rlm_perl cause fall out to core
Hi. I have a problem with rlm_perl on version 0.8.1 (under FreeBSD 5.1 Release).
After starting radiusd with -xyz I've got segmentation fault.
What I do wrong?
experimental.conf:
perl {
module = /usr/local/etc/raddb/example.pl
func_accounting = accounting
func_authentication = authenticate
func_preacct = preacct
func_checksimul = checksimul
func_xlat = xlat
}
radiusd.conf:
[...]
modules {
chap {
authtype = CHAP
}
mschap {
authtype = MS-CHAP
use_mppe = no
require_encryption = no
require_strong = no
}
$INCLUDE ${confdir}/experimental.conf
}
authorize {
perl
chap
mschap
}
authenticate {
authtype FUFLO {
chap
mschap
}
}
[...]
users:
DEFAULT Auth-Type := FUFLO
Fall-Through = Yes
gdb output, configs, scripts is available at http://null.pp.ru/fuck
--
Sincerely,
Dennis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PostreSQL Authentication
radius= select * from radcheck;
id | username | attribute | value | op
+--+---+-+
1 | den | Password | fuflo | :=
2 | steve| Password | testing | :=
radius= select * from radgroupcheck;
id | groupname |attribute|value| op
+---+-+-+
1 | static| Auth-Type | Local | :=
2 | static| Service-Type| Framed-User | :=
3 | static| Framed-Protocol | PPP | :=
radiusd.conf:
[...]
authorize {
sql
mschap
}
authenticate {
mschap
}
[...]
Once again:
rlm_sql: Pairs do not match [steve]
rlm_sql: Released sql socket id: 4
modcall[authorize]: module sql returns notfound
modcall[authorize]: module mschap returns notfound
May be I need to change Auth-Type from local to MS-CHAP?
On Tue, Mar 25, 2003 at 02:42:25PM +0100, Simon Ekstrand wrote:
rlm_sql: Pairs do not match [steve]
Your check items don't match what's in the auth request.
Try adding Service-Type == Framed-User, Framed-Protocol == PPP etc in
radcheck or radgroupcheck.
--
Sincerely,
Dennis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
PostreSQL Authentication
Hi all.
I have a problem with postgresql authentication.
Cuts from configs and log files:
radiusd.conf
In 'modules' section:
mschap {
authtype = MS-CHAP
use_mppe = yes
}
In 'authorize':
mschap
sql
PostgreSQL
==
radius= select * from radcheck ;
id | username | attribute | value | op
+--+---+-+
1 | den | Password | fuflo | ==
2 | steve| Password | testing | ==
radius= select * from radgroupcheck ;
id | groupname | attribute | value | op
+---+---+---+
1 | static| Auth-Type | Local | :=
radius= select * from radgroupreply;
id | groupname | attribute |value| op
+---++-+
1 | static| Framed-Protocol| PPP | :=
2 | static| Service-Type | Framed-User | :=
3 | static| Framed-Compression | Van-Jacobsen-TCP-IP | :=
4 | static| Framed-IP-Netmask | 255.255.255.252 | :=
5 | static| Framed-MTU | 1500| :=
radius= select * from radreply;
id | username | attribute | value | op
+--+---+---+
1 | den | Framed-IP-Address | 10.0.0.2+ | :=
2 | steve| Framed-IP-Address | 10.0.0.2+ | :=
radius= select * from usergroup;
id | username | groupname
+--+---
1 | den | static
2 | steve| static
Cuts from debug (-xxy):
rad_recv: Access-Request packet from host 192.168.0.11:1540, id=98,
length=147
Thread 1 assigned request 0
--- Walking the entire request list ---
Threads: total/active/spare threads = 5/1/4
Nothing to do. Sleeping until we see a request.
