[this is a resend as i think our smtp gateway stripped all my
attachments. so i've just included one of them inline]
I'm trying to setup FreeRadius 1.0.2 to use alternative password file and
I'm running into some issues, namely the server is dumping core. I have
tried to set this up two different ways based on some of the email on the
mailing list so I think that the configuration is correct, but maybe I'm
hitting a bug in the server.
First Try:
[radiusd.conf]
modules {
...
passwd admins {
filename = ${raddbdir}/passwords/admins
format = "*User-Name:Crypt-Password"
hashsize = 100
delimiter = ":"
}
...
}
authorize {
...
admins
...
}
[users - this DEFAULT entry is on line 10]
DEFAULT Huntgroup-Name == "cisco-router-admin", Auth-Type = admins
Service-Type = NAS-Prompt-User,
Login-Service = Telnet,
Login-TCP-Port = Telnet,
Fall-Through = No
[admins password file]
jornstei:cryptpassword
jlo:plaintextpassword
I'll attach the full debug (debug.crypt-1), but here is what I think needs
to be seen
rad_recv: Access-Request packet from host 10.15.32.71:1645, id=98, length=79
User-Name = "jornstei"
User-Password = "plaintextpassword"
NAS-Port = 67
NAS-Port-Type = Virtual
Calling-Station-Id = "10.21.33.34"
NAS-IP-Address = 10.15.32.71
Fri Mar 25 08:39:52 2005 : Debug: modsingle[authorize]: calling
admins (rlm_passwd) for request 0
Fri Mar 25 08:39:52 2005 : Debug: rlm_passwd: Added Crypt-Password:
'cryptedpasswd' to config_items
Fri Mar 25 08:39:52 2005 : Debug: modsingle[authorize]: returned
from admins (rlm_passwd) for request 0
Fri Mar 25 08:39:52 2005 : Debug: modcall[authorize]: module "admins"
returns ok for request 0
Fri Mar 25 08:39:52 2005 : Debug: modsingle[authorize]: calling files
(rlm_files) for request 0
Fri Mar 25 08:39:52 2005 : Debug: users: Matched entry DEFAULT at
line 10
Fri Mar 25 08:39:52 2005 : Debug: modsingle[authorize]: returned from
files (rlm_files) for request 0
Fri Mar 25 08:39:52 2005 : Debug: modcall[authorize]: module "files"
returns ok for request 0
Fri Mar 25 08:39:52 2005 : Debug: modcall: group authorize returns ok
for request 0
Fri Mar 25 08:39:52 2005 : Debug: auth: type Crypt
Segmentation Fault - core dumped
radiusd
If I change the format of the module from 'Crypt-Password' to 'User-Password'
and if I change the encryption_scheme from 'crypt' to 'clear' and put a
cleartext password in my admins's password file, this works. Here is part
of that output (debug.cleartext-1)
Fri Mar 25 08:54:14 2005 : Debug: modcall[authorize]: module "files"
returns ok for request 0
Fri Mar 25 08:54:14 2005 : Debug: modcall: group authorize returns ok
for request 0
Fri Mar 25 08:54:14 2005 : Debug: auth: type Local
Fri Mar 25 08:54:14 2005 : Debug: auth: user supplied User-Password matches
local User-Password
Sending Access-Accept of id 100 to 10.15.32.71:1645
Second Try:
[radiusd.conf]
modules {
...
passwd admins {
filename = ${raddbdir}/passwords/admins
format = "*User-Name:Crypt-Password"
hashsize = 100
delimiter = ":"
}
...
}
authorize {
...
Autz-Type admins {
admins
}
...
}
[users - this DEFAULT entry is on line 10]
DEFAULT Huntgroup-Name == "cisco-router-admin", Autz-Type = admins
Service-Type = NAS-Prompt-User,
Login-Service = Telnet,
Login-TCP-Port = Telnet,
Fall-Through = No
And it core dumps in the same place.
