[this is a resend as i think our smtp gateway stripped all my attachments. so i've just included one of them inline]
I'm trying to setup FreeRadius 1.0.2 to use alternative password file and I'm running into some issues, namely the server is dumping core. I have tried to set this up two different ways based on some of the email on the mailing list so I think that the configuration is correct, but maybe I'm hitting a bug in the server. First Try: [radiusd.conf] modules { ... passwd admins { filename = ${raddbdir}/passwords/admins format = "*User-Name:Crypt-Password" hashsize = 100 delimiter = ":" } ... } authorize { ... admins ... } [users - this DEFAULT entry is on line 10] DEFAULT Huntgroup-Name == "cisco-router-admin", Auth-Type = admins Service-Type = NAS-Prompt-User, Login-Service = Telnet, Login-TCP-Port = Telnet, Fall-Through = No [admins password file] jornstei:cryptpassword jlo:plaintextpassword I'll attach the full debug (debug.crypt-1), but here is what I think needs to be seen rad_recv: Access-Request packet from host 10.15.32.71:1645, id=98, length=79 User-Name = "jornstei" User-Password = "plaintextpassword" NAS-Port = 67 NAS-Port-Type = Virtual Calling-Station-Id = "10.21.33.34" NAS-IP-Address = 10.15.32.71 Fri Mar 25 08:39:52 2005 : Debug: modsingle[authorize]: calling admins (rlm_passwd) for request 0 Fri Mar 25 08:39:52 2005 : Debug: rlm_passwd: Added Crypt-Password: 'cryptedpasswd' to config_items Fri Mar 25 08:39:52 2005 : Debug: modsingle[authorize]: returned from admins (rlm_passwd) for request 0 Fri Mar 25 08:39:52 2005 : Debug: modcall[authorize]: module "admins" returns ok for request 0 Fri Mar 25 08:39:52 2005 : Debug: modsingle[authorize]: calling files (rlm_files) for request 0 Fri Mar 25 08:39:52 2005 : Debug: users: Matched entry DEFAULT at line 10 Fri Mar 25 08:39:52 2005 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 0 Fri Mar 25 08:39:52 2005 : Debug: modcall[authorize]: module "files" returns ok for request 0 Fri Mar 25 08:39:52 2005 : Debug: modcall: group authorize returns ok for request 0 Fri Mar 25 08:39:52 2005 : Debug: auth: type Crypt Segmentation Fault - core dumped radiusd If I change the format of the module from 'Crypt-Password' to 'User-Password' and if I change the encryption_scheme from 'crypt' to 'clear' and put a cleartext password in my admins's password file, this works. Here is part of that output (debug.cleartext-1) Fri Mar 25 08:54:14 2005 : Debug: modcall[authorize]: module "files" returns ok for request 0 Fri Mar 25 08:54:14 2005 : Debug: modcall: group authorize returns ok for request 0 Fri Mar 25 08:54:14 2005 : Debug: auth: type Local Fri Mar 25 08:54:14 2005 : Debug: auth: user supplied User-Password matches local User-Password Sending Access-Accept of id 100 to 10.15.32.71:1645 Second Try: [radiusd.conf] modules { ... passwd admins { filename = ${raddbdir}/passwords/admins format = "*User-Name:Crypt-Password" hashsize = 100 delimiter = ":" } ... } authorize { ... Autz-Type admins { admins } ... } [users - this DEFAULT entry is on line 10] DEFAULT Huntgroup-Name == "cisco-router-admin", Autz-Type = admins Service-Type = NAS-Prompt-User, Login-Service = Telnet, Login-TCP-Port = Telnet, Fall-Through = No And it core dumps in the same place. Fri Mar 25 09:01:45 2005 : Debug: modcall: group Autz-Type returns ok for request 0 Fri Mar 25 09:01:45 2005 : Debug: auth: type Crypt Segmentation Fault - core dumped radiusd And if I do the same trick of chaning Crypt-Password to User-Password it will work, but