Thread 1 handling request 0, (1 handled so far)
NAS-Identifier = localhost
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = 127.0.0.1
User-Name = steve
MS-CHAP-Challenge = 0x42af3afa20ea9629
MS-CHAP-Response =
0x01019a804422b871ef01193f0a48c0845aa24c7c27aa8c318841
Service-Type = Framed-User
Framed-Protocol = PPP
modcall: entering group authorize
modcall[authorize]: module mschap returns notfound
radius_xlat: 'steve'
sql_set_user: escaped user -- 'steve'
radius_xlat: 'SELECT id,UserName,Attribute,Value FROM radcheck WHERE Username =
'steve' ORDER BY id'
rlm_sql: Reserving sql socket id: 4
query: SELECT id,UserName,Attribute,Value FROM radcheck WHERE Username = 'steve' ORDER
BY id
rlm_postgresql Status: PGRES_TUPLES_OK
sql_postgresql: affected rows =
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'steve' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
query: SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'steve' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id
rlm_postgresql Status: PGRES_TUPLES_OK
sql_postgresql: affected rows =
radius_xlat: 'SELECT id,UserName,Attribute,Value FROM radreply WHERE Username =
'steve' ORDER BY id'
query: SELECT id,UserName,Attribute,Value FROM radreply WHERE Username = 'steve' ORDER
BY id
rlm_postgresql Status: PGRES_TUPLES_OK
sql_postgresql: affected rows =
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value
FROM radgroupreply,usergroup WHERE usergroup.Username = 'steve' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
query: SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value
FROM radgroupreply,usergroup WHERE usergroup.Username = 'steve' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id
rlm_postgresql Status: PGRES_TUPLES_OK
sql_postgresql: affected rows =
rlm_sql: Pairs do not match [steve]
rlm_sql: Released sql socket id: 4
modcall[authorize]: module sql returns notfound
modcall: group authorize returns notfound
auth: No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
auth: Failed to validate the user.
Login incorrect: [steve/no User-Password attribute] (from client private port 0
cli 127.0.0.1)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
Thread 1 waiting to be assigned a request
rad_recv: Access-Request packet from host 192.168.0.11:1540, id=98, length=147
Sending Access-Reject of id 98 to 192.168.0.11:1540
MS-CHAP-Error = \001E=691 R=1
--- Walking the entire request list ---
Threads: total/active/spare
threads = 5/0/5
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 98 with timestamp
Re: PostreSQL Authentication
I've changed op to :=, the problem still exists. rlm_sql: Pairs do not match [steve] rlm_sql: Released sql socket id: 4 modcall[authorize]: module sql returns notfound On Tue, Mar 25, 2003 at 10:28:20AM +0100, Ketil Kristiansen wrote: On Tue, 25 Mar 2003, Dennis S. Davidoff wrote: radius= select * from radcheck ; id | username | attribute | value | op +--+---+-+ 1 | den | Password | fuflo | == 2 | steve| Password | testing | == op should be := - see if that doesn't work better... -- Sincerely, Dennis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PostreSQL Authentication
This didn't help. :)
authorize {
sql
mschap
}
Try again:
rlm_sql: Pairs do not match [steve]
rlm_sql: Released sql socket id: 4
modcall[authorize]: module sql returns notfound
modcall[authorize]: module mschap returns notfound
On Tue, Mar 25, 2003 at 12:04:03PM +0200, Michael Davidson wrote:
Hi
from your debug trace:-
modcall[authorize]: module mschap returns notfound
often means that a password was not found by the authorize function. This
cannot come from the request so it has to be provided by the d'base,
therefore, you need to rearrange the order of module execution so that sql
is called before mschap. The password has to be text from which the mschap
authorize module generates Windows style passwords in preparation for the
mschap authenticate function.
Cheers Mike D.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
Dennis S. Davidoff
Sent: Tuesday, March 25, 2003 11:13 AM
To: freeradius-users
Subject: PostreSQL Authentication
Hi all.
I have a problem with postgresql authentication.
Cuts from configs and log files:
radiusd.conf
In 'modules' section:
mschap {
authtype = MS-CHAP
use_mppe = yes
}
In 'authorize':
mschap
sql
PostgreSQL
==
radius= select * from radcheck ;
id | username | attribute | value | op
+--+---+-+
1 | den | Password | fuflo | ==
2 | steve| Password | testing | ==
radius= select * from radgroupcheck ;
id | groupname | attribute | value | op
+---+---+---+
1 | static| Auth-Type | Local | :=
radius= select * from radgroupreply;
id | groupname | attribute |value| op
+---++-+
1 | static| Framed-Protocol| PPP | :=
2 | static| Service-Type | Framed-User | :=
3 | static| Framed-Compression | Van-Jacobsen-TCP-IP | :=
4 | static| Framed-IP-Netmask | 255.255.255.252 | :=
5 | static| Framed-MTU | 1500| :=
radius= select * from radreply;
id | username | attribute | value | op
+--+---+---+
1 | den | Framed-IP-Address | 10.0.0.2+ | :=
2 | steve| Framed-IP-Address | 10.0.0.2+ | :=
radius= select * from usergroup;
id | username | groupname
+--+---
1 | den | static
2 | steve| static
Cuts from debug (-xxy):
rad_recv: Access-Request packet from host 192.168.0.11:1540, id=98,
length=147
Thread 1 assigned request 0
--- Walking the entire request list ---
Threads: total/active/spare threads = 5/1/4
Nothing to do. Sleeping until we see a request.
