RE: segfault error
Sorry miscommunication on my part. Below is an example of a request that causes
the segfault. I was also able to get a core dump as well which I pasted at the
bottom.
Waking up in 0.1 seconds.
rad_recv: Access-Request packet from host 24.139.16.70 port 1645, id=130,
length=140
Framed-Protocol = PPP
User-Name = twolitt...@amtelecom.net
User-Password = 4141
NAS-Port-Type = Virtual
NAS-Port-Id = 1/0/5/494
Cisco-AVPair = client-mac-address=5cd9.985e.ed7d
Service-Type = Framed-User
NAS-IP-Address = 24.139.16.70
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[digest] returns noop
[suffix] Looking up realm amtelecom.net for User-Name =
twolitt...@amtelecom.net
[suffix] Found realm amtelecom.net
[suffix] Adding Stripped-User-Name = twolittles
[suffix] Adding Realm = amtelecom.net
[suffix] Proxying request from user twolittles to realm amtelecom.net
[suffix] Preparing to proxy authentication request to realm amtelecom.net
++[suffix] returns updated
++[pap] returns noop
WARNING: Empty pre-proxy section. Using default return values.
Sending proxied request internally to virtual server.
server virtual.amtelecom.net {
# Executing section authorize from file
/etc/raddb/sites-enabled/virtual.amtelecom.net
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
[suffix] Request already proxied. Ignoring.
++[suffix] returns ok
++- entering policy redundant {...}
[amtelecom1] performing user authorization for twolittles
[amtelecom1]expand: %{Stripped-User-Name} - twolittles
[amtelecom1]expand:
((uid=%{%{Stripped-User-Name}:-%{User-Name}})(objectclass=posixAccount)(cn=true))
- ((uid=twolittles)(objectclass=posixAccount)(cn=true))
[amtelecom1]expand: ou=radius,o=amtelecom.net,dc=eastlink,dc=ca -
ou=radius,o=amtelecom.net,dc=eastlink,dc=ca
[amtelecom1] ldap_get_conn: Checking Id: 0
[amtelecom1] ldap_get_conn: Got Id: 0
[amtelecom1] performing search in
ou=radius,o=amtelecom.net,dc=eastlink,dc=ca, with filter
((uid=twolittles)(objectclass=posixAccount)(cn=true))
[amtelecom1] checking if remote access for twolittles is allowed by cn
[amtelecom1] Added User-Password =
{SSHA}wD2k0jpAA6JDqNZkdf4UYiT7O89XujNiZGUUeg== in check items
[amtelecom1] looking for check items in directory...
[amtelecom1] userPassword - Password-With-Header ==
{SSHA}wD2k0jpAA6JDqNZkdf4UYiT7O89XujNiZGUUeg==
[amtelecom1] radiusSimultaneousUse - Simultaneous-Use == 99
[amtelecom1] radiusAuthType - Auth-Type == PAP
[amtelecom1] looking for reply items in directory...
[amtelecom1] radiusGroupName - Group-Name = eastlink_residential_profile
[amtelecom1] user twolittles authorized to use remote access
[amtelecom1] ldap_release_conn: Release Id: 0
+++[amtelecom1] returns ok
++- policy redundant returns ok
++- entering policy redundant {...}
[sql1.amtelecom.net]expand: %{User-Name}@%{Realm} -
twolitt...@amtelecom.net
[sql1.amtelecom.net] sql_set_user escaped user -- 'twolitt...@amtelecom.net'
rlm_sql (sql1.amtelecom.net): Reserving sql socket id: 4
[sql1.amtelecom.net]expand: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER
BY id - SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'twolitt...@amtelecom.net' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = 'twolitt...@amtelecom.net' ORDER
BY id
[sql1.amtelecom.net]expand: SELECT groupname FROM radusergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority -
SELECT groupname FROM radusergroup WHERE username =
'twolitt...@amtelecom.net' ORDER BY priority
rlm_sql_mysql: query: SELECT groupname FROM radusergroup
WHERE username = 'twolitt...@amtelecom.net' ORDER BY priority
[sql1.amtelecom.net]expand: SELECT id, groupname, attribute,
Value, op FROM radgroupcheck WHERE groupname =
'%{Sql-Group}' ORDER BY id - SELECT id, groupname, attribute,
Value, op FROM radgroupcheck WHERE groupname =
'acl_permit_eastlink_smtp' ORDER BY id
rlm_sql_mysql: query: SELECT id, groupname, attribute, Value, op
FROM radgroupcheck WHERE groupname = 'acl_permit_eastlink_smtp'
ORDER BY id
[sql1.amtelecom.net] User found in group acl_permit_eastlink_smtp
[sql1.amtelecom.net]expand: SELECT id, groupname, attribute,
value, op FROM radgroupreply WHERE groupname =
'%{Sql-Group}' ORDER BY id - SELECT id, groupname, attribute,
value, op
RE: segfault error
\000\000\000\000\004\000\000\000\000\000\000\000`\001\000\000\000\000\000\000HJ5l\000\000\000`\331\307\004q+\000\000
'UsA\001\000\000\000\000\000\000\070\001\000\000\000\000\000\000\005, '\000'
repeats 39 times, from cli\237Oh\000q+\000\00 0-bras1 port 0
vifrom client (\000\000\000-bras1 port 0...
