Alan, Sorry about duplicating my original email. I found your reply about 3 seconds after doing that.
Here is the stack trace. Maybe my version of ssl is too old? [EMAIL PROTECTED] bin]$ openssl OpenSSL> version OpenSSL 0.9.7b 10 Apr 2003 #0 0x402d4a97 in eaptls_gen_mppe_keys (reply_vps=0x8179c08, s=0x8157790, prf_label=0x402da5d9 "ttls keying material") at mppe_keys.c:136 136 memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE); (gdb) bt #0 0x402d4a97 in eaptls_gen_mppe_keys (reply_vps=0x8179c08, s=0x8157790, prf_label=0x402da5d9 "ttls keying material") at mppe_keys.c:136 #1 0x402d8912 in eapttls_authenticate (arg=0x814dcb0, handler=0x81576e8) at rlm_eap_ttls.c:253 #2 0x4002a627 in eaptype_call (atype=0x814dba0, handler=0x81576e8) at eap.c:167 #3 0x4002a9f5 in eaptype_select (inst=0x810fe60, handler=0x81576e8) at eap.c:353 #4 0x40029d89 in eap_authenticate (instance=0x810fe60, request=0x8179b38) at rlm_eap.c:271 #5 0x08054c7a in call_modsingle (component=0, sp=0x810ebe8, request=0x8179b38, default_result=0) at modcall.c:219 #6 0x08054e6e in modcall (component=0, c=0x810ebe8, request=0x8179b38) at modcall.c:344 #7 0x08054d37 in call_modgroup (component=0, g=0x814f3e0, request=0x8179b38, default_result=0) at modcall.c:252 #8 0x08054e1d in modcall (component=0, c=0x814f3e0, request=0x8179b38) at modcall.c:335 #9 0x0805492b in module_authenticate (auth_type=6, request=0x8179b38) at modules.c:891 #10 0x0805198b in rad_check_password (request=0x8179b38) at auth.c:353 #11 0x08051d53 in rad_authenticate (request=0x8179b38) at auth.c:644 #12 0x0804d5a9 in rad_respond (request=0x8179b38, fun=0x8051a9c <rad_authenticate>) at radiusd.c:1642 #13 0x0804d2ea in main (argc=2, argv=0xbffff514) at radiusd.c:1427 #14 0x42017499 in __libc_start_main () from /lib/i686/libc.so.6 123 void eaptls_gen_mppe_keys(VALUE_PAIR **reply_vps, SSL *s, 124 const char *prf_label) 125 { 126 unsigned char out[2*EAPTLS_MPPE_KEY_LEN], buf[2*EAPTLS_MPPE_KEY_LEN]; 127 unsigned char seed[64 + 2*SSL3_RANDOM_SIZE]; (gdb) l 128 unsigned char *p = seed; 129 size_t prf_size; 130 131 prf_size = strlen(prf_label); 132 133 memcpy(p, prf_label, prf_size); 134 p += prf_size; 135 136 memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE); 137 p += SSL3_RANDOM_SIZE; (gdb) print s $2 = (SSL *) 0x8157790 (gdb) print s->s3 $3 = (struct ssl3_state_st *) 0x0 Regards, Martin. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: 19 July 2005 20:01 To: FreeRadius users mailing list Subject: Re: FW: TTLS and PAP <[EMAIL PROTECTED]> wrote: > I'm trying to get TTLS/PAP working using freeradius 1.0.4. I must have > it configured incorrectly because its giving a Segmentation fault just > before giving the Access-Accept & EAP-Success back to the switch. I > have searched the archives for a solution but not found help to sort my > problem out. See doc/bugs > I don't understand is why the modcall[authorise] appear often in request > processing before modcall[authenticate]. I thought the order was to > authenticate a user and then once we are sure they are who they say they > are then we authorise them to use the network. Due to historical issues, FreeRADIUS has pre-authenticate, authenticate, and post-authenticate. The pre-authenticate is called "authorize". The sections could just as easily be called "foo", "bar", and "baz". It makes no difference to the operation of the server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html