Re: Case statement error
Hi, Ah... a fix wasn't pulled over from v3.0.x to master. I've just done that now. server now starts with such switch/case config present. cheers! alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Case statement error
Thank both, that's great news. I really need to teach myself some C.. Cheers Andy -Original Message- From: freeradius-users-bounces+andy.franks=sath.nhs...@lists.freeradius.org [mailto:freeradius-users-bounces+andy.franks=sath.nhs.uk@lists.freeradiu s.org] On Behalf Of a.l.m.bu...@lboro.ac.uk Sent: 14 October 2013 07:27 To: FreeRadius users mailing list Subject: Re: Case statement error Hi, Ah... a fix wasn't pulled over from v3.0.x to master. I've just done that now. server now starts with such switch/case config present. cheers! alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Case statement error
Franks Andy (RLZ) IT Systems Engineer wrote: Hi again, Sorry to bang on about this, but I'm struggling still. Brand new machine, Ubuntu 13.04 server, never had freeradius installed on it. Pulled from git, - (FreeRADIUS Version 3.1.0 (git #209982d), I didn't see the 3.1.0... At this point, you may want to be running from the 3.0.0 release, or the v3.0.x branch. There are NO new features in master (3.1.0) over 3.0.0. Our plan for 3.1.0 is to finish the conversion to talloc, which may introduce instabilities. In contrast, 2.2.x and 3.0.x will have minimal changes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Case statement error
Hi again, Sorry to bang on about this, but I'm struggling still. Brand new machine, Ubuntu 13.04 server, never had freeradius installed on it. Pulled from git, - (FreeRADIUS Version 3.1.0 (git #209982d), for host x86_64-unknown-linux-gnu, built on Oct 13 2013 at 18:42:55) ./configure Make Make install Nothing else except putting this in the authorize section of a brand new default vs switch %{control:Tmp-String-0} { case { update control { Tmp-String-0 := new value } } } Same outcome : # Loading authorize {...} /usr/local/etc/raddb/sites-enabled/default[222]: case statements may only appear within a switch section /usr/local/etc/raddb/sites-enabled/default[222]: Failed to parse case subsection. /usr/local/etc/raddb/sites-enabled/default[220]: Errors parsing authorize section. It just can't be an old binary, guaranteed this machine has never been near FR. Any ideas? Does anyone mind trying it? Thanks Andy -Original Message- From: freeradius-users-bounces+andy.franks=sath.nhs...@lists.freeradius.org [mailto:freeradius-users-bounces+andy.franks=sath.nhs.uk@lists.freeradiu s.org] On Behalf Of Alan DeKok Sent: 11 October 2013 18:59 To: FreeRadius users mailing list Subject: Re: Case statement error Franks Andy (RLZ) IT Systems Engineer wrote: I still get # Loading authorize {...} /usr/local/etc/raddb/sites-enabled/default[222]: case statements may only appear within a switch section You need to upgrade your binary. You're not using the latest version. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Case statement error
Hi, this error is also present with 3.1.0 when using the provided orginate-coa virtual-server - so its reproducable with a minimally adjusted configuration (just drop originate-coa from sites-available to sites-enabled) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Case statement error
a.l.m.bu...@lboro.ac.uk wrote: this error is also present with 3.1.0 when using the provided orginate-coa virtual-server - so its reproducable with a minimally adjusted configuration (just drop originate-coa from sites-available to sites-enabled) Ah... a fix wasn't pulled over from v3.0.x to master. I've just done that now. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Case statement error
Hi again. I'm confused now. I've recompiled, renamed all old folder under /usr/local and done a complete reinstall. I've pared it all down and simply put switch %{control:Tmp-String-0} { case { update control { Tmp-String-0 := new value } } } In the default VS. I still get # Loading authorize {...} /usr/local/etc/raddb/sites-enabled/default[222]: case statements may only appear within a switch section /usr/local/etc/raddb/sites-enabled/default[222]: Failed to parse case subsection. /usr/local/etc/raddb/sites-enabled/default[220]: Errors parsing authorize section. I'm running git #57e69c9 Sorry, but I can't see what I'm doing wrong! Thanks Andy -Original Message- From: freeradius-users-bounces+andy.franks=sath.nhs...@lists.freeradius.org [mailto:freeradius-users-bounces+andy.franks=sath.nhs.uk@lists.freeradiu s.org] On Behalf Of Alan DeKok Sent: 09 October 2013 15:26 To: FreeRadius users mailing list Subject: Re: Case statement error Franks Andy (RLZ) IT Systems Engineer wrote: Trying version #d166290 results in Which is old. The bug has already been fixed. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Error messages in debug on 3.0
I've just ported our config to 3.0 and I'm seeing a few error messages; they don't seem to be critical but are concerning me. Specifically I'm seeing: ERROR: Conditional evaluation failed due to internal sanity check. ...whenever I try to compare against absent attributes. What's the correct syntax for this now - do I need: if ((Attr) (Attr op RHS)) { ...or can I ignore the message? I'm also seeing this with: if (%{outer.request:Blah}) ...if I'm not in a tunnel (in some generic logging policy); what's the right syntax for that? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error messages in debug on 3.0
On 10/10/13 18:32, Phil Mayers wrote: I've just ported our config to 3.0 and I'm seeing a few error messages; they don't seem to be critical but are concerning me. Specifically I'm seeing: We're also getting: Info: Invalid operator for item Sql-Group: reverting to '==' ...which is logged to radiusd.log. This seems to be spurious - all our comparisons to SQL-Group are, of course using ==. Other than that, it all seems OK! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error messages in debug on 3.0
On 10 Oct 2013, at 18:32, Phil Mayers p.may...@imperial.ac.uk wrote: I've just ported our config to 3.0 and I'm seeing a few error messages; they don't seem to be critical but are concerning me. Specifically I'm seeing: ERROR: Conditional evaluation failed due to internal sanity check. ...whenever I try to compare against absent attributes. What's the correct syntax for this now - do I need: if ((Attr) (Attr op RHS)) { Yes. ...or can I ignore the message? I'm also seeing this with: if (%{outer.request:Blah}) ...if I'm not in a tunnel (in some generic logging policy); what's the right syntax for that? possibly if (outer.request Sorry about the errors, I think they should be more descriptive in master unless Alan changed something when he did the second pass fix up for conditions. But yes, in general a presence check is now required. It makes it easier to spot attributes which should be there but aren't. -Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error messages in debug on 3.0
On 10/10/13 18:51, Arran Cudbard-Bell wrote: possibly if (outer.request Hmm, no same thing, and worse it's squashing Module-Failure-Message :o( - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error messages in debug on 3.0
Phil Mayers wrote: I've just ported our config to 3.0 and I'm seeing a few error messages; they don't seem to be critical but are concerning me. Specifically I'm seeing: ERROR: Conditional evaluation failed due to internal sanity check. That should be fixed. Either it can be deleted, or reworded. ...whenever I try to compare against absent attributes. What's the correct syntax for this now - do I need: if ((Attr) (Attr op RHS)) { ...or can I ignore the message? Yes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error messages in debug on 3.0
On 10 Oct 2013, at 22:23, Alan DeKok al...@deployingradius.com wrote: Phil Mayers wrote: I've just ported our config to 3.0 and I'm seeing a few error messages; they don't seem to be critical but are concerning me. Specifically I'm seeing: ERROR: Conditional evaluation failed due to internal sanity check. That should be fixed. Either it can be deleted, or reworded. I've reworded it. The code in master actually tells you what was wrong, but the changes were quite extensive so it didn't get ported to v3.0.x. I've also removed the error on accessing a request which doesn't exist, so presence checks work as expected. The actual presence check itself is ok. In radius_evaluate_tmpl: case VPT_TYPE_ATTR: case VPT_TYPE_LIST: if (radius_vpt_get_vp(request, vpt) != NULL) { rcode = true; } else { rcode = false; } break; Which works for if (outer.request:Attribute) and if (outer.request) It's just one of the functions called to convert the enumerated request type to an actual REQUEST threw an error when the request didn't exist. Arran Cudbard-Bell a.cudba...@freeradius.org FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Case statement error
Hi All. I have some code in an sql policy: sql_check_user_present { update control { Tmp-String-0 := %{sql_pwifi:SELECT COUNT(*) from voucher v left join state s on v.id=s.voucher_id where v.id=s.voucher_id and v.code='%{User-Name}' and (s.state='Inactive' or s.state='Active')} } switch %{control:Tmp-String-0} { case 0 { update control { User-RejectInformation := Sorry, that voucher code is invalid or has expired. Debug-RejectInformation := Voucher code not present in database table, or voucher expired } reject } case 1 { noop } case { # voucher has multiple table entries, oooh errr. update control { User-RejectInformation := Sorry, there has been an error. Please contact IT. Debug-RejectInformation := Multiple voucher codes the same, or database error - SQL count not = 0 or 1. This should never happen due to primary key constraint! } reject } } } This works fine in 3.0, git version #f66d411, but I have a problem with a regex related thing causing a segfault in that version and wouldn't mind trying the latest version to see if it's fixed. Trying version #d166290 results in /usr/local/etc/raddb/policy.d/sql[6]: case statements may only appear within a switch section /usr/local/etc/raddb/policy.d/sql[6]: Failed to parse case subsection. /usr/local/etc/raddb/policy.d/sql[5]: Failed to parse switch subsection. /usr/local/etc/raddb/sites-enabled/default[220]: Errors parsing authorize section. Do I need to change how the switch statement works? The unlang page doesn't seem to have changed as far as I can tell. Thanks Andy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Case statement error
Franks Andy (RLZ) IT Systems Engineer wrote: Trying version #d166290 results in Which is old. The bug has already been fixed. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius Error Access Rejected Only On Some CISCO Switch Ports
Hi Guys, we are trying to get Free Radius to authenticate our users who connect through a Cisco Small Business POE switch. When testing authentication with a shutdown / no shutdown command on port fa/17 which has an IP phone connected to it we receive the following errors: FREE RADIUS : [ldap] expand: %{User-Name} - root [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) - (uid=root) [ldap] expand: dc=citlao,dc=local - dc=citlao,dc=local [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in dc=citlao,dc=local, with filter (uid=root) [ldap] object not found [ldap] search failed [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns notfound ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No known good password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. Login incorrect ( [ldap] User not found): [root/trash] (from client LTC-ROUTER port 2) Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} - root attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 12 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 12 Sending Access-Reject of id 31 to 192.168.1.1 port 1645 Waking up in 4.9 seconds. Cleaning up request 12 ID 31 with timestamp +10922 Ready to process requests. CISCO POE SWITCH: SW-BN3-PoE(config-if)#shutdown SW-BN3-PoE(config-if)#23-Sep-2013 14:17:22 %LINK-W-Down: fa17 SW-BN3-PoE(config-if)# SW-BN3-PoE(config-if)#no shutdown SW-BN3-PoE(config-if)#23-Sep-2013 14:17:42 %STP-W-PORTSTATUS: fa17: STP status Forwarding 23-Sep-2013 14:17:42 %LINK-I-Up: fa17 23-Sep-2013 14:17:43 %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 58:bf:ea:11:13:93 was rejected on port fa17 due to wrong user name or password in Radius server 23-Sep-2013 14:18:07 %LINK-W-Down: fa17, aggregated (3) 23-Sep-2013 14:18:09 %STP-W-PORTSTATUS: fa17: STP status Forwarding, aggregated (3) 23-Sep-2013 14:18:09 %LINK-I-Up: fa17, aggregated (3) 23-Sep-2013 14:18:18 %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 58:bf:ea:11:13:93 was rejected on port fa17 due to wrong user name or password in Radius server, aggregated (1) However when we try the same test on a port that has a PC connected to it we do not receive such an error. The CISCO switch says that we have the wrong user name and the Free Radius log says access rejected. Why would this only be the case when a CISCO IP phone tries to authenticate? The Cisco switch port configurations are exactly the same and are as follows : dot1x max-req 1 dot1x reauthentication dot1x timeout quiet-period 30 dot1x mac-authentication mac-only dot1x port-control auto storm-control broadcast enable storm-control broadcast level 10 storm-control include-multicast spanning-tree portfast macro description no_ip_phone_desktop | ip_phone_desktop switchport trunk allowed vlan add 100 macro auto smartport type ip_phone_desktop What can I try to fix the authentication issues so that all ports are being successfully authenticated ? Thanks for your assistance, Dan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
can not initiate sim, no RAND1 attribute [eap] ERROR - Default EAP type sim failed in initiate [eap]
Hi All, I really do try to read the forums in full before I post, but I have seen much out there on this, but just cant find out why this is happening. Please see below. The only think I dont have is sim_files entry in the sites-enabled/default, as I assume this is now covered in the radiusd.conf file. Also, in the simtriplets files at the bottom, I have tried the entries with a 1 at the beiging of the IMSI, and without and with the word SIM there also. On packet captures over the air, I get P1 - eap identity request P2 - eap identity response P3 - eap-failure So I beleive the radius server is not sending an eap-start module and is my configuration issue. Could anyone be so kind to help me please? Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /usr/local/var/run/radiusd/radiusd.sock Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 10.53.1.200 port 45261, id=5, length=257 User-Name = 1234159143465...@wlan.mnc015.mcc234.3gppnetwork.org NAS-IP-Address = 192.168.21.1 Called-Station-Id = 5C-D9-98-BF-C0-9E:tt NAS-Port-Type = Wireless-802.11 NAS-Port = 1 Calling-Station-Id = 5C-F8-A1-8B-35-BA Connect-Info = CONNECT 54Mbps 802.11g Acct-Session-Id = 524016AE-0005 Framed-MTU = 1400 EAP-Message = 0x02ba0038013132333431353931343334363530383440776c616e2e6d6e633031352e6d63633233342e336770706e6574776f726b2e6f7267 Message-Authenticator = 0x25cd862fe8110e13ab54321c37032d00 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] Looking up realm wlan.mnc015.mcc234.3gppnetwork.org for User-Name = 1234159143465...@wlan.mnc015.mcc234.3gppnetwork.org [suffix] No such realm wlan.mnc015.mcc234.3gppnetwork.org ++[suffix] returns noop [eap] EAP packet type response id 186 length 56 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No known good password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type sim can not initiate sim, no RAND1 attribute [eap] Default EAP type sim failed in initiate [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} - 1234159143465...@wlan.mnc015.mcc234.3gppnetwork.org attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 5 to 10.53.1.200 port 45261 EAP-Message = 0x04ba0004 Message-Authenticator = 0x Waking up in 4.9 seconds. Cleaning up request 0 ID 5 with timestamp +8 Ready to process requests. rad_recv: Access-Request packet from host 10.53.1.200 port 45261, id=6, length=257 User-Name = 1234159143465...@wlan.mnc015.mcc234.3gppnetwork.org NAS-IP-Address = 192.168.21.1 Called-Station-Id = 5C-D9-98-BF-C0-9E:tt NAS-Port-Type = Wireless-802.11 NAS-Port = 1 Calling-Station-Id = 5C-F8-A1-8B-35-BA Connect-Info = CONNECT 54Mbps 802.11g Acct-Session-Id = 524016AE-0006 Framed-MTU = 1400 EAP-Message = 0x02f20038013132333431353931343334363530383440776c616e2e6d6e633031352e6d63633233342e336770706e6574776f726b2e6f7267 Message-Authenticator = 0xac6eea11e5915f4e4e5bbc06a7ed3e72 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] Looking up realm wlan.mnc015.mcc234.3gppnetwork.org for User-Name = 1234159143465...@wlan.mnc015.mcc234.3gppnetwork.org [suffix] No such realm wlan.mnc015.mcc234.3gppnetwork.org ++[suffix] returns noop [eap] EAP packet type response id 242 length 56 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No known good password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type sim can not initiate sim, no
