Hello,
Somehow I have been able to get radiusd to seg fault. I am not sure exactly what to provide - so if there is something someone needs to further diagnose, let me know.
Details of the issue:
If I authenticate 1 time, access-accept. Same for time #2. Third time is not so good - it seg-faults the daemon. I am not sure if this is an issue with requesting kerb tickets to quickly or not. When I looked at the strace output there was no indication of this being the problem as it failed at the opening/writing to a log file.
I have an strace file which details out the issue to a point. Compressed it is ~60k but it de-compresses to ~13meg. For the sake of not sending this to people who do not want it, I will only provide it to those who ask ( and not send it to the list of course ... )
Here are the Details of my configuration:
( the following are just the things I have messed with which apply to the configuration ... If the full configs are desired, let me know )
authenticate { # # PAP authentication, when a back-end database listed # in the 'authorize' section supplies a password. The # password can be clear-text, or encrypted. # Auth-Type PAP { # pap # }
#
# Most people want CHAP authentication
# A back-end database listed in the 'authorize' section
# MUST supply a CLEAR TEXT password. Encrypted passwords
# won't work.
# Auth-Type CHAP {
# chap
# } #
# MSCHAP authentication.
# Auth-Type MS-CHAP {
# mschap
# } #
# If you have a Cisco SIP server authenticating against
# FreeRADIUS, uncomment the following line.
# digest #
# Pluggable Authentication Modules.
#
# un-comment to re-enable
# - bilsch
#pam #
# krb5 / kerberos
#
krb5 #
# See 'man getpwent' for information on how the 'unix'
# module checks the users password. Note that packets
# containing CHAP-Password attributes CANNOT be authenticated
# against /etc/passwd! See the FAQ for details.
#
#unix # Uncomment it if you want to use ldap for authentication
# Auth-Type LDAP {
# ldap
# }
# # Allow EAP authentication. # eap }
( more modules are configured - they should have no bearing as best I can tell )
modules { krb5 {
service_principal = SITE.NET
}}
( changed my ip's and realm for security )
# cat /etc/krb5.conf
[logging] default = FILE:/var/log/krb5libs.log default = SYSLOG kdc = FILE:/var/log/krb5kdc.log kdc = SYSLOG admin_server = FILE:/var/log/kadmind.log admin_server = SYSLOG
[libdefaults] ticket_lifetime = 24000 default_realm = SITE.NET dns_lookup_realm = false dns_lookup_kdc = false
[realms]
SITE.NET = {
kdc = 1.2.3.20:88
admin_server = 1.2.3.20
}[domain_realm] .telsource.net = SITE.NET telsource.net = SITE.NET
[kdc] profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = true
ticket_lifetime = 86500
#renew_lifetime = 36000
renew_lifetime = 86500
forwardable = true
krb4_convert = false
addressless = true
}- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