#3 0x0041c0e6 in call_modsingle (component=0, c=value optimized out,
request=0x12756bb0) at modcall.c:304
No locals.
#4 modcall (component=0, c=value optimized out, request=0x12756bb0) at
modcall.c:686
myresult = 1
stack = {pointer = 1634165107, priority = {0, 0, 0, 0, 0, 0, 0,
1634165107, 829124461, 13106, 0 repeats 22 times},
result = {0, 0, 2, 0 repeats 16 times, 24, 48, 80209248, 11121,
80209056, 11121, 0, 0, 0, 0, 0, 0, 0}, children = {
0x12706950, 0x127069c0, 0x0 repeats 16 times, 0x2b7104c7e320,
0x0, 0x2b7104c7ea80, 0x2b7104c7e970, 0x2b7104c7e970,
0x4c7e480, 0x4, 0x110, 0x12774b50, 0x2b7104c7e320, 0x3c6c068b5a,
0xfbad8001, 0x2b7104c7e970, 0x2b7104c7e970},
start = {0x0, 0x127069c0, 0x1270c340, 0x2b7104c7ea80, 0x2b7104c7e970,
0x2b7104c7ea80, 0x0, 0x6, 0x8,
0x0 repeats 12 times, 0x, 0x0, 0x0, 0x12619fe0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x1}}
parent = 0x12706950
child = 0x127069c0
if_taken = 0
was_if = 0
#5 0x00419415 in indexed_modcall (comp=0, idx=1024,
request=0x12756bb0) at modules.c:740
rcode = value optimized out
list = 0x12706950
server = 0x0
#6 0x00409147 in rad_check_password (request=0x12756bb0) at auth.c:382
No locals.
#7 rad_authenticate (request=0x12756bb0) at auth.c:667
namepair = 0x12743dc0
check_item = value optimized out
auth_item = 0x12743f00
---Type return to continue, or q return to quit---
module_msg = value optimized out
tmp = value optimized out
result = value optimized out
autz_retry = value optimized out
autz_type = value optimized out
#8 0x00427751 in radius_handle_request (request=0x12756bb0,
fun=0x408910 rad_authenticate) at event.c:3784
No locals.
#9 0x004278d4 in proxy_to_virtual_server (request=0x12755810) at
event.c:1980
fake = 0x12756bb0
fun = 0x408910 rad_authenticate
#10 0x0042763a in successfully_proxied_request (request=0x12755810) at
event.c:2265
No locals.
#11 request_post_handler (request=0x12755810) at event.c:2329
rcode = value optimized out
child_state = value optimized out
vp = value optimized out
#12 0x0042778d in radius_handle_request (request=0x12755810,
fun=0x408910 rad_authenticate) at event.c:3790
No locals.
#13 0x00420320 in request_handler_thread (arg=value optimized out) at
threads.c:537
fun = 0x408910 rad_authenticate
self = 0x12740a90
#14 0x003c6d00683d in start_thread () from /lib64/libpthread.so.0
No symbol table info available.
#15 0x003c6c0d500d in clone () from /lib64/libc.so.6
No symbol table info available.