that isn't what I'm after in the long run. I recompile with --enable-developer to get the back trace and here is what shows up (gdb) where #0 0xff257590 in DES_ncbc_encrypt () from /usr/local/ssl/lib/libcrypto.so #1 0xff259b4c in _des_crypt () from /usr/local/ssl/lib/libcrypto.so #2 0xff33fcb4 in lrad_crypt_check (key=0xffbeda00 "", crypted=0x1a5024 "encryptedpassword") at crypt.c:60 Does that mean that the pointer to key has no data? If so, this could be a problem. Anyone see what I'm doing wrong and what I might do to fix it? -jason ---------------------------------------------------------------------- [debug.crypt-1] -n Starting FreeRADIUS: Fri Mar 25 08:39:43 2005 : Info: Starting - reading configuration files ... Fri Mar 25 08:39:43 2005 : Debug: reread_config: reading radiusd.conf Fri Mar 25 08:39:43 2005 : Debug: Config: including file: /usr/local/freeradius-1.0.2/etc/raddb/proxy.conf Fri Mar 25 08:39:43 2005 : Debug: Config: including file: /usr/local/freeradius-1.0.2/etc/raddb/clients.conf Fri Mar 25 08:39:43 2005 : Debug: Config: including file: /usr/local/freeradius-1.0.2/etc/raddb/snmp.conf Fri Mar 25 08:39:43 2005 : Debug: Config: including file: /usr/local/freeradius-1.0.2/etc/raddb/eap.conf Fri Mar 25 08:39:43 2005 : Debug: Config: including file: /usr/local/freeradius-1.0.2/etc/raddb/sql.conf Fri Mar 25 08:39:43 2005 : Debug: main: prefix = "/usr/local/freeradius-1.0.2" Fri Mar 25 08:39:43 2005 : Debug: main: localstatedir = "/usr/local/freeradius-1.0.2/var" Fri Mar 25 08:39:43 2005 : Debug: main: logdir = "/usr/local/freeradius-1.0.2/var/log/radius" Fri Mar 25 08:39:43 2005 : Debug: main: libdir = "/usr/local/freeradius-1.0.2/lib" Fri Mar 25 08:39:43 2005 : Debug: main: radacctdir = "/usr/local/freeradius-1.0.2/var/log/radius/radacct" Fri Mar 25 08:39:43 2005 : Debug: main: hostname_lookups = no Fri Mar 25 08:39:43 2005 : Debug: main: max_request_time = 30 Fri Mar 25 08:39:43 2005 : Debug: main: cleanup_delay = 5 Fri Mar 25 08:39:43 2005 : Debug: main: max_requests = 1024 Fri Mar 25 08:39:43 2005 : Debug: main: delete_blocked_requests = 0 Fri Mar 25 08:39:43 2005 : Debug: main: port = 0 Fri Mar 25 08:39:43 2005 : Debug: main: allow_core_dumps = no Fri Mar 25 08:39:43 2005 : Debug: main: log_stripped_names = no Fri Mar 25 08:39:43 2005 : Debug: main: log_file = "/usr/local/freeradius-1.0.2/var/log/radius/radius.log" Fri Mar 25 08:39:43 2005 : Debug: main: log_auth = no Fri Mar 25 08:39:43 2005 : Debug: main: log_auth_badpass = no Fri Mar 25 08:39:43 2005 : Debug: main: log_auth_goodpass = no Fri Mar 25 08:39:43 2005 : Debug: main: pidfile = "/usr/local/freeradius-1.0.2/var/run/radiusd/radiusd.pid" Fri Mar 25 08:39:43 2005 : Debug: main: user = "(null)" Fri Mar 25 08:39:43 2005 : Debug: main: group = "(null)" Fri Mar 25 08:39:43 2005 : Debug: main: usercollide = no Fri Mar 25 08:39:43 2005 : Debug: main: lower_user = "no" Fri Mar 25 08:39:43 2005 : Debug: main: lower_pass = "no" Fri Mar 25 08:39:43 2005 : Debug: main: nospace_user = "no" Fri Mar 25 08:39:43 2005 : Debug: main: nospace_pass = "no" Fri Mar 25 08:39:43 2005 : Debug: main: checkrad = "/usr/local/freeradius-1.0.2/sbin/checkrad" Fri Mar 25 08:39:43 2005 : Debug: main: proxy_requests = yes Fri Mar 25 08:39:43 2005 : Debug: proxy: retry_delay = 5 Fri Mar 25 08:39:43 2005 : Debug: proxy: retry_count = 3 Fri Mar 25 08:39:43 2005 : Debug: proxy: synchronous = no Fri Mar 25 08:39:43 2005 : Debug: proxy: default_fallback = yes Fri Mar 25 08:39:43 2005 : Debug: proxy: dead_time = 120 Fri Mar 25 