At the moment, I am using freeradius-snapshot-20040516 on Fedora Core 2.
I use freeradius to authenticate and authorize WLAN clients that use 802.1x or WPA. As a result, I have configured freeradius to do PEAP. With users configured in the users file, everything works fine.
However, I use OpenLDAP as a central store for account information for all other services (unix, samba, email, etc). Therefore, I would like freeradius to get account information from the LDAP server as well. However, when I configure freeradius to use the LDAP server, the freeradius server segfaults rlm_ldap attempts to bind to my LDAP server.
I ran freeradius using "radiusd -X". I have attached the part of the resulting output that I believe is important (with the LDAP bind password removed).
If anyone has suggestions, I am willing to give them a try. Please let me know if need other information.
By the way, I did see a message from March 5, 2004 on the same subject <http://lists.cistron.nl/archives/freeradius-users/2004/03/frm00221.html>. However, I did not see any resolution.
------
rad_recv: Accounting-Request packet from host 192.168.0.248:1027, id=166, length=158
Acct-Session-Id = "00000000000C"
Acct-Status-Type = Stop
Acct-Authentic = RADIUS
Acct-Delay-Time = 0
NAS-Port = 1
Calling-Station-Id = "00-40-05-5F-70-9F"
Service-Type = Framed-User
NAS-IP-Address = 192.168.0.248
NAS-Identifier = "D-link Corp. Access Point"
User-Name = "paul"
Acct-Terminate-Cause = Port-Reinit
Acct-Session-Time = 2932
Acct-Input-Octets = 0
Acct-Output-Octets = 0
Acct-Input-Packets = 0
Acct-Output-Packets = 0
Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 0
modcall[preacct]: module "preprocess" returns noop for request 0
rlm_acct_unique: Hashing 'NAS-Port = 1,Client-IP-Address = 192.168.0.248,NAS-IP-Address = 192.168.0.248,Acct-Session-Id = "00000000000C",User-Name = "paul"'
rlm_acct_unique: Acct-Unique-Session-ID = "46c6f260cd4f8036".
modcall[preacct]: module "acct_unique" returns ok for request 0
rlm_realm: No '@' in User-Name = "paul", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[preacct]: module "suffix" returns noop for request 0
modcall[preacct]: module "files" returns noop for request 0
modcall: group preacct returns ok for request 0
Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 0
radius_xlat: '/var/log/radius/radacct/192.168.0.248/detail-20040516'
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radius/radacct/192.168.0.248/detail-20040516
modcall[accounting]: module "detail" returns ok for request 0
modcall[accounting]: module "unix" returns ok for request 0
radius_xlat: '/var/log/radius/radutmp'
radius_xlat: 'paul'
modcall[accounting]: module "radutmp" returns ok for request 0
modcall: group accounting returns ok for request 0
Sending Accounting-Response of id 166 to 192.168.0.248:1027
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.0.248:1026, id=167, length=196
Framed-MTU = 1466
NAS-IP-Address = 192.168.0.248
NAS-Identifier = "D-link Corp. Access Point"
User-Name = "paul"
Service-Type = Framed-User
NAS-Port = 1
NAS-Port-Type = Wireless-802.11
NAS-Port-Id = "ether1_1"
Called-Station-Id = "00-05-5d-99-61-4a"
Calling-Station-Id = "00-40-05-5f-70-9f"
Connect-Info = "CONNECT Ethernet 0Mbps Full duplex"
EAP-Message = 0x02020009017061756c
Message-Authenticator = 0x7dda6d614cccd496f8cd2d2e617b8cd0
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No '@' in User-Name = "paul", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: EAP packet type response id 2 length 9
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched DEFAULT at 154
users: Matched DEFAULT at 173
modcall[authorize]: module "files" returns ok for request 1
rlm_ldap: - authorize
rlm_ldap: performing user authorization for paul
radius_xlat: '(uid=paul)'
radius_xlat: 'dc=private'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to server.private:389, authentication 0
rlm_ldap: bind as uid=radiusd,ou=users,dc=private/**** to server.private:389
Segmentation fault
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
