::1 port 1812
> > Listening on command file /var/opt/run/radiusd.sock
> > Ready to process requests
> >
> > thanks,
> > Bryan
> >
> > On Wed, Apr 23, 2025 at 11:47 PM Alan DeKok <aland at deployingradius.com>
> > wrote:
> >
> >> On Apr 23, 2025, at 10:34 AM, bryan xiang <bryanxiang82 at gmail.com>
> wrote:
> >> > I use the latest FreeRadius 4.0 from github and I only use the
> >> rlm_tacacs
> >> > module build in FreeRadius
> >>
> >>   I don't think that module is included in the testing framework.  It
> >> hasn't really seen any code changes in a while.
> >>
> >> > When I try to start the radiusd daemon with -X, I encounter one segV
> >> error,
> >> > and start option with -XC has no problem for configuration
> >> > ...
> >> > Debug : Instantiating rlm_tacacs_tcp "tacacs.tcp"
> >> > CAUGHT SIGNAL: Segmentation fault
> >> > Backtrace of last 11 frames:
> >> > /opt/LU3P/lib64/libfreeradius-util.so(+0x32fc9)[0x7f2d3e4e3fc9]
> >> > /opt/LU3P/lib64/libfreeradius-util.so(fr_fault+0x75)[0x7f2d3e4e4465]
> >> > /lib64/libpthread.so.0(+0x12d10)[0x7f2d3c454d10]
> >> > /opt/LU3P/lib64/rlm_tacacs_tcp.so(+0x266f)[0x7f2d339f266f]
> >> >
> >>
> /opt/LU3P/lib64/libfreeradius-server.so(module_thread_instantiate+0xda)[0x7f2d3dff1e3a]
> >> >
> >>
> /opt/LU3P/lib64/libfreeradius-server.so(modules_thread_instantiate+0x65)[0x7f2d3dff2045]
> >> > /opt/LU3P/sbin/radiusd[0x4056d1]
> >> >
> >>
> /opt/LU3P/lib64/libfreeradius-io.so(fr_schedule_create+0x126)[0x7f2d3dae4d16]
> >> > /opt/LU3P/sbin/radiusd(main+0xdff)[0x404bcf]
> >> > /lib64/libc.so.6(__libc_start_main+0xe5)[0x7f2d3bd5a7e5]
> >> > /opt/LU3P/sbin/radiusd(_start+0x2e)[0x40533e]
> >> > No panic action set
> >>
> >>   Oops.  :(    When I try it locally, I see it crash, too.
> >>
> >>   I've pushed a patch which makes it not crash.  But I haven't tested
> the
> >> actual TACACS+ functionality.
> >>
> >>   Alan DeKok.
> >>
> >> -
> >> List info/subscribe/unsubscribe? See
> >> http://www.freeradius.org/list/users.html
> >>
> >
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>


-- 
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
⠈⠳⣄⠀⠀

More information about the Freeradius-Users mailing list