08:39:43 2005 : Debug: proxy: post_proxy_authorize = yes Fri Mar 25 08:39:43 2005 : Debug: proxy: wake_all_if_all_dead = no Fri Mar 25 08:39:43 2005 : Debug: security: max_attributes = 200 Fri Mar 25 08:39:43 2005 : Debug: security: reject_delay = 1 Fri Mar 25 08:39:43 2005 : Debug: security: status_server = no Fri Mar 25 08:39:43 2005 : Debug: main: debug_level = 0 Fri Mar 25 08:39:43 2005 : Debug: read_config_files: reading dictionary Fri Mar 25 08:39:43 2005 : Debug: read_config_files: reading naslist Fri Mar 25 08:39:43 2005 : Info: Using deprecated naslist file. Support for this will go away soon. Fri Mar 25 08:39:43 2005 : Debug: read_config_files: reading clients Fri Mar 25 08:39:43 2005 : Debug: read_config_files: reading realms Fri Mar 25 08:39:43 2005 : Debug: radiusd: entering modules setup Fri Mar 25 08:39:43 2005 : Debug: Module: Library search path is /usr/local/freeradius-1.0.2/lib Fri Mar 25 08:39:43 2005 : Debug: Module: Loaded exec Fri Mar 25 08:39:43 2005 : Debug: exec: wait = yes Fri Mar 25 08:39:43 2005 : Debug: exec: program = "(null)" Fri Mar 25 08:39:43 2005 : Debug: exec: input_pairs = "request" Fri Mar 25 08:39:43 2005 : Debug: exec: output_pairs = "(null)" Fri Mar 25 08:39:43 2005 : Debug: exec: packet_type = "(null)" Fri Mar 25 08:39:43 2005 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none? Fri Mar 25 08:39:43 2005 : Debug: Module: Instantiated exec (exec) Fri Mar 25 08:39:43 2005 : Debug: Module: Loaded expr Fri Mar 25 08:39:43 2005 : Debug: Module: Instantiated expr (expr) Fri Mar 25 08:39:43 2005 : Debug: Module: Loaded PAP Fri Mar 25 08:39:43 2005 : Debug: pap: encryption_scheme = "crypt" Fri Mar 25 08:39:43 2005 : Debug: Module: Instantiated pap (pap) Fri Mar 25 08:39:43 2005 : Debug: Module: Loaded CHAP Fri Mar 25 08:39:43 2005 : Debug: Module: Instantiated chap (chap) Fri Mar 25 08:39:43 2005 : Debug: Module: Loaded MS-CHAP Fri Mar 25 08:39:43 2005 : Debug: mschap: use_mppe = yes Fri Mar 25 08:39:43 2005 : Debug: mschap: require_encryption = no Fri Mar 25 08:39:43 2005 : Debug: mschap: require_strong = no Fri Mar 25 08:39:43 2005 : Debug: mschap: with_ntdomain_hack = no Fri Mar 25 08:39:43 2005 : Debug: mschap: passwd = "(null)" Fri Mar 25 08:39:43 2005 : Debug: mschap: authtype = "MS-CHAP" Fri Mar 25 08:39:43 2005 : Debug: mschap: ntlm_auth = "(null)" Fri Mar 25 08:39:43 2005 : Debug: Module: Instantiated mschap (mschap) Fri Mar 25 08:39:43 2005 : Debug: Module: Loaded System Fri Mar 25 08:39:43 2005 : Debug: unix: cache = no Fri Mar 25 08:39:43 2005 : Debug: unix: passwd = "(null)" Fri Mar 25 08:39:43 2005 : Debug: unix: shadow = "(null)" Fri Mar 25 08:39:43 2005 : Debug: unix: group = "/etc/group" Fri Mar 25 08:39:43 2005 : Debug: unix: radwtmp = "/usr/local/freeradius-1.0.2/var/log/radius/radwtmp" Fri Mar 25 08:39:43 2005 : Debug: unix: usegroup = no Fri Mar 25 08:39:43 2005 : Debug: unix: cache_reload = 600 Fri Mar 25 08:39:43 2005 : Debug: Module: Instantiated unix (unix) Fri Mar 25 08:39:43 2005 : Debug: Module: Loaded eap Fri Mar 25 08:39:43 2005 : Debug: eap: default_eap_type = "md5" Fri Mar 25 08:39:43 2005 : Debug: eap: timer_expire = 60 Fri Mar 25 08:39:43 2005 : Debug: eap: ignore_unknown_eap_types = no Fri Mar 25 08:39:43 2005 : Debug: eap: cisco_accounting_username_bug = no Fri Mar 25 08:39:43 2005 : Debug: rlm_eap: Loaded and initialized type md5 Fri Mar 25 08:39:43 2005 : Debug: rlm_eap: Loaded and initialized type leap Fri Mar 25 08:39:43 2005 : Debug: gtc: challenge = "Password: " Fri Mar 25 08:39:43 2005 : Debug: gtc: auth_type = "PAP" Fri Mar 25 08:39:43 2005 : Debug: rlm_eap: Loaded and initialized type gtc Fri Mar 25 08:39:43 2005 : Debug: mschapv2: with_ntdomain_hack = no Fri Mar 25 08:39:43 2005 : Debug: rlm_eap: Loaded and initialized type mschapv2 Fri Mar 25 08:39:43 2005 : Debug: Module: Instantiated eap (eap) Fri Mar 25 08:39:43 2005 : Debug: Module: Loaded preprocess Fri Mar 25 08:39:43 2005 : Debug: preprocess: huntgroups = "/usr/local/freeradius-1.0.2/etc/raddb/huntgroups" Fri Mar 25 08:39:43 2005 : Debug: preprocess: hints = "/usr/local/freeradius-1.0.2/etc/raddb/hints" Fri Mar 25 08:39:43 2005 : Debug: preprocess: with_ascend_hack = no Fri Mar 25 08:39:43 2005 : Debug: preprocess: ascend_channels_per_line = 23 Fri Mar 25 08:39:43 2005 : Debug: preprocess: with_ntdomain_hack = no Fri Mar 25 08:39:43 2005 : Debug: preprocess: with_specialix_jetstream_hack = no Fri Mar 25 08:39:43 2005 : Debug: preprocess: with_cisco_vsa_hack = no Fri Mar 25 08:39:43 2005 : Debug: Module: Instantiated preprocess (preprocess) Fri Mar 25 08:39:43 2005 : Debug: Module: Loaded realm Fri Mar 25 08:39:43 2005 : Debug: realm: format = "suffix" Fri Mar 25 08:39:43 2005 : Debug: realm: delimiter = "@" Fri Mar 25 08:39:43 2005 : Debug: realm: ignore_default = no Fri Mar 25 08:39:43 2005 : Debug: realm: ignore_null = no Fri Mar 25 08:39:43 2005 : Debug: Module: Instantiated realm (suffix) Fri Mar 25 08:39:43 2005 : Debug: Module: Loaded passwd Fri Mar 25 08:39:43 2005 : Debug: passwd: filename = "/usr/local/freeradius-1.0.2/etc/raddb/passwords/admins" Fri Mar 25 08:39:43 2005 : Debug: passwd: format = "*User-Name:Crypt-Password" Fri Mar 25 08:39:43 2005 : Debug: passwd: authtype = "(null)" Fri Mar 25 08:39:43 2005 : Debug: passwd: delimiter = ":" Fri Mar 25 08:39:43 2005 : Debug: passwd: ignorenislike = yes Fri Mar 25 08:39:43 2005 : Debug: passwd: ignoreempty = yes Fri Mar 25 08:39:43 2005 : Debug: passwd: allowmultiplekeys = no Fri Mar 25 08:39:43 2005 : Debug: passwd: hashsize = 100 Fri Mar 25 08:39:43 2005 : Info: rlm_passwd: nfields: 2 keyfield 0(User-Name) listable: no Fri Mar 25 08:39:43 2005 : Debug: Module: Instantiated passwd (admins) Fri Mar 25 08:39:43 2005 : Debug: Module: Loaded files Fri Mar 25 08:39:43 2005 : Debug: files: usersfile = "/usr/local/freeradius-1.0.2/etc/raddb/users" Fri Mar 25 08:39:43 2005 : Debug: files: acctusersfile = "/usr/local/freeradius-1.0.2/etc/raddb/acct_users" Fri Mar 25 08:39:43 2005 : Debug: files: preproxy_usersfile = "/usr/local/freeradius-1.0.2/etc/raddb/preproxy_users" Fri Mar 25 08:39:43 2005 : Debug: files: compat = "no" Fri Mar 25 08:39:43 2005 : Debug: Module: Instantiated files (files) Fri Mar 25 08:39:43 2005 : Debug: Module: Loaded Acct-Unique-Session-Id Fri Mar 25 08:39:43 2005 : Debug: acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Fri Mar 25 08:39:43 2005 : Debug: Module: Instantiated acct_unique (acct_unique) Fri Mar 25 08:39:43 2005 : Debug: Module: Loaded detail Fri Mar 25 08:39:43 2005 : Debug: detail: detailfile = "/usr/local/freeradius-1.0.2/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" Fri Mar 25 08:39:43 2005 : Debug: detail: detailperm = 384 Fri Mar 25 08:39:43 2005 : Debug: detail: dirperm = 493 Fri Mar 25 08:39:43 2005 : Debug: detail: locking = no Fri Mar 25 08:39:43 2005 : Debug: Module: Instantiated detail (detail) Fri Mar 25 08:39:43 2005 : Debug: Module: Loaded radutmp Fri Mar 25 08:39:43 2005 : Debug: radutmp: filename = "/usr/local/freeradius-1.0.2/var/log/radius/radutmp" Fri Mar 25 08:39:43 