I've searched through the mail archives a good bit on both devel and user
trying to get this configuration correct but I'm now seeing a segfault
that doesn't make a lot of sense to me
What I'm trying to do right now is make PPTP work with a Nortel
Contivity box using radius authentication
Lets see first if I understand how freeradius works.
modules are parsed, chap request/challenge is sent via radius to
freeradius
authorize block goes in order from top to bottom. First query via LDAP to make
sure the user exists with userFilter, since password_attribute is
set, add it to our current auth request. Now process next module -
mschap to seed reply requests and send them away.
Then process CHAP response and based on that send either positive or
negative authentication response
I've tried both redhat's nasty GCC gcc version 2.96 20000731 (Red Hat
Linux 7.1 2.96-98) and egcs-2.91.66 and seem to get the same error.
I'm not sure what the eval.c is as it's not a part of freeradius in
the below backtrace
rlm_ldap: - authorize
rlm_ldap: performing user authorization for me
radius_xlat: '(uid=me)'
radius_xlat: 'dc=uab,dc=edu'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to xxx.xxx.xxx.xxx:389, authentication 0
rlm_ldap: bind as uid=NotReal,ou=Directory
Administrators,dc=uab,dc=edu/notarealpassword
rlm_ldap: waiting for bind result ...
rlm_ldap: performing search in dc=uab,dc=edu, with filter (uid=me)
rlm_ldap: Added password notRealEither in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user me authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok
zsh: segmentation fault (core dumped) src/main/radiusd -X
#0 0x40025aef in mschap_authorize () at eval.c:41
#1 0x08058687 in call_modsingle (component=1, sp=0x80c7b48, request=0x80cfd28,
default_result=6)
at modcall.c:205
#2 0x080588d9 in modcall (component=1, c=0x80c7b48, request=0x80cfd28) at
modcall.c:288
#3 0x080586eb in call_modgroup (component=1, g=0x80c7b10, request=0x80cfd28,
default_result=6) at modcall.c:227
#4 0x08058877 in modcall (component=1, c=0x80c7b10, request=0x80cfd28) at
modcall.c:281
#5 0x08057de4 in indexed_modcall (comp=1, idx=0, request=0x80cfd28) at modules.c:456
#6 0x080581c8 in module_authorize (request=0x80cfd28) at modules.c:631
#7 0x08053f8c in rad_authenticate (request=0x80cfd28) at auth.c:524
#8 0x0804eaed in rad_respond (request=0x80cfd28, fun=0x8053da4 <rad_authenticate>) at
radiusd.c:1492
#9 0x0804e690 in rad_process (request=0x80cfd28, dospawn=0) at radiusd.c:1252
#10 0x0804e1f6 in main (argc=2, argv=0xbffff694) at radiusd.c:1060
#11 0x401dc306 in __libc_start_main (main=0x804cb54 <main>, argc=2, ubp_av=0xbffff694,
init=0x804b9dc <_init>,
fini=0x8066e6c <_fini>, rtld_fini=0x4000d2cc <_dl_fini>, stack_end=0xbffff68c)
at ../sysdeps/generic/libc-start.c:129
Here is the (hopefully all) relevant portions of my radiusd.conf
modules {
mschap {
}
ldap {
server = "xxx.xxx.xxx.xxx"
identity = "uid=NotReal,ou=Directory Administrators,dc=uab,dc=edu"
password = "troll-Bridge"
basedn = "dc=uab,dc=edu"
# basedn = "ou=people,dc=uab,dc=edu"
filter = "(uid=%u)"
password_attribute = "chapPassword"
dictionary_mapping = ${raddbdir}/ldap.attrmap
timeout = 4
timelimit = 3
net_timeout = 1
password_header = ""
}
}
authorize {
preprocess
ldap
mschap
}
authenticate {
mschap
}
Thanks for your help,
Chris
--
Chris Green <[EMAIL PROTECTED]>
You now have 14 minutes to reach minimum safe distance.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