Re: can not initiate sim, no RAND1 attribute [eap] ERROR - Default EAP type sim failed in initiate [eap]
On 23 Sep 2013, at 12:32, ken.farrington ken.farring...@802.co.uk wrote: Hi All, I really do try to read the forums in full before I post, but I have seen much out there on this, but just cant find out why this is happening. Please see below. The only think I dont have is sim_files entry in the sites-enabled/default, as I assume this is now covered in the radiusd.conf file. No, it's not, that is a version 1.x.x configuration. You have to list it in sites-enabled/default before EAP for it to work. Honestly though you don't need the sim_files stuff as you can set the attributes required in the users file (files). -Arran Arran Cudbard-Bell a.cudba...@freeradius.org FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: can not initiate sim, no RAND1 attribute [eap] ERROR - Default EAP type sim failed in initiate [eap]
Hi Arran, Im not sure if I have interpreted this right. Are you agreeing with my statement, that it is not needed or are you saying it is needed? I seem to recall I get an error when I put the sime_files in the default file. Many thx indeed for the lightning fast response mate :) Ken On 23 September 2013 at 12:49 Arran Cudbard-Bell a.cudba...@freeradius.org wrote: On 23 Sep 2013, at 12:32, ken.farrington ken.farring...@802.co.uk wrote: Hi All, I really do try to read the forums in full before I post, but I have seen much out there on this, but just cant find out why this is happening. Please see below. The only think I dont have is sim_files entry in the sites-enabled/default, as I assume this is now covered in the radiusd.conf file. No, it's not, that is a version 1.x.x configuration. You have to list it in sites-enabled/default before EAP for it to work. Honestly though you don't need the sim_files stuff as you can set the attributes required in the users file (files). -Arran Arran Cudbard-Bell a.cudba...@freeradius.org FreeRADIUS Development Team Ken Farrington Director CCIE #12651 802 Limited International House, 221 Bow Road, London, E3 2SJ, United Kingdom Direct: +44 (0)7500 802802 ken.farring...@802.co.uk http://www.802.co.uk Disclaimer This e-mail may contain information that is confidential, privileged or otherwise protected from disclosure. If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error. Any views or opinions presented are solely those of the author and do not necessarily represent those of 802 Limited or any subsidiary company of 802 Limited. This email may relate to or be sent from other members of the 802 Group. All rights reserved. 802 Limited. Registered in the UK. Company Number. 7962864.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: can not initiate sim, no RAND1 attribute [eap] ERROR - Default EAP type sim failed in initiate [eap]
Also, if I put the sim_files entry before eap in the default file I get the following error when I try and start Radiusd -s -X Module: Linked to sub-module rlm_eap_sim Module: Instantiating eap-sim Module: Checking authorize {...} for more modules to load /usr/local/etc/raddb/radiusd.conf[643]: Failed to link to module 'rlm_sim_files': rlm_sim_files.so: cannot open shared object file: No such file or directory /usr/local/etc/raddb/sites-enabled/default[63]: Failed to load module sim_files. /usr/local/etc/raddb/sites-enabled/default[62]: Errors parsing authorize section. Could it be a linux thing, I am starting to think my linux skills are rubbish. I have been trying very hard :) Many thx ken On 23 September 2013 at 12:56 ken.farrington ken.farring...@802.co.uk wrote: Hi Arran, Im not sure if I have interpreted this right. Are you agreeing with my statement, that it is not needed or are you saying it is needed? I seem to recall I get an error when I put the sime_files in the default file. Many thx indeed for the lightning fast response mate :) Ken On 23 September 2013 at 12:49 Arran Cudbard-Bell a.cudba...@freeradius.org wrote: On 23 Sep 2013, at 12:32, ken.farrington ken.farring...@802.co.uk wrote: Hi All, I really do try to read the forums in full before I post, but I have seen much out there on this, but just cant find out why this is happening. Please see below. The only think I dont have is sim_files entry in the sites-enabled/default, as I assume this is now covered in the radiusd.conf file. No, it's not, that is a version 1.x.x configuration. You have to list it in sites-enabled/default before EAP for it to work. Honestly though you don't need the sim_files stuff as you can set the attributes required in the users file (files). -Arran Arran Cudbard-Bell a.cudba...@freeradius.org FreeRADIUS Development Team Ken Farrington Director CCIE #12651 802 Limited International House, 221 Bow Road, London, E3 2SJ, United Kingdom Direct: +44 (0)7500 802802 ken.farring...@802.co.uk http://www.802.co.uk Disclaimer This e-mail may contain information that is confidential, privileged or otherwise protected from disclosure. If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error. Any views or opinions presented are solely those of the author and do not necessarily represent those of 802 Limited or any subsidiary company of 802 Limited. This email may relate to or be sent from other members of the 802 Group. All rights reserved. 802 Limited. Registered in the UK. Company Number. 7962864. Ken Farrington Director CCIE #12651 802 Limited International House, 221 Bow Road, London, E3 2SJ, United Kingdom Direct: +44 (0)7500 802802 ken.farring...@802.co.uk http://www.802.co.uk Disclaimer This e-mail may contain information that is confidential, privileged or otherwise protected from disclosure. If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error. Any views or opinions presented are solely those of the author and do not necessarily represent those of 802 Limited or any subsidiary company of 802 Limited. This email may relate to or be sent from other members of the 802 Group. All rights reserved. 802 Limited. Registered in the UK. Company Number. 7962864.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius Error Access Rejected Only On Some CISCO Switch Ports
Daniel Baker wrote: [ldap] performing search in dc=citlao,dc=local, with filter (uid=root) [ldap] object not found [ldap] search failed What part of that is unclear? What can I try to fix the authentication issues so that all ports are being successfully authenticated ? Ensure that the people logging in have accounts in ldap. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius Error Access Rejected Only On Some CISCO Switch Ports
Hi Guys, we are trying to get Free Radius to authenticate our users who connect through a Cisco Small Business POE switch. When testing authentication with a shutdown / no shutdown command on port fa/17 which has an IP phone connected to it we receive the following errors: FREE RADIUS : [ldap] expand: %{User-Name} - root [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) - (uid=root) [ldap] expand: dc=citlao,dc=local - dc=citlao,dc=local [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in dc=citlao,dc=local, with filter (uid=root) [ldap] object not found [ldap] search failed [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns notfound ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No known good password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. Login incorrect ( [ldap] User not found): [root/trash] (from client LTC-ROUTER port 2) Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} - root attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 12 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 12 Sending Access-Reject of id 31 to 192.168.1.1 port 1645 Waking up in 4.9 seconds. Cleaning up request 12 ID 31 with timestamp +10922 Ready to process requests. CISCO POE SWITCH: SW-BN3-PoE(config-if)#shutdown SW-BN3-PoE(config-if)#23-Sep-2013 14:17:22 %LINK-W-Down: fa17 SW-BN3-PoE(config-if)# SW-BN3-PoE(config-if)#no shutdown SW-BN3-PoE(config-if)#23-Sep-2013 14:17:42 %STP-W-PORTSTATUS: fa17: STP status Forwarding 23-Sep-2013 14:17:42 %LINK-I-Up: fa17 23-Sep-2013 14:17:43 %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 58:bf:ea:11:13:93 was rejected on port fa17 due to wrong user name or password in Radius server 23-Sep-2013 14:18:07 %LINK-W-Down: fa17, aggregated (3) 23-Sep-2013 14:18:09 %STP-W-PORTSTATUS: fa17: STP status Forwarding, aggregated (3) 23-Sep-2013 14:18:09 %LINK-I-Up: fa17, aggregated (3) 23-Sep-2013 14:18:18 %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 58:bf:ea:11:13:93 was rejected on port fa17 due to wrong user name or password in Radius server, aggregated (1) However when we try the same test on a port that has a PC connected to it we do not receive such an error. The CISCO switch says that we have the wrong user name and the Free Radius log says access rejected. Why would this only be the case when a CISCO IP phone tries to authenticate? The Cisco switch port configurations are exactly the same and are as follows : dot1x max-req 1 dot1x reauthentication dot1x timeout quiet-period 30 dot1x mac-authentication mac-only dot1x port-control auto storm-control broadcast enable storm-control broadcast level 10 storm-control include-multicast spanning-tree portfast macro description no_ip_phone_desktop | ip_phone_desktop switchport trunk allowed vlan add 100 macro auto smartport type ip_phone_desktop What can I try to fix the authentication issues so that all ports are being successfully authenticated ? Thanks for your assistance, Dan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius Error Access Rejected Only On Some CISCO Switch Ports
Thank you Alan I will pursue that line of inquiry further. On 9/23/2013 8:18 PM, Alan DeKok wrote: Daniel Baker wrote: [ldap] performing search in dc=citlao,dc=local, with filter (uid=root) [ldap] object not found [ldap] search failed What part of that is unclear? What can I try to fix the authentication issues so that all ports are being successfully authenticated ? Ensure that the people logging in have accounts in ldap. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ipad ssl error in free radius
Hi, is the firmware on that iPad particularly old? Or maybe your OpenSSL on the server side? Things like mismatching cipher requirements or force secure renegotiation might cause some of these issues. Greetings, Stefan Winter Am 19.09.13 06:27, schrieb val john: hi guys we are getting follwong error in our radius log when ipad trying to connect to our WIFI network , our WIFI network using EAP-TTLS + LDAP authentication , All other devices (linux , windows, mac os 10.8 , Suse , android ) are working fine apart from ipads .. Error === Tue Sep 17 13:36:25 2013 : Error: TLS Alert read:warning:close notify Tue Sep 17 13:36:25 2013 : Error: TLS_accept: failed in SSLv3 read client certificate A Tue Sep 17 13:36:25 2013 : Error: rlm_eap: SSL error error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure Tue Sep 17 13:36:25 2013 : Error: SSL: SSL_read failed in a system call (-1), TLS session fails. Tue Sep 17 13:36:25 2013 : Auth: Login incorrect (TLS Alert read:warning:close notify): [u...@ihk.com mailto:u...@ihk.com] (from client ManagementAPs port 1 cli 00-88-65-42-50-88) Do you guys any idea what cause this issue Thank you John - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html 0x8A39DC66.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ipad ssl error in free radius
val john wrote: Tue Sep 17 13:36:25 2013 : Error: TLS Alert read:warning:close notify This means that the *other* end shut down the TLS connection. To be polite, it sent a notification that it was doing so. Do you guys any idea what cause this issue Maybe there's something in the CA / server cert which the iPad doesn't like. Much of SSL is magic... Try it with the test certificates created by the server. If the problem doesn't happen, then the problem really is the certificates. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: ipad ssl error in free radius
John, The IPhone Configuration Utility can do remote debugging with iPads, it helped me diagnose some EAP-TLS issues. John. From: freeradius-users-bounces+jcarter=identitynetworks@lists.freeradius.org [mailto:freeradius-users-bounces+jcarter=identitynetworks.com@lists.freeradi us.org] On Behalf Of val john Sent: 19 September 2013 05:28 To: FreeRadius users mailing list Subject: ipad ssl error in free radius hi guys we are getting follwong error in our radius log when ipad trying to connect to our WIFI network , our WIFI network using EAP-TTLS + LDAP authentication , All other devices (linux , windows, mac os 10.8 , Suse , android ) are working fine apart from ipads .. Error === Tue Sep 17 13:36:25 2013 : Error: TLS Alert read:warning:close notify Tue Sep 17 13:36:25 2013 : Error: TLS_accept: failed in SSLv3 read client certificate A Tue Sep 17 13:36:25 2013 : Error: rlm_eap: SSL error error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure Tue Sep 17 13:36:25 2013 : Error: SSL: SSL_read failed in a system call (-1), TLS session fails. Tue Sep 17 13:36:25 2013 : Auth: Login incorrect (TLS Alert read:warning:close notify): [u...@ihk.com] (from client ManagementAPs port 1 cli 00-88-65-42-50-88) Do you guys any idea what cause this issue Thank you John - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ipad ssl error in free radius
hi guys we are getting follwong error in our radius log when ipad trying to connect to our WIFI network , our WIFI network using EAP-TTLS + LDAP authentication , All other devices (linux , windows, mac os 10.8 , Suse , android ) are working fine apart from ipads .. Error === Tue Sep 17 13:36:25 2013 : Error: TLS Alert read:warning:close notify Tue Sep 17 13:36:25 2013 : Error: TLS_accept: failed in SSLv3 read client certificate A Tue Sep 17 13:36:25 2013 : Error: rlm_eap: SSL error error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure Tue Sep 17 13:36:25 2013 : Error: SSL: SSL_read failed in a system call (-1), TLS session fails. Tue Sep 17 13:36:25 2013 : Auth: Login incorrect (TLS Alert read:warning:close notify): [u...@ihk.com] (from client ManagementAPs port 1 cli 00-88-65-42-50-88) Do you guys any idea what cause this issue Thank you John - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radclient error
Hi All I have this Error when using radclient: radclient: Nothing to send. radclient:: Expected end of line or comma I do not know what is means ? (radclient is run by PlPerl script in my postgresql database engine) Best regards. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radclient error
On 11 Sep 2013, at 11:03, Mehdi Ravanbakhsh baba...@gmail.com wrote: Hi All I have this Error when using radclient: radclient: Nothing to send. radclient:: Expected end of line or comma I do not know what is means ? It means you've not specified any input pairs, use the -f option, or pipe them through to stdin. Arran Cudbard-Bell a.cudba...@freeradius.org FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radclient error
thanks Arran It is solved Best regards. On Wed, Sep 11, 2013 at 3:03 PM, Arran Cudbard-Bell a.cudba...@freeradius.org wrote: On 11 Sep 2013, at 11:03, Mehdi Ravanbakhsh baba...@gmail.com wrote: Hi All I have this Error when using radclient: radclient: Nothing to send. radclient:: Expected end of line or comma I do not know what is means ? It means you've not specified any input pairs, use the -f option, or pipe them through to stdin. Arran Cudbard-Bell a.cudba...@freeradius.org FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Talloc sanity error (3.0 release branch, reproxying from PEAP inner tunnel)
Brian Julin wrote: Alan DeKok wrote: Well... I tried it, and I didn't see any errors. Can you check that you're really running a *stock* binary, and a *stock* configuration? Attached is a recipe for how I replicated it (and another doublefree) on a clean system. I've pushed a fix, thanks. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Talloc sanity error (3.0 release branch, reproxying from PEAP inner tunnel)