Thread 1 handling request 0, (1 handled so far)
NAS-Identifier = localhost
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = 127.0.0.1
User-Name = steve
MS-CHAP-Challenge = 0x42af3afa20ea9629
MS-CHAP-Response =
0x01019a804422b871e
f01193f0a48c0845aa24c7c27aa8c318841
Service-Type = Framed-User
Framed-Protocol = PPP
modcall: entering group authorize
modcall[authorize]: module mschap returns notfound
radius_xlat: 'steve'
sql_set_user: escaped user -- 'steve'
radius_xlat: 'SELECT id,UserName,Attribute,Value FROM radcheck
WHERE Username = 'steve' ORDER BY id'
rlm_sql: Reserving sql socket id: 4
query: SELECT id,UserName,Attribute,Value FROM radcheck WHERE
Username = 'steve' ORDER BY id
rlm_postgresql Status: PGRES_TUPLES_OK
sql_postgresql: affected rows =
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,ra
dgroupcheck.Value FROM radgroupcheck,usergroup WHERE
usergroup.Username = 'steve' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id'
query: SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,ra
dgroupcheck.Value FROM radgroupcheck,usergroup WHERE
usergroup.Username = 'steve' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id
rlm_postgresql Status: PGRES_TUPLES_OK
sql_postgresql: affected rows =
radius_xlat: 'SELECT id,UserName,Attribute,Value FROM radreply
WHERE Username = 'steve' ORDER BY id'
query: SELECT id,UserName,Attribute,Value FROM radreply WHERE
Username = 'steve' ORDER BY id
rlm_postgresql Status: PGRES_TUPLES_OK
sql_postgresql: affected rows =
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,ra
dgroupreply.Value FROM radgroupreply,usergroup WHERE
usergroup.Username = 'steve' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id'
query: SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,ra
dgroupreply.Value FROM radgroupreply
Ignoring secret from NAS?
Hi all.
I have a mystic situation. When I trying to use NTRadPing 1.2 (it's
handy tool for testing Radius server by dialways.com) with incorrect
secret key and CHAP box selected, I've got respone from Radius then must
not. If CHAP box unselected no response from server (which is normal
situation).
Example:
NAS (NtRadPing) is on 192.168.0.11, Radius secret key = 'deamn' (I use
wrong passwd to test Radius which *ignore* that passwd?), Radius server
is on 192.168.0.173 at 1812 port.
clients.conf from 192.168.0.173:
client 127.0.0.1 {
secret = bar
shortname = localhost
}
client 192.168.0.11 {
secret = qwerty
shortname = private
}
Rememer I use wrong passwd in request? So let's take a look at log:
Cuts from log:
rad_recv: Access-Request packet from host 192.168.0.11:4577, id=9, length=46
User-Name = steve
CHAP-Password = 0xb37ad3e3d1ae842a81cc9454f16246eb32
modcall: entering group authorize
modcall[authorize]: module preprocess returns ok
users: Matched steve at 80
modcall[authorize]: module files returns ok
modcall[authorize]: module mschap returns noop
modcall: group authorize returns ok
rad_check_password: Found Auth-Type Local
auth: type Local
auth: user supplied CHAP-Password matches local User-Password
Sending Access-Accept of id 9 to 192.168.0.11:4577
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 172.16.3.33
Framed-IP-Netmask = 255.255.255.0
Framed-Routing = Broadcast-Listen
Framed-Filter-Id = std.ppp
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
P.s. I have no nas* files in config directory. Also I has tired to use these
files but gussed problem in other thing. What I doing wrong?
--
Sincerely,
Dennis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