Fri Mar 25 09:01:45 2005 : Debug: modcall: group Autz-Type returns ok
for request 0
Fri Mar 25 09:01:45 2005 : Debug: auth: type Crypt
Segmentation Fault - core dumped
radiusd
And if I do the same trick of chaning Crypt-Password to User-Password it
will work, but that isn't what I'm after in the long run.
I recompile with --enable-developer to get the back trace and here is what
shows up
(gdb) where
#0 0xff257590 in DES_ncbc_encrypt () from /usr/local/ssl/lib/libcrypto.so
#1 0xff259b4c in _des_crypt () from /usr/local/ssl/lib/libcrypto.so
#2 0xff33fcb4 in lrad_crypt_check (key=0xffbeda00 "",
crypted=0x1a5024 "encryptedpassword") at crypt.c:60
Does that mean that the pointer to key has no data? If so, this could
be a problem.
Anyone see what I'm doing wrong and what I might do to fix it?
-jason
----------------------------------------------------------------------
[debug.crypt-1]
-n Starting FreeRADIUS:
Fri Mar 25 08:39:43 2005 : Info: Starting - reading configuration files ...
Fri Mar 25 08:39:43 2005 : Debug: reread_config: reading radiusd.conf
Fri Mar 25 08:39:43 2005 : Debug: Config: including file:
/usr/local/freeradius-1.0.2/etc/raddb/proxy.conf
Fri Mar 25 08:39:43 2005 : Debug: Config: including file:
/usr/local/freeradius-1.0.2/etc/raddb/clients.conf
Fri Mar 25 08:39:43 2005 : Debug: Config: including file:
/usr/local/freeradius-1.0.2/etc/raddb/snmp.conf
Fri Mar 25 08:39:43 2005 : Debug: Config: including file:
/usr/local/freeradius-1.0.2/etc/raddb/eap.conf
Fri Mar 25 08:39:43 2005 : Debug: Config: including file:
/usr/local/freeradius-1.0.2/etc/raddb/sql.conf
Fri Mar 25 08:39:43 2005 : Debug: main: prefix = "/usr/local/freeradius-1.0.2"
Fri Mar 25 08:39:43 2005 : Debug: main: localstatedir =
"/usr/local/freeradius-1.0.2/var"
Fri Mar 25 08:39:43 2005 : Debug: main: logdir =
"/usr/local/freeradius-1.0.2/var/log/radius"
Fri Mar 25 08:39:43 2005 : Debug: main: libdir =
"/usr/local/freeradius-1.0.2/lib"
Fri Mar 25 08:39:43 2005 : Debug: main: radacctdir =
"/usr/local/freeradius-1.0.2/var/log/radius/radacct"
Fri Mar 25 08:39:43 2005 : Debug: main: hostname_lookups = no
Fri Mar 25 08:39:43 2005 : Debug: main: max_request_time = 30
Fri Mar 25 08:39:43 2005 : Debug: main: cleanup_delay = 5
Fri Mar 25 08:39:43 2005 : Debug: main: max_requests = 1024
Fri Mar 25 08:39:43 2005 : Debug: main: delete_blocked_requests = 0
Fri Mar 25 08:39:43 2005 : Debug: main: port = 0
Fri Mar 25 08:39:43 2005 : Debug: main: allow_core_dumps = no
Fri Mar 25 08:39:43 2005 : Debug: main: log_stripped_names = no
Fri Mar 25 08:39:43 2005 : Debug: main: log_file =