Alan DeKok wrote: Well... I tried it, and I didn't see any errors. Can you check that you're really running a *stock* binary, and a *stock* configuration? Attached is a recipe for how I replicated it (and another doublefree) on a clean system. 1) started on a fresh system that had never seen freeradius before. 2) apt-get build-dep freeradius 3) apt-get install libtalloc-dev 4) git clone git://git.freeradius.org/freeradius-server 5) git branch --track release_branch_3.0.0 6) git checkout release_branch_3.0.0 7) configure --prefix=/usr/local; make; make install 8) download wpa source and build eapol_test 9) configure an eapol_peap.conf: network={ ssid=example key_mgmt=WPA-EAP eap=PEAP identity=f...@domain.site anonymous_identity=a...@domain.site password=foo phase1=peaplabel=0 phase2=auth=MSCHAPv2 } 10) Try an auth against stock config, no memory errors as expected 11) copy proxy-inner-tunnel from sites-available to sites-enabled 12) change mods-enabled/eap peap{} to virtual_server = proxy-inner-tunnel 13) Run the test. Get a GCC doublefree that ends as follows: (7) # Executing section post-proxy from file /usr/local/etc/raddb/sites-enabled/default (7) group post-proxy { (7) - entering group post-proxy {...} (7) eap : Doing post-proxy callback (7) eap : Passing reply from proxy back into the tunnel (7) eap : Got tunneled reply RADIUS code 11 EAP-Message = 0x010800160410ea08d4982a033fac8f7f1f0bc63b952f Message-Authenticator = 0xbe82b369c495e2bceed47fd6f1b710d5 State = 0xc10fbed8c107ba1915db9798d8125486 Proxy-State = 0x37 (7) eap : Got tunneled Access-Challenge (7) eap : Reply was handled *** glibc detected *** /usr/local/sbin/radiusd: double free or corruption (out): 0x08cb34d8 *** 15) Note that proxy-inner-tunnel.post-proxy is not being entered, scratch head 14) Note this is a different error that the talloc-detected double-use I originally reported. To see that one proceed as follows: 16) comment out virtual-server option in mods-enabled/eap peap{} 17) add this clause to top of sites-enabled/default.authorize: if (Freeradius-Proxied-To == 127.0.0.1) { update control { Proxy-To-Realm = example.com } } 18) Run the test. Get the talloc error originally reported: (7) [suffix] = noop (7) eap : Request is supposed to be proxied to Realm example.com. Not doing EAP. (7) [eap] = noop (7) [files] = noop (7) [expiration] = noop (7) [logintime] = noop (7) [pap] = noop } # server default (7) eap_peap : Got tunneled reply code 0 PEAP: Tunneled authentication will be proxied to example.com talloc: access after free error - first free may be at src/main/util.c:230 Bad talloc magic value - access after free Aborted 18) Note that the error happens on the first unwrapped proxy before it is sent, so decide not to worry about anything past authorize {} in the default server. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Talloc sanity error (3.0 release branch, reproxying from PEAP inner tunnel)
On 9 Aug 2013, at 16:14, Brian Julin bju...@clarku.edu wrote: Alan DeKok wrote: Well... I tried it, and I didn't see any errors. Can you check that you're really running a *stock* binary, and a *stock* configuration? Attached is a recipe for how I replicated it (and another doublefree) on a clean system. With which version of the server? Arran Cudbard-Bell a.cudba...@freeradius.org FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Talloc sanity error (3.0 release branch, reproxying from PEAP inner tunnel)
On 9 Aug 2013, at 16:27, Arran Cudbard-Bell a.cudba...@freeradius.org wrote: On 9 Aug 2013, at 16:14, Brian Julin bju...@clarku.edu wrote: Alan DeKok wrote: Well... I tried it, and I didn't see any errors. Can you check that you're really running a *stock* binary, and a *stock* configuration? Attached is a recipe for how I replicated it (and another doublefree) on a clean system. With which version of the server? Never mind, release_branch_3_0_0 Arran Cudbard-Bell a.cudba...@freeradius.org FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Talloc sanity error (3.0 release branch, reproxying from PEAP inner tunnel)
Brian Julin wrote: I tried to replicate on a test server with lightly modified 3.0 stock configs. The error only happens when everything is running through the same server/eap instances, so good instincts there. Replicating it is easy: just uncomment the peap virtual-server directive and add at the top of authorize: if (Freeradius-Proxied-To == 127.0.0.1) { update control { Proxy-To-Realm = example.com } } That doesn't make much sense. If it's in the default virtual server, the FreeRADIUS-Proxied-To attribute will never exist. If it's in the inner-tunnel virtual server, it will always exist, and always have that value. ...and it doesn't matter that example.com defaults to home_server localhost, it does not get that far. Well... I tried it, and I didn't see any errors. Can you check that you're really running a *stock* binary, and a *stock* configuration? I believe it is the way it is because at some point we were having trouble using outer.request and such between virtual servers. I'll have to test those and see if that limitation is still in effect. All that should work... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Talloc sanity error (3.0 release branch, reproxying from PEAP inner tunnel)
Alan DeKok wrote: Brian Julin wrote: I tried to replicate on a test server with lightly modified 3.0 stock configs. The error only happens when everything is running through the same server/eap instances, so good instincts there. Replicating it is easy: just uncomment the peap virtual- server directive and add at the top of authorize: if (Freeradius-Proxied-To == 127.0.0.1) { update control { Proxy-To-Realm = example.com } } That doesn't make much sense. If it's in the default virtual server, the FreeRADIUS-Proxied-To attribute will never exist. If it's in the inner-tunnel virtual server, it will always exist, and always have that value. Only if you send it there with a virtual_server=inner-tunnel statement in the peap block. This happens if you do not, as documented in the comments for that option. Ah -- maybe to replicate you can't have inner-tunnel in sites-enabled, since it has that loopback listen directive. I had swapped in proxy-inner-tunnel at some point, it appears, which does not have it. ...and it doesn't matter that example.com defaults to home_server localhost, it does not get that far. Well... I tried it, and I didn't see any errors. Can you check that you're really running a *stock* binary, and a *stock* configuration? I will -- should I preferably be testing against the release git branch, or against a release tag in master, BTW? I believe it is the way it is because at some point we were having trouble using outer.request and such between virtual servers. I'll have to test those and see if that limitation is still in effect. All that should work... Good. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Talloc sanity error (3.0 release branch, reproxying from PEAP inner tunnel)
...and it doesn't matter that example.com defaults to home_server localhost, it does not get that far. Well... I tried it, and I didn't see any errors. Can you check that you're really running a *stock* binary, and a *stock* configuration? I will -- should I preferably be testing against the release git branch, or against a release tag in master, BTW? release git branch. It contains many fixes since rc1. -Arran Arran Cudbard-Bell a.cudba...@freeradius.org FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Talloc sanity error (3.0 release branch, reproxying from PEAP inner tunnel)
I finally got around to trying some RC code (the release_branch_3.0.0 on github) on our production configurations, after a bit of massaging got them looking like they were working, but not so much the one that re-proxies the inner tunnel contents to an internal server after unwrapping EAP-PEAP: peap { default_eap_type = mschapv2 proxy_tunneled_request_as_eap = yes copy_request_to_tunnel = no use_tunneled_reply = yes tls = eduroam-eap-tls } Any request that tries to go to the proxy causes this to happen: Wed Aug 7 11:57:35 2013 : Debug: (5) - entering if (%{FreeRADIUS-Proxied-To} == 127.0.0.1) {...} Wed Aug 7 11:57:35 2013 : Debug: (5)update control { Wed Aug 7 11:57:35 2013 : Debug: (5) Proxy-To-Realm := idpi ... Wed Aug 7 11:57:35 2013 : Debug: (5)} # update control = ok Wed Aug 7 11:57:35 2013 : Debug: (5) - if (%{FreeRADIUS-Proxied-To} == 127.0.0.1) returns ok Wed Aug 7 11:57:35 2013 : Debug: (5)... skipping else for request 5: Preceding if was taken } # server eduroam_idp Wed Aug 7 11:57:35 2013 : Debug: (5) eap_peap : Got tunneled reply code 0 Wed Aug 7 11:57:35 2013 : Debug: PEAP: Tunneled authentication will be proxied to idpi Wed Aug 7 11:57:35 2013 : Info: talloc: access after free error - first free may be at src/main/util.c:230 Wed Aug 7 11:57:35 2013 : Info: Bad talloc magic value - access after free ... I don't know if this is of any use, being so far removed from the free(): Program received signal SIGABRT, Aborted. [Switching to Thread 0x75eb4700 (LWP 27579)] 0x003fe54328a5 in raise () from /lib64/libc.so.6 ... (gdb) bt #0 0x003fe54328a5 in raise () from /lib64/libc.so.6 #1 0x003fe5434085 in abort () from /lib64/libc.so.6 #2 0x77782c3c in ?? () from /usr/lib64/libtalloc.so.2 #3 0x77782dd8 in talloc_get_name () from /usr/lib64/libtalloc.so.2 #4 0x777857eb in _talloc_get_type_abort () from /usr/lib64/libtalloc.so.2 #5 0x77bb4d95 in pairnext (cursor=0x75eb2950) at src/lib/valuepair.c:290 #6 0x77bb4b42 in pairfind (vp=0x7fffe8007d80, attr=80, vendor=0, tag=-128 '\200') at src/lib/valuepair.c:209 #7 0x76f58d45 in mod_authenticate (instance=0x7f8b30, request=0x844e40) at src/modules/rlm_eap/rlm_eap.c:360 #8 0x00421812 in call_modsingle (component=0, sp=0x81ce30, request=0x844e40) at src/main/modcall.c:311 #9 0x00422f93 in modcall (component=0, c=0x81cf30, request=0x844e40) at src/main/modcall.c:782 #10 0x0041f4c6 in indexed_modcall (comp=0, idx=6, request=0x844e40) at src/main/modules.c:758 #11 0x00421127 in process_authenticate (auth_type=6, request=0x844e40) at src/main/modules.c:1648 #12 0x0040c910 in rad_check_password (request=0x844e40) at src/main/auth.c:252 #13 0x0040cee4 in rad_authenticate (request=0x844e40) ---Type return to continue, or q return to quit--- at src/main/auth.c:490 #14 0x00430b79 in request_running (request=0x844e40, action=1) at src/main/process.c:1185 #15 0x0042d02e in request_handler_thread (arg=0x8397c0) at src/main/threads.c:685 #16 0x003fe5c07851 in start_thread () from /lib64/libpthread.so.0 #17 0x003fe54e811d in clone () from /lib64/libc.so.6 (gdb) (gdb) up #1 0x003fe5434085 in abort () from /lib64/libc.so.6 (gdb) up #2 0x77782c3c in ?? () from /usr/lib64/libtalloc.so.2 (gdb) up #3 0x77782dd8 in talloc_get_name () from /usr/lib64/libtalloc.so.2 (gdb) up #4 0x777857eb in _talloc_get_type_abort () from /usr/lib64/libtalloc.so.2 (gdb) up #5 0x77bb4d95 in pairnext (cursor=0x75eb2950) at src/lib/valuepair.c:290 290 VERIFY_VP(cursor-current); (gdb) list 285*/ 286VALUE_PAIR *pairnext(vp_cursor_t *cursor) 287{ 288 cursor-current = cursor-next; 289 if (cursor-current) { 290 VERIFY_VP(cursor-current); 291 292 /* 293 * Set this now in case 'current' gets freed before 294 * pairnext is called again. (gdb) print cursor-current $1 = (VALUE_PAIR *) 0x7fffe8007820 (gdb) print cursor-current-da $2 = (const DICT_ATTR *) 0x6c6c617420646142 (gdb) print *cursor-current-da Cannot access memory at address 0x6c6c617420646142 (gdb) up #6 0x77bb4b42 in pairfind (vp=0x7fffe8007d80, attr=80, vendor=0, tag=-128 '\200') at src/lib/valuepair.c:209 209 i = pairnext(cursor)) { (gdb) list 204 vp_cursor_t cursor; 205 VALUE_PAIR *i; 206 207 for (i = paircursor(cursor, vp); 208 i; 209 i = pairnext(cursor)) { 210 VERIFY_VP(i); 211 if ((i-da-attr == attr) (i-da-vendor == vendor) 212 ((tag == TAG_ANY) || (i-da-flags.has_tag 213 (i-tag == tag { (gdb) print attr $3 = 80 (gdb) print vendor $4 = 0 (gdb) print tag $5 = -128 '\200' (gdb
Re: Talloc sanity error (3.0 release branch, reproxying from PEAP inner tunnel)
Hi, peap { default_eap_type = mschapv2 proxy_tunneled_request_as_eap = yes copy_request_to_tunnel = no use_tunneled_reply = yes tls = eduroam-eap-tls } okay Any request that tries to go to the proxy causes this to happen: Wed Aug 7 11:57:35 2013 : Debug: (5) - entering if (%{FreeRADIUS-Proxied-To} == 127.0.0.1) {...} Wed Aug 7 11:57:35 2013 : Debug: (5)update control { Wed Aug 7 11:57:35 2013 : Debug: (5) Proxy-To-Realm := idpi Wed Aug 7 11:57:35 2013 : Debug: (5)} # update control = ok Wed Aug 7 11:57:35 2013 : Debug: (5) - if (%{FreeRADIUS-Proxied-To} == 127.0.0.1) returns ok Wed Aug 7 11:57:35 2013 : Debug: (5)... skipping else for request 5: Preceding if was taken } # server eduroam_idp Wed Aug 7 11:57:35 2013 : Debug: (5) eap_peap : Got tunneled reply code 0 Wed Aug 7 11:57:35 2013 : Debug: PEAP: Tunneled authentication will be proxied to idpi Wed Aug 7 11:57:35 2013 : Info: talloc: access after free error - first free may be at src/main/util.c:230 Wed Aug 7 11:57:35 2013 : Info: Bad talloc magic value - access after free this sample doesnt show enough of the process.. how did you configure the server...from scratch or copy pasting bits over from a 2.x ? does this 'eap' module use its own virtual_server or does it inherit the virtual_server that instigated it (you have no 'virtual_server = blah' line in your peap{} section...so i assume its using eduroam_idp VS for the unwrapping?) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Talloc sanity error (3.0 release branch, reproxying from PEAP inner tunnel)
a.l.m.bu...@lboro.ac.uk [a.l.m.bu...@lboro.ac.uk] wrote: how did you configure the server...from scratch or copy pasting bits over from a 2.x ? It's a mongrel, not an alteration of fresh 3.0. It was working on a pre-talloc 3.0 development branch. does this 'eap' module use its own virtual_server or does it inherit the virtual_server that instigated it (you have no 'virtual_server = blah' line in your peap{} section...so i assume its using eduroam_idp VS for the unwrapping?) There's only one incestuous server clause, and only one EAP configuration block, yes. I tried to replicate on a test server with lightly modified 3.0 stock configs. The error only happens when everything is running through the same server/eap instances, so good instincts there. Replicating it is easy: just uncomment the peap virtual-server directive and add at the top of authorize: if (Freeradius-Proxied-To == 127.0.0.1) { update control { Proxy-To-Realm = example.com } } ...and it doesn't matter that example.com defaults to home_server localhost, it does not get that far. I believe it is the way it is because at some point we were having trouble using outer.request and such between virtual servers. I'll have to test those and see if that limitation is still in effect. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius error LDAP Authentication
Hi All, i am new about FreeRadius. I am moving from Cisco ACS Tacacs to FreeRadius. During LDAP configuration i am getting the follow error : [ldap] bind as cn=User,ou=people,dc=domain,dc=it/Password to ldapserver:636 [ldap] waiting for bind result ... [ldap] cn=user,ou=people,dc=domain,dc=it bind to ldapServer:636 failed No such object [ldap] (re)connection attempt failed Any idea about the error? Below the ldap configuration server = ldapserver port = 636 identity = cn=user,ou=people,dc=domain,dc=it password = password basedn = dc=domain,dc=it filter = (uid=%{Stripped-User-Name:-%{User-Name}}) base_filter = (objectclass=groupofuniquenames) Thanks Marco Aresu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius error LDAP Authentication
You shouldn't have quotes around your username or domain. You should use identity = cn=user,ou=people,dc=domain,dc=it On 19/07/2013 7:05 PM, Marco Aresu marcoar...@gmail.com wrote: Hi All, i am new about FreeRadius. I am moving from Cisco ACS Tacacs to FreeRadius. During LDAP configuration i am getting the follow error : [ldap] bind as cn=User,ou=people,dc=domain,dc=it/Password to ldapserver:636 [ldap] waiting for bind result ... [ldap] cn=user,ou=people,dc=domain,dc=it bind to ldapServer:636 failed No such object [ldap] (re)connection attempt failed Any idea about the error? Below the ldap configuration server = ldapserver port = 636 identity = cn=user,ou=people,dc=domain,dc=it password = password basedn = dc=domain,dc=it filter = (uid=%{Stripped-User-Name:-%{User-Name}}) base_filter = (objectclass=groupofuniquenames) Thanks Marco Aresu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
logout error
Hi guys when users logout from the wireless network , i can see following error in the log Error Error: rlm_radutmp: Logout for NAS Wlan1 port 0, but no Login record IS there any reason for that, how can fix it Thank You John - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: logout error
val john wrote: when users logout from the wireless network , i can see following error in the log Error: rlm_radutmp: Logout for NAS Wlan1 port 0, but no Login record IS there any reason for that, how can fix it Ensure that the NAS sends login records. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [again] Error [mschap] No Cleartext-Password configured. Cannot create LM-Password.
