Hi ! I succeed in compiling cleanly Freeradius 1.1.0-pre0 on OpenBSD 3.8 with the following configure :
./configure --with-rlm_ldap --without-rlm_krb5 \ --without-rlm_acct_unique --without-rlm_otp \ --without-rlm_perl --enable-shared=no --enable-debug Freeradius starts fine. I try to do PEAP authentication but then Freeradius segfaults : [...] rad_recv: Access-Request packet from host 138.231.141.222:2050, id=0, length=173 User-Name = "steve" NAS-IP-Address = 138.231.141.222 Called-Station-Id = "0014bf2f3eb5" Calling-Station-Id = "00306526e4e0" NAS-Identifier = "0014bf2f3eb5" NAS-Port = 34 Framed-MTU = 1400 State = 0x5d72cc5f52f81774f1e5bf1a75d99195 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0208002a1900170301001fa547984d5e50c6234839710cb5afe897a3033acdcf0d198a5b8b2cee149bdf Message-Authenticator = 0xd21e950adad5ec474294ff09906adf03 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 8 modcall[authorize]: module "preprocess" returns ok for request 8 modcall[authorize]: module "chap" returns noop for request 8 modcall[authorize]: module "mschap" returns noop for request 8 rlm_realm: No '@' in User-Name = "steve", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 8 rlm_eap: EAP packet type response id 8 length 42 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 8 users: Matched entry steve at line 5 modcall[authorize]: module "files" returns ok for request 8 modcall: leaving group authorize (returns updated) for request 8 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Success rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns ok for request 8 modcall: leaving group authenticate (returns ok) for request 8 Sending Access-Accept of id 0 to 138.231.141.222 port 2050 MS-MPPE-Recv-Key = 0x07903df33fbfac78c62a677bd381cda4a3e33adb7c7bbab591f1f7b54e78f16d zsh: segmentation fault (core dumped) HISTFILE=$HISTFILE-root ZDOTDIR=~ sudo /usr/local/sbin/radiusd -X -A I have the original configuration files with EAP defaulting to PEAP and TLS enabled. Here is the backtrace from gdb : (gdb) bt #0 0x06fdcbb6 in memset () from /usr/lib/libc.so.38.2 #1 0x80601740 in ?? () #2 0x1c03c33f in make_tunnel_passwd ( output=0xf5bdcac1, outlen=0x0, input=0x0, inlen=32, secret=0x0, vector=0x0) at radius.c:256 #3 0x00000000 in ?? () If I look at line 256, I see this : memset(passwd + 3 + inlen, 0, sizeof(passwd) - 3 - inlen); However, passwd is defined as : uint8_t passwd[AUTH_VECTOR_LEN + AUTH_PASS_LEN]; It is 16 + 16 = 32 bytes long. passwd + 3 + inlen is then outside passwd. I have tried to make passwd 259 bytes long to avoid segmentation fault but I get this : Sending Access-Accept of id 0 to 138.231.141.222 port 2050 MS-MPPE-Recv-Key = 0x64ab77b394aac0e36fec6b33df71b9cdd2d93356d7574cd548026938b21240af MS-MPPE-Send-Key = 0xddb31798589e6c89b3e60a428483012bb867fd2182aeb0375b36637998cf239f EAP-Message = 0x031a0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "steve" The NAS seems unhappy with such an answer, maybe because of the Message-Authenticator which is empty. I have also tried to only uses 16 first bytes of input with no change... -- /* * Hash table gook.. */ 2.4.0-test2 /usr/src/linux/fs/buffer.c - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html