Ken Roser wrote: > > When I do this I get a core dump with FreeRADIUS. > > Details: > > FreeRADIUS CVS snapshot of April 4th. > OpenSSL, tried both the one used in the TLS notes and version of April 8th. (this >dump is with the same OpenSSL Adam used) > Server is Sun Blade 100 with Solaris 8 > AP is Cisco Aironet 340 >
Looks like another Solaris problem. > I've noticed some OpenSSL errors scattered through the RADIUS log but I don't know >(yet) what they mean. Even Adam's log on the eaptls website had some errors, but >none classified as "fatal" as I do. > Yes none of these SSL errors are fatal, except for one, ie Alert 49: Access denied in your logs > Is there any glaring error here that someone can see? Otherwise I'll dig in further >and debug it. Not sure of the actual problem, but I pointed out some suspicious areas, below. Hope you can debug further and let us know your findings. > > (gdb) bt > #0 0xfefb3084 in strlen () from /usr/lib/libc.so.1 > #1 0xff0028d8 in _doprnt () from /usr/lib/libc.so.1 > #2 0xff004a4c in vsnprintf () from /usr/lib/libc.so.1 > #3 0x18124 in radlogdir_iswritable () > #4 0x1836c in radlog () > #5 0xfee62fc8 in cbtls_verify (ok=1, ctx=0xffbecb38) at cb.c:135 Core dumped in this function at 135. Put a break point and check the contents here. > #16 0xfee6220c in eaptls_authenticate (arg=0xb, handler=0xc2b88) > at rlm_eap_tls.c:203 arg=0xb, This looks like Invalid pointer. It should always be a valid pointer. > #17 0xfee81bc0 in eaptype_call (eap_type=276976, action=AUTHENTICATE, eap_type looks odd to me as it cannot exceed 13, but still it picked up the correct EAP-Type ie EAP-TLS ? See below just before the crash. > Waking up in 6 seconds... > rad_recv: Access-Request packet from host 192.168.123.2:3202, id=60, length=1465 > User-Name = "KEN" > NAS-IP-Address = 192.168.123.2 > Called-Station-Id = "004096431d06" > Calling-Station-Id = "000625039e69" > NAS-Identifier = "AP340-431d06" > NAS-Port = 29 > Framed-MTU = 1400 > State = >0x7226690e9d9a241ae69c1eb30db1d0f83cb36076453b1acea082cf49d0461f171435b6ff > NAS-Port-Type = Wireless-802.11 > EAP-Message = ................. > Message-Authenticator = 0xbda4ad5c2ed49b2170d0263da605d455 > modcall: entering group authorize > modcall[authorize]: module "preprocess" returns ok > modcall[authorize]: module "eap" returns updated > rlm_realm: Looking up realm NULL for User-Name = "KEN" > rlm_realm: No such realm NULL > modcall[authorize]: module "suffix" returns noop > users: Matched KEN at 25 > modcall[authorize]: module "files" returns ok > modcall: group authorize returns updated > rad_check_password: Found Auth-Type EAP > auth: type "EAP" > modcall: entering group authenticate > rlm_eap: Multiple EAP_Message attributes found > rlm_eap: Request found, released from the list > rlm_eap: EAP_TYPE - tls > rlm_eap: processing type tls This is the proof that it picked up the right EAP-Type, I am not sure how. > rlm_eap_tls: Length Included > <<< TLS 1.0 Handshake [length 03d4], Certificate > > chain-depth=1, > error=0 > Segmentation Fault - core dumped Looks like the UserName in cb.c is corrupted. -Raghu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html