Holger Wesser wrote: I've googled a while and found different solutions for the error message: [mschap] No Cleartext-Password configured. Cannot create LM-Password. There's only one solution: give the server a known good password. e.g. Cleartext-Password, or NT-Password. What I've done is, to establish the following setup: Debian 7.1, Samba3, OpenLDAP and freeradius 2.1.12 (everything on the same machine). A VPN gateway forwards the authentication requests to the freeradius-server. PLEASE use radiusd -X as suggested everywhere. The additional -x is not needed, and is just annoying. The relevant output is: [ldap] performing search in dc=example,dc=com, with filter (uid=testuser) [ldap] Added User-Password = {SSHA}xx in check items SSHA passwords are fundamentally incompatible with MS-CHAP. http://deployingradius.com/documents/protocols/compatibility.html Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Loading fails without reporting an error
Lovaas,Steven wrote: Thanks, Adam... this got me looking at the right thing. I had a mismatch between the type of the home_server localhost (auth), and the attribute used in one of the realms pointing to the pool that references that home server (pool, instead of auth_pool). Changing the type of the localhost home_server allowed FR to complete loading. If you have a simple config that can reproduce it, I'd like to fix the problem. It's likely just adding a printed error message in the home server code. But knowing exactly where to add it would be useful. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Loading fails without reporting an error
On Fri, Jul 12, 2013 at 11:19:00AM +0200, Alan DeKok wrote: Lovaas,Steven wrote: Thanks, Adam... this got me looking at the right thing. I had a mismatch between the type of the home_server localhost (auth), and the attribute used in one of the realms pointing to the pool that references that home server (pool, instead of auth_pool). Changing the type of the localhost home_server allowed FR to complete loading. If you have a simple config that can reproduce it, I'd like to fix the problem. It's likely just adding a printed error message in the home server code. But knowing exactly where to add it would be useful. I've sent a pull request. It's easy to trigger - take a standard 2.x config and apply the following patch to the config: diff --git a/raddb/proxy.conf b/raddb/proxy.conf index 413fc14..6ceb5cb 100644 --- a/raddb/proxy.conf +++ b/raddb/proxy.conf @@ -613,6 +613,7 @@ realm example.com { # and acct_pool. auth_pool = my_auth_failover + acct_pool = my_auth_failover # acct_pool = acct # There are a distinct lack of errors printed out in realms.c when it returns. I'm guessing there may be better error messages or locations to print them, but the pull request will give the right starting pointers :-) Matthew -- Matthew Newton, Ph.D. m...@le.ac.uk Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, ith...@le.ac.uk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Loading fails without reporting an error
On Fri, Jul 12, 2013 at 11:24:54AM +0100, Matthew Newton wrote: On Fri, Jul 12, 2013 at 11:19:00AM +0200, Alan DeKok wrote: Lovaas,Steven wrote: I had a mismatch between the type of the home_server localhost (auth), and the attribute used in one of the realms pointing to the pool that references that home server (pool, instead of auth_pool). Changing the type of the localhost home_server allowed FR to complete loading. It's likely just adding a printed error message in the home server code. But knowing exactly where to add it would be useful. It's easy to trigger - take a standard 2.x config and apply the following patch to the config: To add to that, the same config error on v3 does give an error message, but although it's technically true (a home server being defined by its name *and* type), it's not entirely helpful- raddb/proxy.conf[593]: Unknown home_server localhost. Don't know if there are any ways to improve that message - I guess there are a number of reasons that the home_server might not be found. The line number should point to the problem section, though. Matthew -- Matthew Newton, Ph.D. m...@le.ac.uk Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, ith...@le.ac.uk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Loading fails without reporting an error
Certainly! Here's the complete proxy.conf, configured with the mismatch (line 6: type = auth, and line 60: pool = csu-auth) such that FR exits before completely loading in debug mode. Changing either of these to match (or just omitting that pool definition and letting that realm be local) allows FR to load completely. Thanks for all you do to keep FreeRADIUS working, Steve proxy server { default_fallback = no } home_server localhost { type = auth ipaddr = 127.0.0.1 port = 1812 secret = thisisnotmyrealsecret require_message_authenticator = yes response_window = 20 zombie_period = 40 revive_interval = 120 status_check = status-server check_interval = 30 num_answers_to_alive = 3 max_outstanding = 65536 } home_server tlrs1-eduroam-us { type= auth+acct ipaddr = 64.57.22.74 port= 1812 secret = thisisnotmyrealsecreteither require_message_authenticator = yes response_window = 20 zombie_period = 40 check_interval = 30 num_answers_to_alive= 3 } home_server tlrs2-eduroam-us { type= auth+acct ipaddr = 64.57.22.78 port= 1812 secret = noristhisonemyrealsecret require_message_authenticator = yes response_window = 20 zombie_period = 40 check_interval = 30 num_answers_to_alive= 3 } home_server_pool csu-auth { type= fail-over home_server = localhost } home_server_pool EDUROAM { type= fail-over home_server = tlrs1-eduroam-us home_server = tlrs2-eduroam-us } realm NULL { } realm ~(.*\\.)*(colostate|COLOSTATE)\\.(edu|EDU)$ { pool = csu-auth } realm ~.+$ { pool= EDUROAM nostrip } realm LOCAL { } realm DEFAULT { } EOF -Original Message- From: freeradius-users-bounces+steven.lovaas=colostate@lists.freeradius.org [mailto:freeradius-users-bounces+steven.lovaas=colostate@lists.freeradius.org] On Behalf Of Alan DeKok Sent: Friday, July 12, 2013 3:19 AM To: FreeRadius users mailing list Subject: Re: Loading fails without reporting an error Lovaas,Steven wrote: Thanks, Adam... this got me looking at the right thing. I had a mismatch between the type of the home_server localhost (auth), and the attribute used in one of the realms pointing to the pool that references that home server (pool, instead of auth_pool). Changing the type of the localhost home_server allowed FR to complete loading. If you have a simple config that can reproduce it, I'd like to fix the problem. It's likely just adding a printed error message in the home server code. But knowing exactly where to add it would be useful. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Loading fails without reporting an error
Lovaas,Steven wrote: Hello again, I've successfully gotten to the point where local authentication is working well for all modes, using multiple SSIDs through two virtual servers, so I felt confident jumping into the less familiar world of proxying. Not that the concept is hard to understand, it's just always seemed like there were many moving parts (realms and such). With the simpler realm configuration (all in proxy.conf) offered by 2.x, it seems logically laid out and should just work. But now when I load freerad in debug mode, it simply stops loading with no error, after one of my two home_server_pool stanzas. At that point, it has successfully loaded the basic proxy server, all three home_server stanzas, and the first home_server_pool. It just seems to stall. Hmm... it looks like there's a problem with the file. It doesn't stop, it *exits*. See doc/bugs. That should help finding out where it's exiting. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Loading fails without reporting an error
On 11 Jul 2013, at 08:40, Alan DeKok al...@deployingradius.com wrote: Lovaas,Steven wrote: Hmm... it looks like there's a problem with the file. It doesn't stop, it *exits*. See doc/bugs. That should help finding out where it's exiting. I think I saw this issue a week or so ago - I've not been able to reproduce this on an out-of-the-box configuration; just dropping the home_server and home_server_pool stanzas into proxy.conf on a new installation doesn't cause the issue. It seems to occur when you have a home server configured with type = auth. Simply changing the home_server type to auth+acct makes the config parser happy again. Debug log follows; I'm building debug symbols at the moment to see if I can get GDB to give anything more useful. Adam Bishop gpg: 0x6609D460 Janet, the UK's research and education network. [root@orps2 raddb]# radiusd -X FreeRADIUS Version 2.1.12, for host x86_64-redhat-linux-gnu, built on May 22 2013 at 10:50:32 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/raddb/radiusd.conf including configuration file /etc/raddb/proxy.conf including configuration file /etc/raddb/nrps/nrps.conf including configuration file /etc/raddb/nrps/nrps-client.conf including configuration file /etc/raddb/nrps/nrps-server.conf including configuration file /etc/raddb/clients.conf including files in directory /etc/raddb/modules-enabled/ including configuration file /etc/raddb/modules-enabled/expiration including configuration file /etc/raddb/modules-enabled/sql_log including configuration file /etc/raddb/modules-enabled/expr including configuration file /etc/raddb/modules-enabled/always including configuration file /etc/raddb/modules-enabled/mschap including configuration file /etc/raddb/modules-enabled/attr_filter including configuration file /etc/raddb/modules-enabled/exec including configuration file /etc/raddb/modules-enabled/ntlm_auth including configuration file /etc/raddb/modules-enabled/files including configuration file /etc/raddb/eap.conf including configuration file /etc/raddb/policy.conf including files in directory /etc/raddb/sites-enabled/ including configuration file /etc/raddb/sites-enabled/status including configuration file /etc/raddb/sites-enabled/moonshot including configuration file /etc/raddb/preproxy.conf including configuration file /etc/raddb/sites-enabled/transport including configuration file /etc/raddb/preproxy.conf including configuration file /etc/raddb/sites-enabled/power including configuration file /etc/raddb/sites-enabled/eduroam including configuration file /etc/raddb/sites-enabled/ems including configuration file /etc/raddb/preproxy.conf including configuration file /etc/raddb/sites-enabled/inner-tunnel including configuration file /etc/raddb/sites-enabled/control-socket including configuration file /etc/raddb/sites-enabled/infrastructure including configuration file /etc/raddb/sites-enabled/default including configuration file /etc/raddb/preproxy.conf main { user = radiusd group = radiusd allow_core_dumps = no } including dictionary file /etc/raddb/dictionary main { name = radiusd prefix = /usr localstatedir = /var sbindir = /usr/sbin logdir = /var/log/radius run_dir = /var/run/radiusd libdir = /usr/lib64/freeradius radacctdir = /var/log/radius/radacct hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 4096 pidfile = /var/run/radiusd/radiusd.pid checkrad = /usr/sbin/checkrad debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: Loading Realms and Home Servers proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server ms-perf0 { ipv6addr = 2001:630:50:d009:250:56ff:fe88:c376 IPv6 address [2001:630:50:d009:250:56ff:fe88:c376] port = 1812 type = auth+acct secret = response_window = 30 max_outstanding = 65536 require_message_authenticator = yes zombie_period = 40 status_check = status-server ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 300 status_check_timeout = 4 } home_server ms-perf1 { ipaddr = 193.63.63.244
RE: Loading fails without reporting an error
Thanks, Adam... this got me looking at the right thing. I had a mismatch between the type of the home_server localhost (auth), and the attribute used in one of the realms pointing to the pool that references that home server (pool, instead of auth_pool). Changing the type of the localhost home_server allowed FR to complete loading. Steve -Original Message- From: freeradius-users-bounces+steven.lovaas=colostate@lists.freeradius.org [mailto:freeradius-users-bounces+steven.lovaas=colostate@lists.freeradius.org] On Behalf Of Adam Bishop Sent: Thursday, July 11, 2013 4:29 AM To: FreeRadius users mailing list Subject: Re: Loading fails without reporting an error On 11 Jul 2013, at 08:40, Alan DeKok al...@deployingradius.com wrote: Lovaas,Steven wrote: Hmm... it looks like there's a problem with the file. It doesn't stop, it *exits*. See doc/bugs. That should help finding out where it's exiting. I think I saw this issue a week or so ago - I've not been able to reproduce this on an out-of-the-box configuration; just dropping the home_server and home_server_pool stanzas into proxy.conf on a new installation doesn't cause the issue. It seems to occur when you have a home server configured with type = auth. Simply changing the home_server type to auth+acct makes the config parser happy again. Debug log follows; I'm building debug symbols at the moment to see if I can get GDB to give anything more useful. Adam Bishop gpg: 0x6609D460 Janet, the UK's research and education network. [root@orps2 raddb]# radiusd -X FreeRADIUS Version 2.1.12, for host x86_64-redhat-linux-gnu, built on May 22 2013 at 10:50:32 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/raddb/radiusd.conf including configuration file /etc/raddb/proxy.conf including configuration file /etc/raddb/nrps/nrps.conf including configuration file /etc/raddb/nrps/nrps-client.conf including configuration file /etc/raddb/nrps/nrps-server.conf including configuration file /etc/raddb/clients.conf including files in directory /etc/raddb/modules-enabled/ including configuration file /etc/raddb/modules-enabled/expiration including configuration file /etc/raddb/modules-enabled/sql_log including configuration file /etc/raddb/modules-enabled/expr including configuration file /etc/raddb/modules-enabled/always including configuration file /etc/raddb/modules-enabled/mschap including configuration file /etc/raddb/modules-enabled/attr_filter including configuration file /etc/raddb/modules-enabled/exec including configuration file /etc/raddb/modules-enabled/ntlm_auth including configuration file /etc/raddb/modules-enabled/files including configuration file /etc/raddb/eap.conf including configuration file /etc/raddb/policy.conf including files in directory /etc/raddb/sites-enabled/ including configuration file /etc/raddb/sites-enabled/status including configuration file /etc/raddb/sites-enabled/moonshot including configuration file /etc/raddb/preproxy.conf including configuration file /etc/raddb/sites-enabled/transport including configuration file /etc/raddb/preproxy.conf including configuration file /etc/raddb/sites-enabled/power including configuration file /etc/raddb/sites-enabled/eduroam including configuration file /etc/raddb/sites-enabled/ems including configuration file /etc/raddb/preproxy.conf including configuration file /etc/raddb/sites-enabled/inner-tunnel including configuration file /etc/raddb/sites-enabled/control-socket including configuration file /etc/raddb/sites-enabled/infrastructure including configuration file /etc/raddb/sites-enabled/default including configuration file /etc/raddb/preproxy.conf main { user = radiusd group = radiusd allow_core_dumps = no } including dictionary file /etc/raddb/dictionary main { name = radiusd prefix = /usr localstatedir = /var sbindir = /usr/sbin logdir = /var/log/radius run_dir = /var/run/radiusd libdir = /usr/lib64/freeradius radacctdir = /var/log/radius/radacct hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 4096 pidfile = /var/run/radiusd/radiusd.pid checkrad = /usr/sbin/checkrad debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: Loading Realms and Home Servers proxy server { retry_delay = 5
Loading fails without reporting an error