"/usr/local/freeradius-1.0.2/var/log/radius/radius.log"
Fri Mar 25 08:39:43 2005 : Debug: main: log_auth = no
Fri Mar 25 08:39:43 2005 : Debug: main: log_auth_badpass = no
Fri Mar 25 08:39:43 2005 : Debug: main: log_auth_goodpass = no
Fri Mar 25 08:39:43 2005 : Debug: main: pidfile =
"/usr/local/freeradius-1.0.2/var/run/radiusd/radiusd.pid"
Fri Mar 25 08:39:43 2005 : Debug: main: user = "(null)"
Fri Mar 25 08:39:43 2005 : Debug: main: group = "(null)"
Fri Mar 25 08:39:43 2005 : Debug: main: usercollide = no
Fri Mar 25 08:39:43 2005 : Debug: main: lower_user = "no"
Fri Mar 25 08:39:43 2005 : Debug: main: lower_pass = "no"
Fri Mar 25 08:39:43 2005 : Debug: main: nospace_user = "no"
Fri Mar 25 08:39:43 2005 : Debug: main: nospace_pass = "no"
Fri Mar 25 08:39:43 2005 : Debug: main: checkrad =
"/usr/local/freeradius-1.0.2/sbin/checkrad"
Fri Mar 25 08:39:43 2005 : Debug: main: proxy_requests = yes
Fri Mar 25 08:39:43 2005 : Debug: proxy: retry_delay = 5
Fri Mar 25 08:39:43 2005 : Debug: proxy: retry_count = 3
Fri Mar 25 08:39:43 2005 : Debug: proxy: synchronous = no
Fri Mar 25 08:39:43 2005 : Debug: proxy: default_fallback = yes
Fri Mar 25 08:39:43 2005 : Debug: proxy: dead_time = 120
Fri Mar 25 08:39:43 2005 : Debug: proxy: post_proxy_authorize = yes
Fri Mar 25 08:39:43 2005 : Debug: proxy: wake_all_if_all_dead = no
Fri Mar 25 08:39:43 2005 : Debug: security: max_attributes = 200
Fri Mar 25 08:39:43 2005 : Debug: security: reject_delay = 1
Fri Mar 25 08:39:43 2005 : Debug: security: status_server = no
Fri Mar 25 08:39:43 2005 : Debug: main: debug_level = 0
Fri Mar 25 08:39:43 2005 : Debug: read_config_files: reading dictionary
Fri Mar 25 08:39:43 2005 : Debug: read_config_files: reading naslist
Fri Mar 25 08:39:43 2005 : Info: Using deprecated naslist file. Support for
this will go away soon.
Fri Mar 25 08:39:43 2005 : Debug: read_config_files: reading clients
Fri Mar 25 08:39:43 2005 : Debug: read_config_files: reading realms
Fri Mar 25 08:39:43 2005 : Debug: radiusd: entering modules setup
Fri Mar 25 08:39:43 2005 : Debug: Module: Library search path is
/usr/local/freeradius-1.0.2/lib
Fri Mar 25 08:39:43 2005 : Debug: Module: Loaded exec
Fri Mar 25 08:39:43 2005 : Debug: exec: wait = yes
Fri Mar 25 08:39:43 2005 : Debug: exec: program = "(null)"
Fri Mar 25 08:39:43 2005 : Debug: exec: input_pairs = "request"
Fri Mar 25 08:39:43 2005 : Debug: exec: output_pairs = "(null)"
Fri Mar 25 08:39:43 2005 : Debug: exec: packet_type = "(null)"
Fri Mar 25 08:39:43 2005 : Info: rlm_exec: Wait=yes but no output defined. Did
you mean output=none?
