rlm_perl cause fall out to core
Hi. I have a problem with rlm_perl on version 0.8.1 (under FreeBSD 5.1 Release). After starting radiusd with -xyz I've got segmentation fault. What I do wrong? experimental.conf: perl { module = /usr/local/etc/raddb/example.pl func_accounting = accounting func_authentication = authenticate func_preacct = preacct func_checksimul = checksimul func_xlat = xlat } radiusd.conf: [...] modules { chap { authtype = CHAP } mschap { authtype = MS-CHAP use_mppe = no require_encryption = no require_strong = no } $INCLUDE ${confdir}/experimental.conf } authorize { perl chap mschap } authenticate { authtype FUFLO { chap mschap } } [...] users: DEFAULT Auth-Type := FUFLO Fall-Through = Yes gdb output, configs, scripts is available at http://null.pp.ru/fuck -- Sincerely, Dennis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PostreSQL Authentication
radius= select * from radcheck; id | username | attribute | value | op +--+---+-+ 1 | den | Password | fuflo | := 2 | steve| Password | testing | := radius= select * from radgroupcheck; id | groupname |attribute|value| op +---+-+-+ 1 | static| Auth-Type | Local | := 2 | static| Service-Type| Framed-User | := 3 | static| Framed-Protocol | PPP | := radiusd.conf: [...] authorize { sql mschap } authenticate { mschap } [...] Once again: rlm_sql: Pairs do not match [steve] rlm_sql: Released sql socket id: 4 modcall[authorize]: module sql returns notfound modcall[authorize]: module mschap returns notfound May be I need to change Auth-Type from local to MS-CHAP? On Tue, Mar 25, 2003 at 02:42:25PM +0100, Simon Ekstrand wrote: rlm_sql: Pairs do not match [steve] Your check items don't match what's in the auth request. Try adding Service-Type == Framed-User, Framed-Protocol == PPP etc in radcheck or radgroupcheck. -- Sincerely, Dennis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
PostreSQL Authentication
Hi all. I have a problem with postgresql authentication. Cuts from configs and log files: radiusd.conf In 'modules' section: mschap { authtype = MS-CHAP use_mppe = yes } In 'authorize': mschap sql PostgreSQL == radius= select * from radcheck ; id | username | attribute | value | op +--+---+-+ 1 | den | Password | fuflo | == 2 | steve| Password | testing | == radius= select * from radgroupcheck ; id | groupname | attribute | value | op +---+---+---+ 1 | static| Auth-Type | Local | := radius= select * from radgroupreply; id | groupname | attribute |value| op +---++-+ 1 | static| Framed-Protocol| PPP | := 2 | static| Service-Type | Framed-User | := 3 | static| Framed-Compression | Van-Jacobsen-TCP-IP | := 4 | static| Framed-IP-Netmask | 255.255.255.252 | := 5 | static| Framed-MTU | 1500| := radius= select * from radreply; id | username | attribute | value | op +--+---+---+ 1 | den | Framed-IP-Address | 10.0.0.2+ | := 2 | steve| Framed-IP-Address | 10.0.0.2+ | := radius= select * from usergroup; id | username | groupname +--+--- 1 | den | static 2 | steve| static Cuts from debug (-xxy): rad_recv: Access-Request packet from host 192.168.0.11:1540, id=98, length=147 Thread 1 assigned request 0 --- Walking the entire request list --- Threads: total/active/spare threads = 5/1/4 Nothing to do. Sleeping until we see a request. Thread 1 handling request 0, (1 handled so far) NAS-Identifier = localhost Service-Type = Framed-User Framed-Protocol = PPP Calling-Station-Id = 127.0.0.1 User-Name = steve MS-CHAP-Challenge = 0x42af3afa20ea9629 MS-CHAP-Response = 0x01019a804422b871ef01193f0a48c0845aa24c7c27aa8c318841 Service-Type = Framed-User Framed-Protocol = PPP modcall: entering group authorize modcall[authorize]: module mschap returns notfound radius_xlat: 'steve' sql_set_user: escaped user -- 'steve' radius_xlat: 'SELECT id,UserName,Attribute,Value FROM radcheck WHERE Username = 'steve' ORDER BY id' rlm_sql: Reserving sql socket id: 4 query: SELECT id,UserName,Attribute,Value FROM radcheck WHERE Username = 'steve' ORDER BY id rlm_postgresql Status: PGRES_TUPLES_OK sql_postgresql: affected rows = radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value FROM radgroupcheck,usergroup WHERE usergroup.Username = 'steve' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value FROM radgroupcheck,usergroup WHERE usergroup.Username = 'steve' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id rlm_postgresql Status: PGRES_TUPLES_OK sql_postgresql: affected rows = radius_xlat: 'SELECT id,UserName,Attribute,Value FROM radreply WHERE Username = 'steve' ORDER BY id' query: SELECT id,UserName,Attribute,Value FROM radreply WHERE Username = 'steve' ORDER BY id rlm_postgresql Status: PGRES_TUPLES_OK sql_postgresql: affected rows = radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value FROM radgroupreply,usergroup WHERE usergroup.Username = 'steve' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value FROM radgroupreply,usergroup WHERE usergroup.Username = 'steve' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id rlm_postgresql Status: PGRES_TUPLES_OK sql_postgresql: affected rows = rlm_sql: Pairs do not match [steve] rlm_sql: Released sql socket id: 4 modcall[authorize]: module sql returns notfound modcall: group authorize returns notfound auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Login incorrect: [steve/no User-Password attribute] (from client private port 0 cli 127.0.0.1) Delaying request 0 for 1 seconds Finished request 0 Going to the next request Thread 1 waiting to be assigned a request rad_recv: Access-Request packet from host 192.168.0.11:1540, id=98, length=147 Sending Access-Reject of id 98 to 192.168.0.11:1540 MS-CHAP-Error = \001E=691 R=1 --- Walking the entire request list --- Threads: total/active/spare threads = 5/0/5 Waking up in 3 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 98 with timestamp
Re: PostreSQL Authentication
I've changed op to :=, the problem still exists. rlm_sql: Pairs do not match [steve] rlm_sql: Released sql socket id: 4 modcall[authorize]: module sql returns notfound On Tue, Mar 25, 2003 at 10:28:20AM +0100, Ketil Kristiansen wrote: On Tue, 25 Mar 2003, Dennis S. Davidoff wrote: radius= select * from radcheck ; id | username | attribute | value | op +--+---+-+ 1 | den | Password | fuflo | == 2 | steve| Password | testing | == op should be := - see if that doesn't work better... -- Sincerely, Dennis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PostreSQL Authentication
This didn't help. :) authorize { sql mschap } Try again: rlm_sql: Pairs do not match [steve] rlm_sql: Released sql socket id: 4 modcall[authorize]: module sql returns notfound modcall[authorize]: module mschap returns notfound On Tue, Mar 25, 2003 at 12:04:03PM +0200, Michael Davidson wrote: Hi from your debug trace:- modcall[authorize]: module mschap returns notfound often means that a password was not found by the authorize function. This cannot come from the request so it has to be provided by the d'base, therefore, you need to rearrange the order of module execution so that sql is called before mschap. The password has to be text from which the mschap authorize module generates Windows style passwords in preparation for the mschap authenticate function. Cheers Mike D. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dennis S. Davidoff Sent: Tuesday, March 25, 2003 11:13 AM To: freeradius-users Subject: PostreSQL Authentication Hi all. I have a problem with postgresql authentication. Cuts from configs and log files: radiusd.conf In 'modules' section: mschap { authtype = MS-CHAP use_mppe = yes } In 'authorize': mschap sql PostgreSQL == radius= select * from radcheck ; id | username | attribute | value | op +--+---+-+ 1 | den | Password | fuflo | == 2 | steve| Password | testing | == radius= select * from radgroupcheck ; id | groupname | attribute | value | op +---+---+---+ 1 | static| Auth-Type | Local | := radius= select * from radgroupreply; id | groupname | attribute |value| op +---++-+ 1 | static| Framed-Protocol| PPP | := 2 | static| Service-Type | Framed-User | := 3 | static| Framed-Compression | Van-Jacobsen-TCP-IP | := 4 | static| Framed-IP-Netmask | 255.255.255.252 | := 5 | static| Framed-MTU | 1500| := radius= select * from radreply; id | username | attribute | value | op +--+---+---+ 1 | den | Framed-IP-Address | 10.0.0.2+ | := 2 | steve| Framed-IP-Address | 10.0.0.2+ | := radius= select * from usergroup; id | username | groupname +--+--- 1 | den | static 2 | steve| static Cuts from debug (-xxy): rad_recv: Access-Request packet from host 192.168.0.11:1540, id=98, length=147 Thread 1 assigned request 0 --- Walking the entire request list --- Threads: total/active/spare threads = 5/1/4 Nothing to do. Sleeping until we see a request. Thread 1 handling request 0, (1 handled so far) NAS-Identifier = localhost Service-Type = Framed-User Framed-Protocol = PPP Calling-Station-Id = 127.0.0.1 User-Name = steve MS-CHAP-Challenge = 0x42af3afa20ea9629 MS-CHAP-Response = 0x01019a804422b871e f01193f0a48c0845aa24c7c27aa8c318841 Service-Type = Framed-User Framed-Protocol = PPP modcall: entering group authorize modcall[authorize]: module mschap returns notfound radius_xlat: 'steve' sql_set_user: escaped user -- 'steve' radius_xlat: 'SELECT id,UserName,Attribute,Value FROM radcheck WHERE Username = 'steve' ORDER BY id' rlm_sql: Reserving sql socket id: 4 query: SELECT id,UserName,Attribute,Value FROM radcheck WHERE Username = 'steve' ORDER BY id rlm_postgresql Status: PGRES_TUPLES_OK sql_postgresql: affected rows = radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,ra dgroupcheck.Value FROM radgroupcheck,usergroup WHERE usergroup.Username = 'steve' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,ra dgroupcheck.Value FROM radgroupcheck,usergroup WHERE usergroup.Username = 'steve' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id rlm_postgresql Status: PGRES_TUPLES_OK sql_postgresql: affected rows = radius_xlat: 'SELECT id,UserName,Attribute,Value FROM radreply WHERE Username = 'steve' ORDER BY id' query: SELECT id,UserName,Attribute,Value FROM radreply WHERE Username = 'steve' ORDER BY id rlm_postgresql Status: PGRES_TUPLES_OK sql_postgresql: affected rows = radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,ra dgroupreply.Value FROM radgroupreply,usergroup WHERE usergroup.Username = 'steve' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,ra dgroupreply.Value FROM radgroupreply
Ignoring secret from NAS?
Hi all. I have a mystic situation. When I trying to use NTRadPing 1.2 (it's handy tool for testing Radius server by dialways.com) with incorrect secret key and CHAP box selected, I've got respone from Radius then must not. If CHAP box unselected no response from server (which is normal situation). Example: NAS (NtRadPing) is on 192.168.0.11, Radius secret key = 'deamn' (I use wrong passwd to test Radius which *ignore* that passwd?), Radius server is on 192.168.0.173 at 1812 port. clients.conf from 192.168.0.173: client 127.0.0.1 { secret = bar shortname = localhost } client 192.168.0.11 { secret = qwerty shortname = private } Rememer I use wrong passwd in request? So let's take a look at log: Cuts from log: rad_recv: Access-Request packet from host 192.168.0.11:4577, id=9, length=46 User-Name = steve CHAP-Password = 0xb37ad3e3d1ae842a81cc9454f16246eb32 modcall: entering group authorize modcall[authorize]: module preprocess returns ok users: Matched steve at 80 modcall[authorize]: module files returns ok modcall[authorize]: module mschap returns noop modcall: group authorize returns ok rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied CHAP-Password matches local User-Password Sending Access-Accept of id 9 to 192.168.0.11:4577 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 172.16.3.33 Framed-IP-Netmask = 255.255.255.0 Framed-Routing = Broadcast-Listen Framed-Filter-Id = std.ppp Framed-MTU = 1500 Framed-Compression = Van-Jacobson-TCP-IP P.s. I have no nas* files in config directory. Also I has tired to use these files but gussed problem in other thing. What I doing wrong? -- Sincerely, Dennis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html