Hello again, I've successfully gotten to the point where local authentication is working well for all modes, using multiple SSIDs through two virtual servers, so I felt confident jumping into the less familiar world of proxying. Not that the concept is hard to understand, it's just always seemed like there were many moving parts (realms and such). With the simpler realm configuration (all in proxy.conf) offered by 2.x, it seems logically laid out and should just work. But now when I load freerad in debug mode, it simply stops loading with no error, after one of my two home_server_pool stanzas. At that point, it has successfully loaded the basic proxy server, all three home_server stanzas, and the first home_server_pool. It just seems to stall. Should I be looking for an error in the last stanza that successfully displayed, or the first one that fails to load? Or would this happen with a missing dependency? Thanks, Steve Entire debug here: root@freerad13:/etc/freeradius# /usr/sbin/freeradius -X FreeRADIUS Version 2.2.0, for host x86_64-pc-linux-gnu, built on Sep 21 2012 at 05:38:16 Copyright (C) 1999-2012 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/proxy.conf including configuration file /etc/freeradius/clients.conf including files in directory /etc/freeradius/mods-enabled/ including configuration file /etc/freeradius/mods-enabled/echo including configuration file /etc/freeradius/mods-enabled/perl including configuration file /etc/freeradius/mods-enabled/chap including configuration file /etc/freeradius/mods-enabled/smbpasswd including configuration file /etc/freeradius/mods-enabled/soh including configuration file /etc/freeradius/mods-enabled/passwd including configuration file /etc/freeradius/mods-enabled/smsotp including configuration file /etc/freeradius/mods-enabled/krb5 including configuration file /etc/freeradius/mods-enabled/always including configuration file /etc/freeradius/mods-enabled/ntlm_auth including configuration file /etc/freeradius/mods-enabled/ldap including configuration file /etc/freeradius/mods-enabled/dynamic_clients including configuration file /etc/freeradius/mods-enabled/detail.log including configuration file /etc/freeradius/mods-enabled/rediswho including configuration file /etc/freeradius/mods-enabled/checkval including configuration file /etc/freeradius/mods-enabled/mschap including configuration file /etc/freeradius/mods-enabled/otp including configuration file /etc/freeradius/mods-enabled/realm including configuration file /etc/freeradius/mods-enabled/cui including configuration file /etc/freeradius/mods-enabled/unix including configuration file /etc/freeradius/mods-enabled/linelog including configuration file /etc/freeradius/mods-enabled/exec including configuration file /etc/freeradius/mods-enabled/detail.example.com including configuration file /etc/freeradius/mods-enabled/digest including configuration file /etc/freeradius/mods-enabled/etc_group including configuration file /etc/freeradius/mods-enabled/redis including configuration file /etc/freeradius/mods-enabled/policy including configuration file /etc/freeradius/mods-enabled/acct_unique including configuration file /etc/freeradius/mods-enabled/pap including configuration file /etc/freeradius/mods-enabled/opendirectory including configuration file /etc/freeradius/mods-enabled/dhcp_sqlippool including configuration file /etc/freeradius/mods-enabled/sql_log including configuration file /etc/freeradius/mods-enabled/mac2ip including configuration file /etc/freeradius/mods-enabled/pam including configuration file /etc/freeradius/mods-enabled/preprocess including configuration file /etc/freeradius/mods-enabled/sqlcounter_expire_on_login including configuration file /etc/freeradius/mods-enabled/files including configuration file /etc/freeradius/mods-enabled/radutmp including configuration file /etc/freeradius/mods-enabled/inner-eap including configuration file /etc/freeradius/mods-enabled/expiration including configuration file /etc/freeradius/mods-enabled/counter including configuration file /etc/freeradius/mods-enabled/sradutmp including configuration file /etc/freeradius/mods-enabled/detail including configuration file /etc/freeradius/mods-enabled/radrelay including configuration file /etc/freeradius/mods-enabled/attr_filter including configuration file /etc/freeradius/mods-enabled/logintime including configuration file /etc/freeradius/mods-enabled/cache including configuration file /etc/freeradius/mods-enabled/expr including configuration file /etc/freeradius/mods-enabled/attr_rewrite including configuration file /etc/freeradius/mods-enabled/mac2vlan including configuration
Freeradius dpkg-buildpackage: error: unknown type name 'lt_dladvise'
Can someone please help give solution to the problem arising from building Freeradius with dpkg-buildpackage -b -uc. The builder returned the error below modules.c: In function 'fr_dlopenext': modules.c:216:2: error: unknown type name 'lt_dladvise' modules.c:218:2: warning: implicit declaration of function 'lt_dladvise_init' [-Wimplicit-function-declaration] modules.c:218:2: warning: nested extern declaration of 'lt_dladvise_init' [-Wnested-externs] modules.c:219:6: warning: implicit declaration of function 'lt_dladvise_ext' [-Wimplicit-function-declaration] modules.c:219:6: warning: nested extern declaration of 'lt_dladvise_ext' [-Wnested-externs] modules.c:220:6: warning: implicit declaration of function 'lt_dladvise_global' [-Wimplicit-function-declaration] modules.c:220:6: warning: nested extern declaration of 'lt_dladvise_global' [-Wnested-externs] modules.c:221:3: warning: implicit declaration of function 'lt_dlopenadvise' [-Wimplicit-function-declaration] modules.c:221:3: warning: nested extern declaration of 'lt_dlopenadvise' [-Wnested-externs] modules.c:221:10: warning: assignment makes pointer from integer without a cast [enabled by default] modules.c:224:2: warning: implicit declaration of function 'lt_dladvise_destroy' [-Wimplicit-function-declaration] modules.c:224:2: warning: nested extern declaration of 'lt_dladvise_destroy' [-Wnested-externs] modules.c: In function 'setup_modules': modules.c:1412:3: warning: nested extern declaration of 'lt_preloaded_symbols' [-Wnested-externs] make[5]: *** [modules.lo] Error 1 make[5]: Leaving directory `/home/clement/freeradius-server-2.2.0/src/main' make[4]: *** [main] Error 2 make[4]: Leaving directory `/home/clement/freeradius-server-2.2.0/src' make[3]: *** [all] Error 2 make[3]: Leaving directory `/home/clement/freeradius-server-2.2.0/src' make[2]: *** [src] Error 2 make[2]: Leaving directory `/home/clement/freeradius-server-2.2.0' make[1]: *** [all] Error 2 make[1]: Leaving directory `/home/clement/freeradius-server-2.2.0' make: *** [build-arch-stamp] Error 2 dpkg-buildpackage: error: debian/rules build gave error exit status 2 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius dpkg-buildpackage: error: unknown type name 'lt_dladvise'
Can someone please help give solution to the problem arising from building Freeradius with dpkg-buildpackage -b -uc. The builder returned the error below modules.c: In function 'fr_dlopenext': modules.c:216:2: error: unknown type name 'lt_dladvise' modules.c:218:2: warning: implicit declaration of function 'lt_dladvise_init' [-Wimplicit-function-declaration] modules.c:218:2: warning: nested extern declaration of 'lt_dladvise_init' [-Wnested-externs] modules.c:219:6: warning: implicit declaration of function 'lt_dladvise_ext' [-Wimplicit-function-declaration] modules.c:219:6: warning: nested extern declaration of 'lt_dladvise_ext' [-Wnested-externs] modules.c:220:6: warning: implicit declaration of function 'lt_dladvise_global' [-Wimplicit-function-declaration] modules.c:220:6: warning: nested extern declaration of 'lt_dladvise_global' [-Wnested-externs] modules.c:221:3: warning: implicit declaration of function 'lt_dlopenadvise' [-Wimplicit-function-declaration] modules.c:221:3: warning: nested extern declaration of 'lt_dlopenadvise' [-Wnested-externs] modules.c:221:10: warning: assignment makes pointer from integer without a cast [enabled by default] modules.c:224:2: warning: implicit declaration of function 'lt_dladvise_destroy' [-Wimplicit-function-declaration] modules.c:224:2: warning: nested extern declaration of 'lt_dladvise_destroy' [-Wnested-externs] modules.c: In function 'setup_modules': modules.c:1412:3: warning: nested extern declaration of 'lt_preloaded_symbols' [-Wnested-externs] make[5]: *** [modules.lo] Error 1 make[5]: Leaving directory `/home/clement/freeradius-server-2.2.0/src/main' make[4]: *** [main] Error 2 make[4]: Leaving directory `/home/clement/freeradius-server-2.2.0/src' make[3]: *** [all] Error 2 make[3]: Leaving directory `/home/clement/freeradius-server-2.2.0/src' make[2]: *** [src] Error 2 make[2]: Leaving directory `/home/clement/freeradius-server-2.2.0' make[1]: *** [all] Error 2 make[1]: Leaving directory `/home/clement/freeradius-server-2.2.0' make: *** [build-arch-stamp] Error 2 dpkg-buildpackage: error: debian/rules build gave error exit status 2 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius dpkg-buildpackage: error: unknown type name 'lt_dladvise'
Clement Ogedengbe wrote: Can someone please help give solution to the problem arising from building Freeradius with dpkg-buildpackage -b -uc. The builder returned the error below modules.c: In function 'fr_dlopenext': modules.c:216:2: error: unknown type name 'lt_dladvise' You don't have libltdl-dev installed, and you told it to build without using the libltdl included in the server source. Fix one or the other. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP error with Freeradius 3.0
Hello, I have a problem with mschap authentication and the external program ntlm_auth. With Freeradius 2.2 I haven't any problem but after upgrade to Freeradius 3, the output of this program was wrong and EAP failed. The output is very strange : Any ideas ?inline: 0E165810.gif- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP error with Freeradius 3.0
nicolas@ricoh-industrie.fr wrote: Hello, I have a problem with mschap authentication and the external program ntlm_auth. With Freeradius 2.2 I haven't any problem but after upgrade to Freeradius 3, the output of this program was wrong and EAP failed. The output is very strange : Please post text. There is *no* reason to post images. Any ideas ? It means that the system was unable to run ntlm_auth for some reason. Why, I don't know. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
SSL error
I just compiled the master git branch and am getting this error: rlm_eap_tls: Failed initializing SSL context rlm_eap (EAP): Failed to initialise rlm_eap_tls /usr/local/etc/raddb/mods-enabled/eap[17]: Instantiation failed for module eap Do you have to manually generate certs for this branch? David - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SSL error
Compiled without required ssl environment being present? The debug output will have printed or more information regarding the error alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP error
I am getting this error: TLS Alert read:fatal:unknown CA TLS_accept: failed in SSLv3 read client certificate A SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca SSL: SSL_read failed inside of TLS (-1), TLS session fails. TLS receive handshake failed during operation How do I add the unknown CA to the configuration? David - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP error
Looks like a client with incorrect settings. Why would you want to add that ca to your server? Your radius server isn't signed by it. alan This smartphone uses eduroam for free WiFi access around the world. Now that's what I call smart. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Error: rlm_sql_unixodbc: SQL down 08S01 [unixODBC][FreeTDS][SQL Server]Unable to connect: Adaptive Server is unavailable or does not exist
I am having trouble starting freeradius at boot on CentOS 6.4. It starts, but it does not connect to my database; however, if run it manually from the command the it works fine. I think there is permission issue somewhere. See the log below: when I run following command as root it works # radiusd Sat May 25 10:26:20 2013 : Info: rlm_sql (sql): Driver rlm_sql_unixodbc (module rlm_sql_unixodbc) loaded and linked Sat May 25 10:26:20 2013 : Info: rlm_sql (sql): Attempting to connect to radius@EBHorizon:5000/Horizon Sat May 25 10:26:20 2013 : Info: rlm_sql (sql): Attempting to connect rlm_sql_unixodbc #0 Sat May 25 10:26:20 2013 : Info: rlm_sql (sql): Connected new DB handle, #0 Sat May 25 10:26:20 2013 : Info: rlm_sql (sql): Attempting to connect rlm_sql_unixodbc #1 Sat May 25 10:26:20 2013 : Info: rlm_sql (sql): Connected new DB handle, #1 Sat May 25 10:26:20 2013 : Info: rlm_sql (sql): Attempting to connect rlm_sql_unixodbc #2 Sat May 25 10:26:21 2013 : Info: rlm_sql (sql): Connected new DB handle, #2 Sat May 25 10:26:21 2013 : Info: rlm_sql (sql): Attempting to connect rlm_sql_unixodbc #3 Sat May 25 10:26:21 2013 : Info: rlm_sql (sql): Connected new DB handle, #3 Sat May 25 10:26:21 2013 : Info: rlm_sql (sql): Attempting to connect rlm_sql_unixodbc #4 Sat May 25 10:26:21 2013 : Info: rlm_sql (sql): Connected new DB handle, #4 Sat May 25 10:26:21 2013 : Info: Loaded virtual server default Sat May 25 10:26:21 2013 : Info: Loaded virtual server inner-tunnel Sat May 25 10:26:21 2013 : Info: ... adding new socket proxy address * port 35688 Sat May 25 10:26:21 2013 : Info: Ready to process requests. When I run the command below it does not connect. #service radiusd start Sat May 25 10:29:05 2013 : Info: rlm_sql (sql): Driver rlm_sql_unixodbc (module rlm_sql_unixodbc) loaded and linked Sat May 25 10:29:05 2013 : Info: rlm_sql (sql): Attempting to connect to radius@EBHorizon:5000/Horizon Sat May 25 10:29:05 2013 : Info: rlm_sql (sql): Attempting to connect rlm_sql_unixodbc #0 Sat May 25 10:29:05 2013 : Error: rlm_sql_unixodbc: SQL down 08S01 [unixODBC][FreeTDS][SQL Server]Unable to connect: Adaptive Server is unavailable or does not exist Sat May 25 10:29:05 2013 : Error: rlm_sql_unixodbc: Connection failed Sat May 25 10:29:05 2013 : Error: rlm_sql (sql): Failed to connect DB handle #0 Sat May 25 10:29:05 2013 : Info: Loaded virtual server default Sat May 25 10:29:05 2013 : Info: Loaded virtual server inner-tunnel Sat May 25 10:29:05 2013 : Info: ... adding new socket proxy address * port 59524 Sat May 25 10:29:05 2013 : Info: Ready to process requests. Any help would be greatly appreciated. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error: rlm_sql_unixodbc: SQL down 08S01 [unixODBC][FreeTDS][SQL Server]Unable to connect: Adaptive Server is unavailable or does not exist
Bill Grant wrote: I am having trouble starting freeradius at boot on CentOS 6.4. It starts, but it does not connect to my database; however, if run it manually from the command the it works fine. I think there is permission issue somewhere. See the log below: when I run following command as root it works It's probably some SELinux rule. The normal Linux APIs allow *any* process to make outbound connections. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Error: rlm_sql_unixodbc: SQL down 08S01 [unixODBC][FreeTDS][SQL Server]Unable to connect: Adaptive Server is unavailable or does not exist
You are right I temporarily disabled SE Linux with echo 0 /selinux/enforce and it worked. Now I just need to figure out exactly what it is blocking. Thanks for the help! From: Alan DeKok [al...@deployingradius.com] Sent: Saturday, May 25, 2013 7:44 PM To: FreeRadius users mailing list Subject: Re: Error: rlm_sql_unixodbc: SQL down 08S01 [unixODBC][FreeTDS][SQL Server]Unable to connect: Adaptive Server is unavailable or doesnot exist Bill Grant wrote: I am having trouble starting freeradius at boot on CentOS 6.4. It starts, but it does not connect to my database; however, if run it manually from the command the it works fine. I think there is permission issue somewhere. See the log below: when I run following command as root it works It's probably some SELinux rule. The normal Linux APIs allow *any* process to make outbound connections. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Error: rlm_sql_unixodbc: SQL down 08S01 [unixODBC][FreeTDS][SQL Server]Unable to connect: Adaptive Server is unavailable or does not exist
I was able to fix it by doing the following. I installed setroubleshoot yum install setroubleshoot Then I ran the following command sealert -a /var/log/audit/audit.log /path/to/mylogfile.txt mylogfile.txt showed: found 3 alerts in /var/log/audit/audit.log SELinux is preventing /usr/sbin/radiusd from create access on the semaphore . * Plugin catchall (100. confidence) suggests *** If you believe that radiusd should be allowed create access on the sem by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep radiusd /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp SELinux is preventing /usr/sbin/radiusd from search access on the directory /home. * Plugin catchall (100. confidence) suggests *** If you believe that radiusd should be allowed search access on the home directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep radiusd /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp SELinux is preventing /usr/sbin/radiusd from name_connect access on the tcp_socket . * Plugin catchall (100. confidence) suggests *** If you believe that radiusd should be allowed name_connect access on the tcp_socket by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep radiusd /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp I ran the commands listed above: grep radiusd /var/log/audit/audit.log | audit2allow -M mypol semodule -i mypol.pp That fixed the problem, thanks again. From: Bill Grant [wgr...@ebpl.org] Sent: Saturday, May 25, 2013 8:29 PM To: FreeRadius users mailing list Subject: RE: Error: rlm_sql_unixodbc: SQL down 08S01 [unixODBC][FreeTDS][SQL Server]Unable to connect: Adaptive Server is unavailable or doesnot exist You are right I temporarily disabled SE Linux with echo 0 /selinux/enforce and it worked. Now I just need to figure out exactly what it is blocking. Thanks for the help! From: Alan DeKok [al...@deployingradius.com] Sent: Saturday, May 25, 2013 7:44 PM To: FreeRadius users mailing list Subject: Re: Error: rlm_sql_unixodbc: SQL down 08S01 [unixODBC][FreeTDS][SQL Server]Unable to connect: Adaptive Server is unavailable or doesnot exist Bill Grant wrote: I am having trouble starting freeradius at boot on CentOS 6.4. It starts, but it does not connect to my database; however, if run it manually from the command the it works fine. I think there is permission issue somewhere. See the log below: when I run following command as root it works It's probably some SELinux rule. The normal Linux APIs allow *any* process to make outbound connections. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: segfault error