Fri Mar 25 08:39:43 2005 : Debug: Module: Instantiated exec (exec)
Fri Mar 25 08:39:43 2005 : Debug: Module: Loaded expr
Fri Mar 25 08:39:43 2005 : Debug: Module: Instantiated expr (expr)
Fri Mar 25 08:39:43 2005 : Debug: Module: Loaded PAP
Fri Mar 25 08:39:43 2005 : Debug: pap: encryption_scheme = "crypt"
Fri Mar 25 08:39:43 2005 : Debug: Module: Instantiated pap (pap)
Fri Mar 25 08:39:43 2005 : Debug: Module: Loaded CHAP
Fri Mar 25 08:39:43 2005 : Debug: Module: Instantiated chap (chap)
Fri Mar 25 08:39:43 2005 : Debug: Module: Loaded MS-CHAP
Fri Mar 25 08:39:43 2005 : Debug: mschap: use_mppe = yes
Fri Mar 25 08:39:43 2005 : Debug: mschap: require_encryption = no
Fri Mar 25 08:39:43 2005 : Debug: mschap: require_strong = no
Fri Mar 25 08:39:43 2005 : Debug: mschap: with_ntdomain_hack = no
Fri Mar 25 08:39:43 2005 : Debug: mschap: passwd = "(null)"
Fri Mar 25 08:39:43 2005 : Debug: mschap: authtype = "MS-CHAP"
Fri Mar 25 08:39:43 2005 : Debug: mschap: ntlm_auth = "(null)"
Fri Mar 25 08:39:43 2005 : Debug: Module: Instantiated mschap (mschap)
Fri Mar 25 08:39:43 2005 : Debug: Module: Loaded System
Fri Mar 25 08:39:43 2005 : Debug: unix: cache = no
Fri Mar 25 08:39:43 2005 : Debug: unix: passwd = "(null)"
Fri Mar 25 08:39:43 2005 : Debug: unix: shadow = "(null)"
Fri Mar 25 08:39:43 2005 : Debug: unix: group = "/etc/group"
Fri Mar 25 08:39:43 2005 : Debug: unix: radwtmp =
"/usr/local/freeradius-1.0.2/var/log/radius/radwtmp"
Fri Mar 25 08:39:43 2005 : Debug: unix: usegroup = no
Fri Mar 25 08:39:43 2005 : Debug: unix: cache_reload = 600
Fri Mar 25 08:39:43 2005 : Debug: Module: Instantiated unix (unix)
Fri Mar 25 08:39:43 2005 : Debug: Module: Loaded eap
Fri Mar 25 08:39:43 2005 : Debug: eap: default_eap_type = "md5"
Fri Mar 25 08:39:43 2005 : Debug: eap: timer_expire = 60
Fri Mar 25 08:39:43 2005 : Debug: eap: ignore_unknown_eap_types = no
Fri Mar 25 08:39:43 2005 : Debug: eap: cisco_accounting_username_bug = no
Fri Mar 25 08:39:43 2005 : Debug: rlm_eap: Loaded and initialized type md5
Fri Mar 25 08:39:43 2005 : Debug: rlm_eap: Loaded and initialized type leap
Fri Mar 25 08:39:43 2005 : Debug: gtc: challenge = "Password: "
Fri Mar 25 08:39:43 2005 : Debug: gtc: auth_type = "PAP"
Fri Mar 25 08:39:43 2005 : Debug: rlm_eap: Loaded and initialized type gtc
Fri Mar 25 08:39:43 2005 : Debug: mschapv2: with_ntdomain_hack = no
Fri Mar 25 08:39:43 2005 : Debug: rlm_eap: Loaded and initialized type mschapv2
Fri Mar 25 08:39:43 2005 : Debug: Module: Instantiated eap (eap)
Fri Mar 25 08:39:43 2005 : Debug: Module: Loaded preprocess
Fri Mar 25 08:39:43 2005 : Debug: preprocess: huntgroups =
"/usr/local/freeradius-1.0.2/etc/raddb/huntgroups"
Fri Mar 25 08:39:43 2005 : Debug: preprocess: hints =
"/usr/local/freeradius-1.0.2/etc/raddb/hints"
Fri Mar 25 08:39:43 2005 : Debug: preprocess: with_ascend_hack = no
Fri Mar 25 08:39:43 2005 : Debug: preprocess: ascend_channels_per_line = 23
Fri Mar 25 08:39:43 2005 : Debug: preprocess: with_ntdomain_hack = no
Fri Mar 25 08:39:43 2005 : Debug: preprocess: with_specialix_jetstream_hack =
no
Fri Mar 25 08:39:43 2005 : Debug: preprocess: with_cisco_vsa_hack = no
Fri Mar 25 08:39:43 2005 : Debug: Module: Instantiated preprocess (preprocess)