2005 : Debug: radutmp: username = "%{User-Name}" Fri Mar 25 08:39:43 2005 : Debug: radutmp: case_sensitive = yes Fri Mar 25 08:39:43 2005 : Debug: radutmp: check_with_nas = yes Fri Mar 25 08:39:43 2005 : Debug: radutmp: perm = 384 Fri Mar 25 08:39:43 2005 : Debug: radutmp: callerid = yes Fri Mar 25 08:39:43 2005 : Debug: Module: Instantiated radutmp (radutmp) Fri Mar 25 08:39:43 2005 : Debug: Listening on authentication *:1812 Fri Mar 25 08:39:43 2005 : Debug: Listening on accounting *:1813 Fri Mar 25 08:39:43 2005 : Debug: Listening on proxy *:1814 Fri Mar 25 08:39:43 2005 : Info: Ready to process requests. rad_recv: Access-Request packet from host 10.15.32.71:1645, id=98, length=79 User-Name = "jornstei" User-Password = "plaintextpasswor" NAS-Port = 67 NAS-Port-Type = Virtual Calling-Station-Id = "10.21.33.34" NAS-IP-Address = 10.15.32.71 Fri Mar 25 08:39:52 2005 : Debug: Processing the authorize section of radiusd.conf Fri Mar 25 08:39:52 2005 : Debug: modcall: entering group authorize for request 0 Fri Mar 25 08:39:52 2005 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 0 Fri Mar 25 08:39:52 2005 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 0 Fri Mar 25 08:39:52 2005 : Debug: modcall[authorize]: module "preprocess" returns ok for request 0 Fri Mar 25 08:39:52 2005 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 0 Fri Mar 25 08:39:52 2005 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 0 Fri Mar 25 08:39:52 2005 : Debug: modcall[authorize]: module "chap" returns noop for request 0 Fri Mar 25 08:39:52 2005 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 0 Fri Mar 25 08:39:52 2005 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 0 Fri Mar 25 08:39:52 2005 : Debug: modcall[authorize]: module "mschap" returns noop for request 0 Fri Mar 25 08:39:52 2005 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 0 Fri Mar 25 08:39:52 2005 : Debug: rlm_realm: No '@' in User-Name = "jornstei", looking up realm NULL Fri Mar 25 08:39:52 2005 : Debug: rlm_realm: No such realm "NULL" Fri Mar 25 08:39:52 2005 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 0 Fri Mar 25 08:39:52 2005 : Debug: modcall[authorize]: module "suffix" returns noop for request 0 Fri Mar 25 08:39:52 2005 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 0 Fri Mar 25 08:39:52 2005 : Debug: rlm_eap: No EAP-Message, not doing EAP Fri Mar 25 08:39:52 2005 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 0 Fri Mar 25 08:39:52 2005 : Debug: modcall[authorize]: module "eap" returns noop for request 0 Fri Mar 25 08:39:52 2005 : Debug: modsingle[authorize]: calling admins (rlm_passwd) for request 0 Fri Mar 25 08:39:52 2005 : Debug: rlm_passwd: Added Crypt-Password: 'encryptedpassword' to config_items Fri Mar 25 08:39:52 2005 : Debug: modsingle[authorize]: returned from admins (rlm_passwd) for request 0 Fri Mar 25 08:39:52 2005 : Debug: modcall[authorize]: module "admins" returns ok for request 0 Fri Mar 25 08:39:52 2005 : Debug: modsingle[authorize]: calling files (rlm_files) for request 0 Fri Mar 25 08:39:52 2005 : Debug: users: Matched entry DEFAULT at line 10 Fri Mar 25 08:39:52 2005 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 0 Fri Mar 25 08:39:52 2005 : Debug: modcall[authorize]: module "files" returns ok for request 0 Fri Mar 25 08:39:52 2005 : Debug: modcall: group authorize returns ok for request 0 Fri Mar 25 08:39:52 2005 : Debug: auth: type Crypt Segmentation Fault - core dumped radiusd - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html