Hi, FYI, I just had the same issue and went into the code that leads to this. The issue is that with *salted* passwords, FreeeRADIUS sometimes decides to base64-decode *twice*. The first round does the right thing; the second one *may* produce garbage (attempting to decode an already-decoded string). It only does so if the decoded value from first round looks like it could be a base64-encoded string (e.g. contains an = sign very early) AND if your salts are long enough to trick FreeRADIUS into thinking that there's something to decode still. Hoping to get this fixed for 2.2.1. Stefan On 02.05.2013 19:33, Chris Taylor wrote: I forgot to include my OS and kernel type. Linux on-radius01.eastlink.ca 2.6.18-308.16.1.el5 CentOS release 5.9 (Final) -Original Message- From: Chris Taylor Sent: Thursday, May 02, 2013 1:31 PM To: 'FreeRadius users mailing list' Subject: RE: segfault error I think I have what you are looking for now. I have copied the whole dump from when I start using gdb. Chris [root@on-radius01 raddb]# gdb /usr/sbin/radiusd /tmp/core-radiusd-11-95-95-11609-1367435209 GNU gdb (GDB) CentOS (7.0.1-45.el5.centos) Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type show copying and show warranty for details. This GDB was configured as x86_64-redhat-linux-gnu. For bug reporting instructions, please see: http://www.gnu.org/software/gdb/bugs/... Reading symbols from /usr/sbin/radiusd...done. [New Thread 11611] [New Thread 11614] [New Thread 11613] [New Thread 11612] [New Thread 11610] [New Thread 11609] Reading symbols from /usr/local/lib/libfreeradius-radius-2.2.0.so...done. Loaded symbols for /usr/local/lib/libfreeradius-radius-2.2.0.so Reading symbols from /lib64/libnsl.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libnsl.so.1 Reading symbols from /lib64/libresolv.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libresolv.so.2 Reading symbols from /lib64/libpthread.so.0...(no debugging symbols found)...done. [Thread debugging using libthread_db enabled] Loaded symbols for /lib64/libpthread.so.0 Reading symbols from /lib64/libcrypt.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libcrypt.so.1 Reading symbols from /usr/local/lib/libltdl.so.3...done. Loaded symbols for /usr/local/lib/libltdl.so.3 Reading symbols from /lib64/libssl.so.6...(no debugging symbols found)...done. Loaded symbols for /lib64/libssl.so.6 Reading symbols from /lib64/libcrypto.so.6...(no debugging symbols found)...done. Loaded symbols for /lib64/libcrypto.so.6 Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libdl.so.2 Reading symbols from /lib64/libc.so.6...(no debugging symbols found)...done. Loaded symbols for /lib64/libc.so.6 Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/ld-linux-x86-64.so.2 Reading symbols from /usr/lib64/libgssapi_krb5.so.2...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libgssapi_krb5.so.2 Reading symbols from /usr/lib64/libkrb5.so.3...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libkrb5.so.3 Reading symbols from /lib64/libcom_err.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libcom_err.so.2 Reading symbols from /usr/lib64/libk5crypto.so.3...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libk5crypto.so.3 Reading symbols from /lib64/libz.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libz.so.1 Reading symbols from /usr/lib64/libkrb5support.so.0...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libkrb5support.so.0 Reading symbols from /lib64/libkeyutils.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libkeyutils.so.1 Reading symbols from /lib64/libselinux.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libselinux.so.1 Reading symbols from /lib64/libsepol.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libsepol.so.1 Reading symbols from /lib64/libnss_files.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libnss_files.so.2 Reading symbols from /lib64/libnss_ldap.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libnss_ldap.so.2 Reading symbols from /usr/local/lib/rlm_exec-2.2.0.so...done. Loaded symbols for /usr/local/lib/rlm_exec-2.2.0.so Reading symbols from /usr/local/lib/rlm_expr-2.2.0.so...done. Loaded symbols for /usr/local/lib/rlm_expr-2.2.0.so Reading symbols from /usr/local/lib/rlm_expiration-2.2.0.so...done. Loaded symbols for /usr/local/lib
some error in log file
Hi All i have some error in log file and i do not know what is the cause of this error ? Error: WARNING: Unresponsive child for request 10785, in component authorize module WARNING: Module rlm_sql became unblocked for request 10526 Error: WARNING: Unresponsive child for request 10583, in component authorize module Error: WARNING: Unresponsive child for request 10561, in component authorize module sql WARNING: Unresponsive child for request 7478, in component authorize module thread best regards - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: some error in log file
WARNING: Module rlm_sql became unblocked for request 10526 Error: WARNING: Unresponsive child for request 10561, in component authorize module sql What oh what could the SQL client be waiting for... I think it's waiting for cake. Have you tried inserting a Gateaux into the cooling ducts of your RADIUS server? Arran Cudbard-Bell a.cudba...@freeradius.org FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: segfault error
)...done. Loaded symbols for /lib64/libsepol.so.1 Reading symbols from /lib64/libnss_files.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libnss_files.so.2 Reading symbols from /lib64/libnss_ldap.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libnss_ldap.so.2 Reading symbols from /usr/local/lib/rlm_exec.so...done. Loaded symbols for /usr/local/lib/rlm_exec.so Reading symbols from /usr/local/lib/rlm_expr.so...done. Loaded symbols for /usr/local/lib/rlm_expr.so Reading symbols from /usr/local/lib/rlm_expiration.so...done. Loaded symbols for /usr/local/lib/rlm_expiration.so Reading symbols from /usr/local/lib/rlm_logintime.so...done. Loaded symbols for /usr/local/lib/rlm_logintime.so Reading symbols from /usr/local/lib/rlm_pap.so...done. Loaded symbols for /usr/local/lib/rlm_pap.so Reading symbols from /usr/local/lib/rlm_chap.so...done. Loaded symbols for /usr/local/lib/rlm_chap.so Reading symbols from /usr/local/lib/rlm_preprocess.so...done. Loaded symbols for /usr/local/lib/rlm_preprocess.so Reading symbols from /usr/local/lib/rlm_digest.so...done. Loaded symbols for /usr/local/lib/rlm_digest.so Reading symbols from /usr/local/lib/rlm_realm.so...done. Loaded symbols for /usr/local/lib/rlm_realm.so Reading symbols from /usr/local/lib/rlm_acct_unique.so...done. Loaded symbols for /usr/local/lib/rlm_acct_unique.so Reading symbols from /usr/local/lib/rlm_files.so...done. Loaded symbols for /usr/local/lib/rlm_files.so Reading symbols from /usr/local/lib/rlm_detail.so...done. Loaded symbols for /usr/local/lib/rlm_detail.so Reading symbols from /usr/local/lib/rlm_unix.so...done. Loaded symbols for /usr/local/lib/rlm_unix.so Reading symbols from /usr/local/lib/rlm_radutmp.so...done. Loaded symbols for /usr/local/lib/rlm_radutmp.so Reading symbols from /usr/local/lib/rlm_attr_filter.so...done. Loaded symbols for /usr/local/lib/rlm_attr_filter.so Reading symbols from /usr/local/lib/rlm_ldap.so...done. Loaded symbols for /usr/local/lib/rlm_ldap.so Reading symbols from /usr/lib64/libldap_r-2.3.so.0...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libldap_r-2.3.so.0 Reading symbols from /usr/lib64/liblber-2.3.so.0...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/liblber-2.3.so.0 Reading symbols from /usr/lib64/libsasl2.so.2...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libsasl2.so.2 Reading symbols from /usr/local/lib/rlm_sql.so...done. Loaded symbols for /usr/local/lib/rlm_sql.so Reading symbols from /usr/local/lib/rlm_sql_mysql.so...done. Loaded symbols for /usr/local/lib/rlm_sql_mysql.so Reading symbols from /usr/lib64/mysql/libmysqlclient_r.so.15...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/mysql/libmysqlclient_r.so.15 Reading symbols from /lib64/libm.so.6...(no debugging symbols found)...done. Loaded symbols for /lib64/libm.so.6 Reading symbols from /lib64/libgcc_s.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libgcc_s.so.1 Reading symbols from /lib64/libnss_dns.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libnss_dns.so.2 Reading symbols from /usr/local/lib/rlm_eap.so...done. Loaded symbols for /usr/local/lib/rlm_eap.so Reading symbols from /usr/local/lib/libfreeradius-eap-2.2.0.so...done. Loaded symbols for /usr/local/lib/libfreeradius-eap-2.2.0.so Reading symbols from /usr/local/lib/rlm_eap_md5.so...done. Loaded symbols for /usr/local/lib/rlm_eap_md5.so Reading symbols from /usr/local/lib/rlm_eap_leap.so...done. Loaded symbols for /usr/local/lib/rlm_eap_leap.so Reading symbols from /usr/local/lib/rlm_eap_gtc.so...done. Loaded symbols for /usr/local/lib/rlm_eap_gtc.so Reading symbols from /usr/local/lib/rlm_eap_tls.so...done. Loaded symbols for /usr/local/lib/rlm_eap_tls.so Reading symbols from /usr/local/lib/rlm_eap_ttls.so...done. Loaded symbols for /usr/local/lib/rlm_eap_ttls.so Reading symbols from /usr/local/lib/rlm_eap_peap.so...done. Loaded symbols for /usr/local/lib/rlm_eap_peap.so Reading symbols from /usr/local/lib/rlm_eap_mschapv2.so...done. Loaded symbols for /usr/local/lib/rlm_eap_mschapv2.so Reading symbols from /usr/local/lib/rlm_always.so...done. Loaded symbols for /usr/local/lib/rlm_always.so warning: no loadable sections found in added symbol-file system-supplied DSO at 0x7fff84bfd000 Core was generated by `/usr/sbin/radiusd -d /etc/raddb'. Program terminated with signal 11, Segmentation fault. #0 0x003c6c07b5bb in memcpy () from /lib64/libc.so.6 ### Thanks, Chris -Original Message- From: freeradius-users-bounces+chris.taylor=corp.eastlink...@lists.freeradius.org [mailto:freeradius-users-bounces+chris.taylor=corp.eastlink...@lists.freeradius.org] On Behalf Of a.l.m.bu...@lboro.ac.uk Sent: Wednesday, May 01, 2013 6:30 PM To: FreeRadius users mailing list Subject: Re: segfault error hi, ..thats
Re: segfault error
Chris Taylor wrote: Sorry miscommunication on my part. Below is an example of a request that causes the segfault. I was also able to get a core dump as well which I pasted at the bottom. Which is *not* what we asked for. Please follow the instructions in doc/bugs. It gives DETAILED instructions on what to post. You are NOT posting the information we need to be able to help you. You're just showing that you can run gdb. This isn't useful. You need to run the gdb commands in doc/bugs, which tell us WHERE the problem occurred. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: segfault error
\000\000\000\000\004\000\000\000\000\000\000\000`\001\000\000\000\000\000\000HJ5l\000\000\000`\331\307\004q+\000\000 'UsA\001\000\000\000\000\000\000\070\001\000\000\000\000\000\000\005, '\000' repeats 39 times, from cli\237Oh\000q+\000\00 0-bras1 port 0 vifrom client (\000\000\000-bras1 port 0... #3 0x0041c0e6 in call_modsingle (component=0, c=value optimized out, request=0x12756bb0) at modcall.c:304 No locals. #4 modcall (component=0, c=value optimized out, request=0x12756bb0) at modcall.c:686 myresult = 1 stack = {pointer = 1634165107, priority = {0, 0, 0, 0, 0, 0, 0, 1634165107, 829124461, 13106, 0 repeats 22 times}, result = {0, 0, 2, 0 repeats 16 times, 24, 48, 80209248, 11121, 80209056, 11121, 0, 0, 0, 0, 0, 0, 0}, children = { 0x12706950, 0x127069c0, 0x0 repeats 16 times, 0x2b7104c7e320, 0x0, 0x2b7104c7ea80, 0x2b7104c7e970, 0x2b7104c7e970, 0x4c7e480, 0x4, 0x110, 0x12774b50, 0x2b7104c7e320, 0x3c6c068b5a, 0xfbad8001, 0x2b7104c7e970, 0x2b7104c7e970}, start = {0x0, 0x127069c0, 0x1270c340, 0x2b7104c7ea80, 0x2b7104c7e970, 0x2b7104c7ea80, 0x0, 0x6, 0x8, 0x0 repeats 12 times, 0x, 0x0, 0x0, 0x12619fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}} parent = 0x12706950 child = 0x127069c0 if_taken = 0 was_if = 0 #5 0x00419415 in indexed_modcall (comp=0, idx=1024, request=0x12756bb0) at modules.c:740 rcode = value optimized out list = 0x12706950 server = 0x0 #6 0x00409147 in rad_check_password (request=0x12756bb0) at auth.c:382 No locals. #7 rad_authenticate (request=0x12756bb0) at auth.c:667 namepair = 0x12743dc0 check_item = value optimized out auth_item = 0x12743f00 ---Type return to continue, or q return to quit--- module_msg = value optimized out tmp = value optimized out result = value optimized out autz_retry = value optimized out autz_type = value optimized out #8 0x00427751 in radius_handle_request (request=0x12756bb0, fun=0x408910 rad_authenticate) at event.c:3784 No locals. #9 0x004278d4 in proxy_to_virtual_server (request=0x12755810) at event.c:1980 fake = 0x12756bb0 fun = 0x408910 rad_authenticate #10 0x0042763a in successfully_proxied_request (request=0x12755810) at event.c:2265 No locals. #11 request_post_handler (request=0x12755810) at event.c:2329 rcode = value optimized out child_state = value optimized out vp = value optimized out #12 0x0042778d in radius_handle_request (request=0x12755810, fun=0x408910 rad_authenticate) at event.c:3790 No locals. #13 0x00420320 in request_handler_thread (arg=value optimized out) at threads.c:537 fun = 0x408910 rad_authenticate self = 0x12740a90 #14 0x003c6d00683d in start_thread () from /lib64/libpthread.so.0 No symbol table info available. #15 0x003c6c0d500d in clone () from /lib64/libc.so.6 No symbol table info available. (gdb) Chris Taylor System Administrator Network Operations Eastlink chris.tay...@corp.eastlink.caT: 519.773.1287 -Original Message- From: freeradius-users-bounces+chris.taylor=corp.eastlink...@lists.freeradius.org [mailto:freeradius-users-bounces+chris.taylor=corp.eastlink...@lists.freeradius.org] On Behalf Of Alan DeKok Sent: Thursday, May 02, 2013 11:58 AM To: FreeRadius users mailing list Subject: Re: segfault error Chris Taylor wrote: Sorry miscommunication on my part. Below is an example of a request that causes the segfault. I was also able to get a core dump as well which I pasted at the bottom. Which is *not* what we asked for. Please follow the instructions in doc/bugs. It gives DETAILED instructions on what to post. You are NOT posting the information we need to be able to help you. You're just showing that you can run gdb. This isn't useful. You need to run the gdb commands in doc/bugs, which tell us WHERE the problem occurred. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: segfault error
I forgot to include my OS and kernel type. Linux on-radius01.eastlink.ca 2.6.18-308.16.1.el5 CentOS release 5.9 (Final) -Original Message- From: Chris Taylor Sent: Thursday, May 02, 2013 1:31 PM To: 'FreeRadius users mailing list' Subject: RE: segfault error I think I have what you are looking for now. I have copied the whole dump from when I start using gdb. Chris [root@on-radius01 raddb]# gdb /usr/sbin/radiusd /tmp/core-radiusd-11-95-95-11609-1367435209 GNU gdb (GDB) CentOS (7.0.1-45.el5.centos) Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type show copying and show warranty for details. This GDB was configured as x86_64-redhat-linux-gnu. For bug reporting instructions, please see: http://www.gnu.org/software/gdb/bugs/... Reading symbols from /usr/sbin/radiusd...done. [New Thread 11611] [New Thread 11614] [New Thread 11613] [New Thread 11612] [New Thread 11610] [New Thread 11609] Reading symbols from /usr/local/lib/libfreeradius-radius-2.2.0.so...done. Loaded symbols for /usr/local/lib/libfreeradius-radius-2.2.0.so Reading symbols from /lib64/libnsl.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libnsl.so.1 Reading symbols from /lib64/libresolv.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libresolv.so.2 Reading symbols from /lib64/libpthread.so.0...(no debugging symbols found)...done. [Thread debugging using libthread_db enabled] Loaded symbols for /lib64/libpthread.so.0 Reading symbols from /lib64/libcrypt.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libcrypt.so.1 Reading symbols from /usr/local/lib/libltdl.so.3...done. Loaded symbols for /usr/local/lib/libltdl.so.3 Reading symbols from /lib64/libssl.so.6...(no debugging symbols found)...done. Loaded symbols for /lib64/libssl.so.6 Reading symbols from /lib64/libcrypto.so.6...(no debugging symbols found)...done. Loaded symbols for /lib64/libcrypto.so.6 Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libdl.so.2 Reading symbols from /lib64/libc.so.6...(no debugging symbols found)...done. Loaded symbols for /lib64/libc.so.6 Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/ld-linux-x86-64.so.2 Reading symbols from /usr/lib64/libgssapi_krb5.so.2...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libgssapi_krb5.so.2 Reading symbols from /usr/lib64/libkrb5.so.3...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libkrb5.so.3 Reading symbols from /lib64/libcom_err.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libcom_err.so.2 Reading symbols from /usr/lib64/libk5crypto.so.3...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libk5crypto.so.3 Reading symbols from /lib64/libz.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libz.so.1 Reading symbols from /usr/lib64/libkrb5support.so.0...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libkrb5support.so.0 Reading symbols from /lib64/libkeyutils.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libkeyutils.so.1 Reading symbols from /lib64/libselinux.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libselinux.so.1 Reading symbols from /lib64/libsepol.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libsepol.so.1 Reading symbols from /lib64/libnss_files.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libnss_files.so.2 Reading symbols from /lib64/libnss_ldap.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libnss_ldap.so.2 Reading symbols from /usr/local/lib/rlm_exec-2.2.0.so...done. Loaded symbols for /usr/local/lib/rlm_exec-2.2.0.so Reading symbols from /usr/local/lib/rlm_expr-2.2.0.so...done. Loaded symbols for /usr/local/lib/rlm_expr-2.2.0.so Reading symbols from /usr/local/lib/rlm_expiration-2.2.0.so...done. Loaded symbols for /usr/local/lib/rlm_expiration-2.2.0.so Reading symbols from /usr/local/lib/rlm_logintime-2.2.0.so...done. Loaded symbols for /usr/local/lib/rlm_logintime-2.2.0.so Reading symbols from /usr/local/lib/rlm_pap-2.2.0.so...done. Loaded symbols for /usr/local/lib/rlm_pap-2.2.0.so Reading symbols from /usr/local/lib/rlm_chap-2.2.0.so...done. Loaded symbols for /usr/local/lib/rlm_chap-2.2.0.so Reading symbols from /usr/local/lib/rlm_preprocess-2.2.0.so...done. Loaded symbols for /usr/local/lib/rlm_preprocess-2.2.0.so Reading symbols from /usr/local/lib/rlm_digest-2.2.0.so...done. Loaded symbols for /usr/local/lib/rlm_digest-2.2.0.so Reading symbols from /usr/local/lib/rlm_realm-2.2.0.so...done. Loaded symbols for /usr/local/lib/rlm_realm-2.2.0.so