Fri Mar 25 08:39:43 2005 : Debug: Module: Loaded realm
Fri Mar 25 08:39:43 2005 : Debug: realm: format = "suffix"
Fri Mar 25 08:39:43 2005 : Debug: realm: delimiter = "@"
Fri Mar 25 08:39:43 2005 : Debug: realm: ignore_default = no
Fri Mar 25 08:39:43 2005 : Debug: realm: ignore_null = no
Fri Mar 25 08:39:43 2005 : Debug: Module: Instantiated realm (suffix)
Fri Mar 25 08:39:43 2005 : Debug: Module: Loaded passwd
Fri Mar 25 08:39:43 2005 : Debug: passwd: filename =
"/usr/local/freeradius-1.0.2/etc/raddb/passwords/admins"
Fri Mar 25 08:39:43 2005 : Debug: passwd: format = "*User-Name:Crypt-Password"
Fri Mar 25 08:39:43 2005 : Debug: passwd: authtype = "(null)"
Fri Mar 25 08:39:43 2005 : Debug: passwd: delimiter = ":"
Fri Mar 25 08:39:43 2005 : Debug: passwd: ignorenislike = yes
Fri Mar 25 08:39:43 2005 : Debug: passwd: ignoreempty = yes
Fri Mar 25 08:39:43 2005 : Debug: passwd: allowmultiplekeys = no
Fri Mar 25 08:39:43 2005 : Debug: passwd: hashsize = 100
Fri Mar 25 08:39:43 2005 : Info: rlm_passwd: nfields: 2 keyfield 0(User-Name)
listable: no
Fri Mar 25 08:39:43 2005 : Debug: Module: Instantiated passwd (admins)
Fri Mar 25 08:39:43 2005 : Debug: Module: Loaded files
Fri Mar 25 08:39:43 2005 : Debug: files: usersfile =
"/usr/local/freeradius-1.0.2/etc/raddb/users"
Fri Mar 25 08:39:43 2005 : Debug: files: acctusersfile =
"/usr/local/freeradius-1.0.2/etc/raddb/acct_users"
Fri Mar 25 08:39:43 2005 : Debug: files: preproxy_usersfile =
"/usr/local/freeradius-1.0.2/etc/raddb/preproxy_users"
Fri Mar 25 08:39:43 2005 : Debug: files: compat = "no"
Fri Mar 25 08:39:43 2005 : Debug: Module: Instantiated files (files)
Fri Mar 25 08:39:43 2005 : Debug: Module: Loaded Acct-Unique-Session-Id
Fri Mar 25 08:39:43 2005 : Debug: acct_unique: key = "User-Name,
Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
Fri Mar 25 08:39:43 2005 : Debug: Module: Instantiated acct_unique
(acct_unique)
Fri Mar 25 08:39:43 2005 : Debug: Module: Loaded detail
Fri Mar 25 08:39:43 2005 : Debug: detail: detailfile =
"/usr/local/freeradius-1.0.2/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
Fri Mar 25 08:39:43 2005 : Debug: detail: detailperm = 384
Fri Mar 25 08:39:43 2005 : Debug: detail: dirperm = 493
Fri Mar 25 08:39:43 2005 : Debug: detail: locking = no
Fri Mar 25 08:39:43 2005 : Debug: Module: Instantiated detail (detail)
Fri Mar 25 08:39:43 2005 : Debug: Module: Loaded radutmp
Fri Mar 25 08:39:43 2005 : Debug: radutmp: filename =
"/usr/local/freeradius-1.0.2/var/log/radius/radutmp"
Fri Mar 25 08:39:43 2005 : Debug: radutmp: username = "%{User-Name}"
Fri Mar 25 08:39:43 2005 : Debug: radutmp: case_sensitive = yes
Fri Mar 25 08:39:43 2005 : Debug: radutmp: check_with_nas = yes
Fri Mar 25 08:39:43 2005 : Debug: radutmp: perm = 384
Fri Mar 25 08:39:43 2005 : Debug: radutmp: callerid = yes
Fri Mar 25 08:39:43 2005 : Debug: Module: Instantiated radutmp (radutmp)
Fri Mar 25 08:39:43 2005 : Debug: Listening on authentication *:1812
Fri Mar 25 08:39:43 2005 : Debug: Listening on accounting *:1813
Fri Mar 25 08:39:43 2005 : Debug: Listening on proxy *:1814
Fri Mar 25 08:39:43 2005 : Info: Ready to process requests.