RE: segfault error
I did some more debugging and I always seem to get a segfault at the same place. Is there something I should be looking at on the LDAP backend? [files] users: Matched entry DEFAULT at line 214 ++[files] returns ok [pap] Normalizing SSHA1-Password from base64 encoding [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = PAP # Executing group from file /etc/raddb/sites-enabled/virtual.amtelecom.net +- entering group PAP {...} [pap] login attempt with password 45270 [pap] Using SSHA encryption. [pap] Normalizing SSHA1-Password from base64 encoding Segmentation fault ++[files] returns ok [pap] Normalizing SSHA1-Password from base64 encoding [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = PAP # Executing group from file /etc/raddb/sites-enabled/virtual.amtelecom.net +- entering group PAP {...} [pap] login attempt with password bradly [pap] Using SSHA encryption. [pap] Normalizing SSHA1-Password from base64 encoding Segmentation fault Thanks, Chris Chris Taylor System Administrator Network Operations Eastlink chris.tay...@corp.eastlink.caT: 519.773.1287 -Original Message- From: freeradius-users-bounces+chris.taylor=corp.eastlink...@lists.freeradius.org [mailto:freeradius-users-bounces+chris.taylor=corp.eastlink...@lists.freeradius.org] On Behalf Of Chris Taylor Sent: Friday, April 12, 2013 4:31 PM To: FreeRadius users mailing list Subject: RE: segfault error Yeah this is the only version of freeradius on the box the other was an rpm version that was removed before I compiled this one. -Original Message- From: freeradius-users-bounces+chris.taylor=corp.eastlink...@lists.freeradius.org [mailto:freeradius-users-bounces+chris.taylor=corp.eastlink...@lists.freeradius.org] On Behalf Of Alan DeKok Sent: Friday, April 12, 2013 3:45 PM To: FreeRadius users mailing list Subject: Re: segfault error Chris Taylor wrote: Ok I have upgraded to a compiled version of freeradius 2.2.0, and I was able to see the same result. It crashed after a few minutes with the error below. on-radius01 kernel: radiusd[10038]: segfault at 73d87000 rip 003c6c07b5bb rsp 73d83c08 error 4 Check that you're really running v2.2.0. Sometimes scripts point to old installations. I turned on core dumps to see if I could get any more details out of it, but I could not make it crash after that. Did you follow the instructions in doc/bugs? That says how to find the bug. Any ideas as to what this could be I can post my -X output but all it says at the bottom when it stops working is segfault. doc/bugs has detailed instructions for just such an occasion. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: segfault error
Chris Taylor wrote: I did some more debugging and I always seem to get a segfault at the same place. Is there something I should be looking at on the LDAP backend? See doc/bugs That should help. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: segfault error
I have tried a few times but I can't get a core dump. After radius dies I run gdb /usr/sbin/radiusd /tmp/core_dump/test.dump but I get the following output. # [root@on-radius01 core_dump]# gdb /usr/sbin/radiusd /tmp/core_dump/test.dump GNU gdb (GDB) CentOS (7.0.1-45.el5.centos) Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type show copying and show warranty for details. This GDB was configured as x86_64-redhat-linux-gnu. For bug reporting instructions, please see: http://www.gnu.org/software/gdb/bugs/... Reading symbols from /usr/sbin/radiusd...done. /tmp/core_dump/test.dump is not a core dump: File format not recognized # I have ulimit set to unlimited. [root@on-radius01 core_dump]# ulimit -a core file size (blocks, -c) unlimited data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited What am I doing wrong on this? Thanks, Chris -Original Message- From: freeradius-users-bounces+chris.taylor=corp.eastlink...@lists.freeradius.org [mailto:freeradius-users-bounces+chris.taylor=corp.eastlink...@lists.freeradius.org] On Behalf Of Alan DeKok Sent: Wednesday, May 01, 2013 12:14 PM To: FreeRadius users mailing list Subject: Re: segfault error Chris Taylor wrote: I did some more debugging and I always seem to get a segfault at the same place. Is there something I should be looking at on the LDAP backend? See doc/bugs That should help. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: segfault error
On 05/01/2013 01:36 PM, Chris Taylor wrote: I have tried a few times but I can't get a core dump. After radius dies I run gdb /usr/sbin/radiusd /tmp/core_dump/test.dump but I get the following output. # [root@on-radius01 core_dump]# gdb /usr/sbin/radiusd /tmp/core_dump/test.dump GNU gdb (GDB) CentOS (7.0.1-45.el5.centos) Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type show copying and show warranty for details. This GDB was configured as x86_64-redhat-linux-gnu. For bug reporting instructions, please see: http://www.gnu.org/software/gdb/bugs/... Reading symbols from /usr/sbin/radiusd...done. /tmp/core_dump/test.dump is not a core dump: File format not recognized # I have ulimit set to unlimited. [root@on-radius01 core_dump]# ulimit -a core file size (blocks, -c) unlimited data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited What am I doing wrong on this? There is information in this bz you may find useful https://bugzilla.redhat.com/show_bug.cgi?id=602567 -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: segfault error
for /usr/local/lib/rlm_detail.so Reading symbols from /usr/local/lib/rlm_unix.so...done. Loaded symbols for /usr/local/lib/rlm_unix.so Reading symbols from /usr/local/lib/rlm_radutmp.so...done. Loaded symbols for /usr/local/lib/rlm_radutmp.so Reading symbols from /usr/local/lib/rlm_attr_filter.so...done. Loaded symbols for /usr/local/lib/rlm_attr_filter.so Reading symbols from /usr/local/lib/rlm_ldap.so...done. Loaded symbols for /usr/local/lib/rlm_ldap.so Reading symbols from /usr/lib64/libldap_r-2.3.so.0...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libldap_r-2.3.so.0 Reading symbols from /usr/lib64/liblber-2.3.so.0...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/liblber-2.3.so.0 Reading symbols from /usr/lib64/libsasl2.so.2...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libsasl2.so.2 Reading symbols from /usr/local/lib/rlm_sql.so...done. Loaded symbols for /usr/local/lib/rlm_sql.so Reading symbols from /usr/local/lib/rlm_sql_mysql.so...done. Loaded symbols for /usr/local/lib/rlm_sql_mysql.so Reading symbols from /usr/lib64/mysql/libmysqlclient_r.so.15...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/mysql/libmysqlclient_r.so.15 Reading symbols from /lib64/libm.so.6...(no debugging symbols found)...done. Loaded symbols for /lib64/libm.so.6 Reading symbols from /lib64/libgcc_s.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libgcc_s.so.1 Reading symbols from /lib64/libnss_dns.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libnss_dns.so.2 Reading symbols from /usr/local/lib/rlm_eap.so...done. Loaded symbols for /usr/local/lib/rlm_eap.so Reading symbols from /usr/local/lib/libfreeradius-eap-2.2.0.so...done. Loaded symbols for /usr/local/lib/libfreeradius-eap-2.2.0.so Reading symbols from /usr/local/lib/rlm_eap_md5.so...done. Loaded symbols for /usr/local/lib/rlm_eap_md5.so Reading symbols from /usr/local/lib/rlm_eap_leap.so...done. Loaded symbols for /usr/local/lib/rlm_eap_leap.so Reading symbols from /usr/local/lib/rlm_eap_gtc.so...done. Loaded symbols for /usr/local/lib/rlm_eap_gtc.so Reading symbols from /usr/local/lib/rlm_eap_tls.so...done. Loaded symbols for /usr/local/lib/rlm_eap_tls.so Reading symbols from /usr/local/lib/rlm_eap_ttls.so...done. Loaded symbols for /usr/local/lib/rlm_eap_ttls.so Reading symbols from /usr/local/lib/rlm_eap_peap.so...done. Loaded symbols for /usr/local/lib/rlm_eap_peap.so Reading symbols from /usr/local/lib/rlm_eap_mschapv2.so...done. Loaded symbols for /usr/local/lib/rlm_eap_mschapv2.so Reading symbols from /usr/local/lib/rlm_always.so...done. Loaded symbols for /usr/local/lib/rlm_always.so warning: no loadable sections found in added symbol-file system-supplied DSO at 0x7fff84bfd000 Core was generated by `/usr/sbin/radiusd -d /etc/raddb'. Program terminated with signal 11, Segmentation fault. #0 0x003c6c07b5bb in memcpy () from /lib64/libc.so.6 -Original Message- From: John Dennis [mailto:jden...@redhat.com] Sent: Wednesday, May 01, 2013 2:06 PM To: FreeRadius users mailing list Cc: Chris Taylor Subject: Re: segfault error On 05/01/2013 01:36 PM, Chris Taylor wrote: I have tried a few times but I can't get a core dump. After radius dies I run gdb /usr/sbin/radiusd /tmp/core_dump/test.dump but I get the following output. # [root@on-radius01 core_dump]# gdb /usr/sbin/radiusd /tmp/core_dump/test.dump GNU gdb (GDB) CentOS (7.0.1-45.el5.centos) Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type show copying and show warranty for details. This GDB was configured as x86_64-redhat-linux-gnu. For bug reporting instructions, please see: http://www.gnu.org/software/gdb/bugs/... Reading symbols from /usr/sbin/radiusd...done. /tmp/core_dump/test.dump is not a core dump: File format not recognized # I have ulimit set to unlimited. [root@on-radius01 core_dump]# ulimit -a core file size (blocks, -c) unlimited data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited What am I doing wrong on this? There is information in this bz you may find useful https://bugzilla.redhat.com/show_bug.cgi?id=602567 -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: segfault error
Chris Taylor wrote: I have tried a few times but I can't get a core dump. See doc/bugs. It contains instructions for debugging a live server. If you can't get core dumps, use the instructions in Section 3 of that file. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: segfault error
Hi, I did some more debugging and I always seem to get a segfault at the same place. Is there something I should be looking at on the LDAP backend? i'd like to knwo what you are doing, how you have this configured.and why your server thinks '45270' or 'bradly' or SSHA encrypted, its likely you're forcing somthing to occur which is truly stuffing the SHA libraries when they try to evaluate the not SSHA1 hash as per the docs, radiusd -X output alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: segfault error
hi, ..thats the startupand when a request comes in (the one that segfaults the server.) ? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
pptpd+freeradius+ldap ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
= PPP User-Name = user Calling-Station-Id = 10.1.0.136 NAS-IP-Address = 127.0.1.1 NAS-Port = 0 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} [ldap] performing user authorization for user [ldap] expand: %{Stripped-User-Name} - [ldap] ... expanding second conditional [ldap] expand: %{User-Name} - user [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) - (uid=user) [ldap] expand: dc=domain,dc=private - dc=domain,dc=private [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] attempting LDAP reconnection [ldap] (re)connect to 10.1.98.50:389, authentication 0 [ldap] bind as cn=admin,dc=domain,dc=private/password to 10.1.98.50:389 [ldap] waiting for bind result ... [ldap] Bind was successful [ldap] performing search in dc=domain,dc=private, with filter (uid=user) [ldap] Added User-Password = {SSHA}lT5RCX6nyyU6zaCtL7rEAfN5u1DxI7xN in check items [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] userPassword - Password-With-Header == {SSHA}lT5RCX6nyyU6zaCtL7rEAfN5u1DxI7xN [ldap] looking for reply items in directory... [ldap] user user authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = user, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] No clear-text password in the request. Not performing PAP. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} - user attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 139 to 10.1.98.52 port 45105 Waking up in 4.9 seconds. I've read the documentation at least one million times and searched the mailinglist and on google but I still can't manage to find a solution, can anyone help me pointing out the error? users' password are stored in openldap using SSHA password, if this information can be useful. Thanks Alberto - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: pptpd+freeradius+ldap ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
On 18 Apr 2013, at 11:43, Alberto Aldrigo aaldr...@ca-tron.com wrote: rad_recv: Access-Request packet from host 10.1.98.52 port 45105, id=139, length=77 Service-Type = Framed-User Framed-Protocol = PPP User-Name = user Calling-Station-Id = 10.1.0.136 NAS-IP-Address = 127.0.1.1 NAS-Port = 0 PPPD isn't sending a password. The hash is being found by LDAP fine, but there is no password in the radius request for it to validate. You need to fix PPPD, then it should work. Thanks, Adam Bishop gpg: 0x6609D460 Janet, the UK's research and education network. Janet(UK) is a trading name of Jisc Collections and Janet Limited, a not-for-profit company which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: segfault error
Ok I have upgraded to a compiled version of freeradius 2.2.0, and I was able to see the same result. It crashed after a few minutes with the error below. on-radius01 kernel: radiusd[10038]: segfault at 73d87000 rip 003c6c07b5bb rsp 73d83c08 error 4 I turned on core dumps to see if I could get any more details out of it, but I could not make it crash after that. Any ideas as to what this could be I can post my -X output but all it says at the bottom when it stops working is segfault. Thanks, Chris -Original Message- From: freeradius-users-bounces+chris.taylor=corp.eastlink...@lists.freeradius.org [mailto:freeradius-users-bounces+chris.taylor=corp.eastlink...@lists.freeradius.org] On Behalf Of Alan DeKok Sent: Wednesday, April 10, 2013 9:45 AM To: FreeRadius users mailing list Subject: Re: segfault error Chris Taylor wrote: I am running freeradius2-2.1.12-5.el5 on a CentOS server release 5.9 (Final). I was doing some testing on some new RADIUS servers that we want to put into production and I got the following error. Well... upgrade to 2.2.0. There's no reason for us to debug issues in old versions. Those have already been debugged and fixed. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: segfault error
Chris Taylor wrote: Ok I have upgraded to a compiled version of freeradius 2.2.0, and I was able to see the same result. It crashed after a few minutes with the error below. on-radius01 kernel: radiusd[10038]: segfault at 73d87000 rip 003c6c07b5bb rsp 73d83c08 error 4 Check that you're really running v2.2.0. Sometimes scripts point to old installations. I turned on core dumps to see if I could get any more details out of it, but I could not make it crash after that. Did you follow the instructions in doc/bugs? That says how to find the bug. Any ideas as to what this could be I can post my -X output but all it says at the bottom when it stops working is segfault. doc/bugs has detailed instructions for just such an occasion. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: segfault error
Yeah this is the only version of freeradius on the box the other was an rpm version that was removed before I compiled this one. -Original Message- From: freeradius-users-bounces+chris.taylor=corp.eastlink...@lists.freeradius.org [mailto:freeradius-users-bounces+chris.taylor=corp.eastlink...@lists.freeradius.org] On Behalf Of Alan DeKok Sent: Friday, April 12, 2013 3:45 PM To: FreeRadius users mailing list Subject: Re: segfault error Chris Taylor wrote: Ok I have upgraded to a compiled version of freeradius 2.2.0, and I was able to see the same result. It crashed after a few minutes with the error below. on-radius01 kernel: radiusd[10038]: segfault at 73d87000 rip 003c6c07b5bb rsp 73d83c08 error 4 Check that you're really running v2.2.0. Sometimes scripts point to old installations. I turned on core dumps to see if I could get any more details out of it, but I could not make it crash after that. Did you follow the instructions in doc/bugs? That says how to find the bug. Any ideas as to what this could be I can post my -X output but all it says at the bottom when it stops working is segfault. doc/bugs has detailed instructions for just such an occasion. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
segfault error
I am running freeradius2-2.1.12-5.el5 on a CentOS server release 5.9 (Final). I was doing some testing on some new RADIUS servers that we want to put into production and I got the following error. /var/log/messages Apr 9 17:33:45 on-radius01 kernel: radiusd[8831]: segfault at 2aae660ae000 rip 2aae5b6215eb rsp 2aae660ab7c8 error 4 What should I be looking for the RADIUS logs didn't turn up anything as it wasn't in debug mode. Thanks, Chris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: segfault error