rad_recv: Access-Request packet from host 10.15.32.71:1645, id=98, length=79
User-Name = "jornstei"
User-Password = "plaintextpasswor"
NAS-Port = 67
NAS-Port-Type = Virtual
Calling-Station-Id = "10.21.33.34"
NAS-IP-Address = 10.15.32.71
Fri Mar 25 08:39:52 2005 : Debug: Processing the authorize section of
radiusd.conf
Fri Mar 25 08:39:52 2005 : Debug: modcall: entering group authorize for request 0
Fri Mar 25 08:39:52 2005 : Debug: modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 0
Fri Mar 25 08:39:52 2005 : Debug: modsingle[authorize]: returned from
preprocess (rlm_preprocess) for request 0
Fri Mar 25 08:39:52 2005 : Debug: modcall[authorize]: module "preprocess"
returns ok for request 0
Fri Mar 25 08:39:52 2005 : Debug: modsingle[authorize]: calling chap
(rlm_chap) for request 0
Fri Mar 25 08:39:52 2005 : Debug: modsingle[authorize]: returned from chap
(rlm_chap) for request 0
Fri Mar 25 08:39:52 2005 : Debug: modcall[authorize]: module "chap" returns
noop for request 0
Fri Mar 25 08:39:52 2005 : Debug: modsingle[authorize]: calling mschap
(rlm_mschap) for request 0
Fri Mar 25 08:39:52 2005 : Debug: modsingle[authorize]: returned from mschap
(rlm_mschap) for request 0
Fri Mar 25 08:39:52 2005 : Debug: modcall[authorize]: module "mschap" returns
noop for request 0
Fri Mar 25 08:39:52 2005 : Debug: modsingle[authorize]: calling suffix
(rlm_realm) for request 0
Fri Mar 25 08:39:52 2005 : Debug: rlm_realm: No '@' in User-Name =
"jornstei", looking up realm NULL
Fri Mar 25 08:39:52 2005 : Debug: rlm_realm: No such realm "NULL"
Fri Mar 25 08:39:52 2005 : Debug: modsingle[authorize]: returned from suffix
(rlm_realm) for request 0
Fri Mar 25 08:39:52 2005 : Debug: modcall[authorize]: module "suffix" returns
noop for request 0
Fri Mar 25 08:39:52 2005 : Debug: modsingle[authorize]: calling eap (rlm_eap)
for request 0
Fri Mar 25 08:39:52 2005 : Debug: rlm_eap: No EAP-Message, not doing EAP
Fri Mar 25 08:39:52 2005 : Debug: modsingle[authorize]: returned from eap
(rlm_eap) for request 0
Fri Mar 25 08:39:52 2005 : Debug: modcall[authorize]: module "eap" returns
noop for request 0
Fri Mar 25 08:39:52 2005 : Debug: modsingle[authorize]: calling admins
(rlm_passwd) for request 0
Fri Mar 25 08:39:52 2005 : Debug: rlm_passwd: Added Crypt-Password:
'encryptedpassword' to config_items
Fri Mar 25 08:39:52 2005 : Debug: modsingle[authorize]: returned from admins
(rlm_passwd) for request 0
Fri Mar 25 08:39:52 2005 : Debug: modcall[authorize]: module "admins" returns
ok for request 0
Fri Mar 25 08:39:52 2005 : Debug: modsingle[authorize]: calling files
(rlm_files) for request 0
Fri Mar 25 08:39:52 2005 : Debug: users: Matched entry DEFAULT at line 10
Fri Mar 25 08:39:52 2005 : Debug: modsingle[authorize]: returned from files
(rlm_files) for request 0
Fri Mar 25 08:39:52 2005 : Debug: modcall[authorize]: module "files" returns
ok for request 0
Fri Mar 25 08:39:52 2005 : Debug: modcall: group authorize returns ok for
request 0
Fri Mar 25 08:39:52 2005 : Debug: auth: type Crypt
Segmentation Fault - core dumped
radiusd
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