Chris Taylor wrote: I am running freeradius2-2.1.12-5.el5 on a CentOS server release 5.9 (Final). I was doing some testing on some new RADIUS servers that we want to put into production and I got the following error. Well... upgrade to 2.2.0. There's no reason for us to debug issues in old versions. Those have already been debugged and fixed. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CoA proxy error
Mehdi Ravanbakhsh wrote: Hi All : i have get this error in log after setup COA-originate in site-enable : WARNING: No previous template for proxy socket. Source IP address may be chosen by the OS Don't edit the configuration files and break the server. If you do edit them, ensure you know what you're doing. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CoA proxy error
i fond that : in radius.conf : proxy_requests = yes it is work now for update disconnect but for update coa it is not work , i do not know if i use it correctly : *default config :* preacct { update coa { User-Name = %{User-Name} Acct-Session-Id = %{Acct-Session-Id} NAS-IP-Address = %{NAS-IP-Address} Session-Timeout := 5 } } On Wed, Apr 3, 2013 at 12:23 AM, Mehdi Ravanbakhsh baba...@gmail.comwrote: Hi All : i have get this error in log after setup COA-originate in site-enable : WARNING: No previous template for proxy socket. Source IP address may be chosen by the OS ... adding new socket proxy address * port 16288 ERROR: Failed to insert CoA request into proxy list. * clent.conf : * client lar { ipaddr = 5.190.103.4 secret = testing123 require_message_authenticator = no nastype = other coa_server = lar } *coa-originate :* home_server lar { type = coa ipaddr = 5.190.103.4 port = 1700 secret = testing123 coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } } home_server_pool main { type = fail-over home_server = lar } *default config :* preacct { update disconnect { User-Name = %{User-Name} Acct-Session-Id = %{Acct-Session-Id} NAS-IP-Address = %{NAS-IP-Address} } } - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
compile error
I am not able to compile from git. It ends with error: version.c:71: warning: no previous prototype for 'ssl_version_check' version.c: In function 'ssl_version': version.c:78: error: expected ';' before '}' token gmake[4]: *** [version.lo] Error 1 gmake[4]: Leaving directory `/usr/src/freeradius-git-2.x.x/freeradius-server/src/main' gmake[3]: *** [main] Error 2 gmake[3]: Leaving directory `/usr/src/freeradius-git-2.x.x/freeradius-server/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/usr/src/freeradius-git-2.x.x/freeradius-server/src' gmake[1]: *** [src] Error 2 gmake[1]: Leaving directory `/usr/src/freeradius-git-2.x.x/freeradius-server' make: *** [all] Error 2 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: compile error
On 28.03.2013 10:48, Igor Smitran wrote: I am not able to compile from git. It ends with error: version.c:71: warning: no previous prototype for 'ssl_version_check' version.c: In function 'ssl_version': version.c:78: error: expected ';' before '}' token gmake[4]: *** [version.lo] Error 1 gmake[4]: Leaving directory `/usr/src/freeradius-git-2.x.x/freeradius-server/src/main' gmake[3]: *** [main] Error 2 gmake[3]: Leaving directory `/usr/src/freeradius-git-2.x.x/freeradius-server/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/usr/src/freeradius-git-2.x.x/freeradius-server/src' gmake[1]: *** [src] Error 2 gmake[1]: Leaving directory `/usr/src/freeradius-git-2.x.x/freeradius-server' make: *** [all] Error 2 Nice catch. Sent a pull request to fix this. In the mean time you can simply add a ; at the end of line 78 in src/main/version.c Btw, are you aware that your are compiling freeradius without ssl support ? this mean no eap, no tls, ect ? You should first install the openssl development files before compiling freeradius Olivier -- Olivier Beytrison Network Security Engineer, HES-SO Fribourg Mail: oliv...@heliosnet.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: compile error
On 03/28/2013 10:57 AM, Olivier Beytrison wrote: Btw, are you aware that your are compiling freeradius without ssl support ? this mean no eap, no tls, ect ? You should first install the openssl development files before compiling freeradius Olivier Yes, i know. This freeradius will only serve dhcp requests. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius with either LDAP or Mysql Error lib not found
Fri Mar 8 13:44:46 2013 : Error: Could not link driver rlm_sql_mysql: rlm_sql_mysql.so: cannot open shared object file: No such file or directory It seems that your mysql drivers have not been installed successfully, thanks to freeradius, it has the option to install mysql server along free radius . (use this command sudo apt-get install mysql-server (somthing like that if not work,, google it). Hopefully problem will be solve On Fri, Mar 8, 2013 at 12:51 PM, Iftakhul Anwar an...@meruvian.org wrote: Hi All I just try to config freeradius using either Mysql or LDAP. But i get same error like bellow : [errror Mysq] Fri Mar 8 13:44:46 2013 : Error: Could not link driver rlm_sql_mysql: rlm_sql_mysql.so: cannot open shared object file: No such file or directory Fri Mar 8 13:44:46 2013 : Error: Make sure it (and all its dependent libraries!) are in the search path of your system's ld. Fri Mar 8 13:44:46 2013 : Error: /usr/local/etc/raddb/sql.conf[22]: Instantiation failed for module sql Fri Mar 8 13:44:46 2013 : Error: /usr/local/etc/raddb/sites-enabled/default[177]: Failed to find sql in the modules section. Fri Mar 8 13:44:46 2013 : Error: /usr/local/etc/raddb/sites-enabled/default[69]: Errors parsing authorize section. i've read in some article that it's solved by installed mysql-devel package. In this case i've installed libmysqlclient-dev on my ubuntu 12.04 But still get same error. It's also happen on my freeradius ldap? [error LDAP] /usr/local/etc/raddb/modules/ldap[29]: Failed to link to module 'rlm_ldap': rlm_ldap.so: cannot open shared object file: No such file or directory /usr/local/etc/raddb/sites-enabled/default[305]: Failed to find ldap in the modules section. /usr/local/etc/raddb/sites-enabled/default[305]: Failed to parse ldap How i can solve this issue ? Thanks -- *M.Iftakhul Anwar* Meruvian Integrator High Performance Computing / Cloud Computing (HPC/CC) Office Phone : 021-93586577 Mobile Phone : 085215331477 Blog : http://blog.mervpolis.com/roller/anwar FB : http://www.facebook.com/troya.adromeda Website : www.meruvian.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius with either LDAP or Mysql Error lib not found
I've installed mysql-server on my system even before i installed freeradius server. Any another tips to solve this ? On Fri, Mar 8, 2013 at 2:59 PM, Muhammad Nadeem mnadeem8...@gmail.comwrote: Fri Mar 8 13:44:46 2013 : Error: Could not link driver rlm_sql_mysql: rlm_sql_mysql.so: cannot open shared object file: No such file or directory It seems that your mysql drivers have not been installed successfully, thanks to freeradius, it has the option to install mysql server along free radius . (use this command sudo apt-get install mysql-server (somthing like that if not work,, google it). Hopefully problem will be solve On Fri, Mar 8, 2013 at 12:51 PM, Iftakhul Anwar an...@meruvian.orgwrote: Hi All I just try to config freeradius using either Mysql or LDAP. But i get same error like bellow : [errror Mysq] Fri Mar 8 13:44:46 2013 : Error: Could not link driver rlm_sql_mysql: rlm_sql_mysql.so: cannot open shared object file: No such file or directory Fri Mar 8 13:44:46 2013 : Error: Make sure it (and all its dependent libraries!) are in the search path of your system's ld. Fri Mar 8 13:44:46 2013 : Error: /usr/local/etc/raddb/sql.conf[22]: Instantiation failed for module sql Fri Mar 8 13:44:46 2013 : Error: /usr/local/etc/raddb/sites-enabled/default[177]: Failed to find sql in the modules section. Fri Mar 8 13:44:46 2013 : Error: /usr/local/etc/raddb/sites-enabled/default[69]: Errors parsing authorize section. i've read in some article that it's solved by installed mysql-devel package. In this case i've installed libmysqlclient-dev on my ubuntu 12.04 But still get same error. It's also happen on my freeradius ldap? [error LDAP] /usr/local/etc/raddb/modules/ldap[29]: Failed to link to module 'rlm_ldap': rlm_ldap.so: cannot open shared object file: No such file or directory /usr/local/etc/raddb/sites-enabled/default[305]: Failed to find ldap in the modules section. /usr/local/etc/raddb/sites-enabled/default[305]: Failed to parse ldap How i can solve this issue ? Thanks -- *M.Iftakhul Anwar* Meruvian Integrator High Performance Computing / Cloud Computing (HPC/CC) Office Phone : 021-93586577 Mobile Phone : 085215331477 Blog : http://blog.mervpolis.com/roller/anwar FB : http://www.facebook.com/troya.adromeda Website : www.meruvian.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- *M.Iftakhul Anwar* Meruvian Integrator High Performance Computing / Cloud Computing (HPC/CC) Office Phone : 021-93586577 Mobile Phone : 085215331477 Blog : http://blog.mervpolis.com/roller/anwar FB : http://www.facebook.com/troya.adromeda Website : www.meruvian.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius with either LDAP or Mysql Error lib not found
Ok man.. set LD_LIBRARY_PATH to your mysql drivers,, like for oracle it will be SET PATH=LD_LIBRARY_PATH=$ORACLE_HOME/lib On Fri, Mar 8, 2013 at 1:02 PM, Iftakhul Anwar an...@meruvian.org wrote: I've installed mysql-server on my system even before i installed freeradius server. Any another tips to solve this ? On Fri, Mar 8, 2013 at 2:59 PM, Muhammad Nadeem mnadeem8...@gmail.comwrote: Fri Mar 8 13:44:46 2013 : Error: Could not link driver rlm_sql_mysql: rlm_sql_mysql.so: cannot open shared object file: No such file or directory It seems that your mysql drivers have not been installed successfully, thanks to freeradius, it has the option to install mysql server along free radius . (use this command sudo apt-get install mysql-server (somthing like that if not work,, google it). Hopefully problem will be solve On Fri, Mar 8, 2013 at 12:51 PM, Iftakhul Anwar an...@meruvian.orgwrote: Hi All I just try to config freeradius using either Mysql or LDAP. But i get same error like bellow : [errror Mysq] Fri Mar 8 13:44:46 2013 : Error: Could not link driver rlm_sql_mysql: rlm_sql_mysql.so: cannot open shared object file: No such file or directory Fri Mar 8 13:44:46 2013 : Error: Make sure it (and all its dependent libraries!) are in the search path of your system's ld. Fri Mar 8 13:44:46 2013 : Error: /usr/local/etc/raddb/sql.conf[22]: Instantiation failed for module sql Fri Mar 8 13:44:46 2013 : Error: /usr/local/etc/raddb/sites-enabled/default[177]: Failed to find sql in the modules section. Fri Mar 8 13:44:46 2013 : Error: /usr/local/etc/raddb/sites-enabled/default[69]: Errors parsing authorize section. i've read in some article that it's solved by installed mysql-devel package. In this case i've installed libmysqlclient-dev on my ubuntu 12.04 But still get same error. It's also happen on my freeradius ldap? [error LDAP] /usr/local/etc/raddb/modules/ldap[29]: Failed to link to module 'rlm_ldap': rlm_ldap.so: cannot open shared object file: No such file or directory /usr/local/etc/raddb/sites-enabled/default[305]: Failed to find ldap in the modules section. /usr/local/etc/raddb/sites-enabled/default[305]: Failed to parse ldap How i can solve this issue ? Thanks -- *M.Iftakhul Anwar* Meruvian Integrator High Performance Computing / Cloud Computing (HPC/CC) Office Phone : 021-93586577 Mobile Phone : 085215331477 Blog : http://blog.mervpolis.com/roller/anwar FB : http://www.facebook.com/troya.adromeda Website : www.meruvian.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- *M.Iftakhul Anwar* Meruvian Integrator High Performance Computing / Cloud Computing (HPC/CC) Office Phone : 021-93586577 Mobile Phone : 085215331477 Blog : http://blog.mervpolis.com/roller/anwar FB : http://www.facebook.com/troya.adromeda Website : www.meruvian.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius with either LDAP or Mysql Error lib not found
If you install using packages, it's usually contained on separate packages. For example: http://packages.ubuntu.com/search?suite=quantalkeywords=freeradius i.e. freeradius-mysql, freeradius-ldap. -- Fajar On Fri, Mar 8, 2013 at 7:02 PM, Iftakhul Anwar an...@meruvian.org wrote: I've installed mysql-server on my system even before i installed freeradius server. Any another tips to solve this ? On Fri, Mar 8, 2013 at 2:59 PM, Muhammad Nadeem mnadeem8...@gmail.com wrote: Fri Mar 8 13:44:46 2013 : Error: Could not link driver rlm_sql_mysql: rlm_sql_mysql.so: cannot open shared object file: No such file or directory It seems that your mysql drivers have not been installed successfully, thanks to freeradius, it has the option to install mysql server along free radius . (use this command sudo apt-get install mysql-server (somthing like that if not work,, google it). Hopefully problem will be solve On Fri, Mar 8, 2013 at 12:51 PM, Iftakhul Anwar an...@meruvian.org wrote: Hi All I just try to config freeradius using either Mysql or LDAP. But i get same error like bellow : [errror Mysq] Fri Mar 8 13:44:46 2013 : Error: Could not link driver rlm_sql_mysql: rlm_sql_mysql.so: cannot open shared object file: No such file or directory Fri Mar 8 13:44:46 2013 : Error: Make sure it (and all its dependent libraries!) are in the search path of your system's ld. Fri Mar 8 13:44:46 2013 : Error: /usr/local/etc/raddb/sql.conf[22]: Instantiation failed for module sql Fri Mar 8 13:44:46 2013 : Error: /usr/local/etc/raddb/sites-enabled/default[177]: Failed to find sql in the modules section. Fri Mar 8 13:44:46 2013 : Error: /usr/local/etc/raddb/sites-enabled/default[69]: Errors parsing authorize section. i've read in some article that it's solved by installed mysql-devel package. In this case i've installed libmysqlclient-dev on my ubuntu 12.04 But still get same error. It's also happen on my freeradius ldap? [error LDAP] /usr/local/etc/raddb/modules/ldap[29]: Failed to link to module 'rlm_ldap': rlm_ldap.so: cannot open shared object file: No such file or directory /usr/local/etc/raddb/sites-enabled/default[305]: Failed to find ldap in the modules section. /usr/local/etc/raddb/sites-enabled/default[305]: Failed to parse ldap - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius with either LDAP or Mysql Error lib not found
As Fajar says, some distros split up the functions into separate packages (so you don't need to install loads of things just to have a basic server) use your package manager to find/install the sub packages alan -- This smartphone uses free WiFi around the world with eduroam, now that's what I call smart. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius with either LDAP or Mysql Error lib not found
HI All, I just recompile my freeadius with specific directory library.I use command : ./configure --with-mysql-lib-dir=/usr/lib/mysql --with-ldap-lib-dir=/usr/lib/ldap Now ldap and mysql running well :D Thanks all On Fri, Mar 8, 2013 at 3:41 PM, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote: As Fajar says, some distros split up the functions into separate packages (so you don't need to install loads of things just to have a basic server) use your package manager to find/install the sub packages alan -- This smartphone uses free WiFi around the world with eduroam, now that's what I call smart. -- *M.Iftakhul Anwar* Meruvian Integrator High Performance Computing / Cloud Computing (HPC/CC) Office Phone : 021-93586577 Mobile Phone : 085215331477 Blog : http://blog.mervpolis.com/roller/anwar FB : http://www.facebook.com/troya.adromeda Website : www.meruvian.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius with either LDAP or Mysql Error lib not found
Hi All I just try to config freeradius using either Mysql or LDAP. But i get same error like bellow : [errror Mysq] Fri Mar 8 13:44:46 2013 : Error: Could not link driver rlm_sql_mysql: rlm_sql_mysql.so: cannot open shared object file: No such file or directory Fri Mar 8 13:44:46 2013 : Error: Make sure it (and all its dependent libraries!) are in the search path of your system's ld. Fri Mar 8 13:44:46 2013 : Error: /usr/local/etc/raddb/sql.conf[22]: Instantiation failed for module sql Fri Mar 8 13:44:46 2013 : Error: /usr/local/etc/raddb/sites-enabled/default[177]: Failed to find sql in the modules section. Fri Mar 8 13:44:46 2013 : Error: /usr/local/etc/raddb/sites-enabled/default[69]: Errors parsing authorize section. i've read in some article that it's solved by installed mysql-devel package. In this case i've installed libmysqlclient-dev on my ubuntu 12.04 But still get same error. It's also happen on my freeradius ldap? [error LDAP] /usr/local/etc/raddb/modules/ldap[29]: Failed to link to module 'rlm_ldap': rlm_ldap.so: cannot open shared object file: No such file or directory /usr/local/etc/raddb/sites-enabled/default[305]: Failed to find ldap in the modules section. /usr/local/etc/raddb/sites-enabled/default[305]: Failed to parse ldap How i can solve this issue ? Thanks -- *M.Iftakhul Anwar* Meruvian Integrator High Performance Computing / Cloud Computing (HPC/CC) Office Phone : 021-93586577 Mobile Phone : 085215331477 Blog : http://blog.mervpolis.com/roller/anwar FB : http://www.facebook.com/troya.adromeda Website : www.meruvian.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html