(gdb)
Chris Taylor
System Administrator
Network Operations
Eastlink
chris.tay...@corp.eastlink.caT: 519.773.1287
-Original Message-
From:
freeradius-users-bounces+chris.taylor=corp.eastlink...@lists.freeradius.org
[mailto:freeradius-users-bounces+chris.taylor=corp.eastlink...@lists.freeradius.org]
On Behalf Of Alan DeKok
Sent: Thursday, May 02, 2013 11:58 AM
To: FreeRadius users mailing list
Subject: Re: segfault error
Chris Taylor wrote:
Sorry miscommunication on my part. Below is an example of a request that
causes the segfault. I was also able to get a core dump as well which I
pasted at the bottom.
Which is *not* what we asked for.
Please follow the instructions in doc/bugs. It gives DETAILED instructions
on what to post. You are NOT posting the information we need to be able to
help you.
You're just showing that you can run gdb. This isn't useful. You need to
run the gdb commands in doc/bugs, which tell us WHERE the problem occurred.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: segfault error
I forgot to include my OS and kernel type. Linux on-radius01.eastlink.ca 2.6.18-308.16.1.el5 CentOS release 5.9 (Final) -Original Message- From: Chris Taylor Sent: Thursday, May 02, 2013 1:31 PM To: 'FreeRadius users mailing list' Subject: RE: segfault error I think I have what you are looking for now. I have copied the whole dump from when I start using gdb. Chris [root@on-radius01 raddb]# gdb /usr/sbin/radiusd /tmp/core-radiusd-11-95-95-11609-1367435209 GNU gdb (GDB) CentOS (7.0.1-45.el5.centos) Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type show copying and show warranty for details. This GDB was configured as x86_64-redhat-linux-gnu. For bug reporting instructions, please see: http://www.gnu.org/software/gdb/bugs/... Reading symbols from /usr/sbin/radiusd...done. [New Thread 11611] [New Thread 11614] [New Thread 11613] [New Thread 11612] [New Thread 11610] [New Thread 11609] Reading symbols from /usr/local/lib/libfreeradius-radius-2.2.0.so...done. Loaded symbols for /usr/local/lib/libfreeradius-radius-2.2.0.so Reading symbols from /lib64/libnsl.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libnsl.so.1 Reading symbols from /lib64/libresolv.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libresolv.so.2 Reading symbols from /lib64/libpthread.so.0...(no debugging symbols found)...done. [Thread debugging using libthread_db enabled] Loaded symbols for /lib64/libpthread.so.0 Reading symbols from /lib64/libcrypt.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libcrypt.so.1 Reading symbols from /usr/local/lib/libltdl.so.3...done. Loaded symbols for /usr/local/lib/libltdl.so.3 Reading symbols from /lib64/libssl.so.6...(no debugging symbols found)...done. Loaded symbols for /lib64/libssl.so.6 Reading symbols from /lib64/libcrypto.so.6...(no debugging symbols found)...done. Loaded symbols for /lib64/libcrypto.so.6 Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libdl.so.2 Reading symbols from /lib64/libc.so.6...(no debugging symbols found)...done. Loaded symbols for /lib64/libc.so.6 Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/ld-linux-x86-64.so.2 Reading symbols from /usr/lib64/libgssapi_krb5.so.2...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libgssapi_krb5.so.2 Reading symbols from /usr/lib64/libkrb5.so.3...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libkrb5.so.3 Reading symbols from /lib64/libcom_err.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libcom_err.so.2 Reading symbols from /usr/lib64/libk5crypto.so.3...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libk5crypto.so.3 Reading symbols from /lib64/libz.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libz.so.1 Reading symbols from /usr/lib64/libkrb5support.so.0...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libkrb5support.so.0 Reading symbols from /lib64/libkeyutils.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libkeyutils.so.1 Reading symbols from /lib64/libselinux.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libselinux.so.1 Reading symbols from /lib64/libsepol.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libsepol.so.1 Reading symbols from /lib64/libnss_files.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libnss_files.so.2 Reading symbols from /lib64/libnss_ldap.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libnss_ldap.so.2 Reading symbols from /usr/local/lib/rlm_exec-2.2.0.so...done. Loaded symbols for /usr/local/lib/rlm_exec-2.2.0.so Reading symbols from /usr/local/lib/rlm_expr-2.2.0.so...done. Loaded symbols for /usr/local/lib/rlm_expr-2.2.0.so Reading symbols from /usr/local/lib/rlm_expiration-2.2.0.so...done. Loaded symbols for /usr/local/lib/rlm_expiration-2.2.0.so Reading symbols from /usr/local/lib/rlm_logintime-2.2.0.so...done. Loaded symbols for /usr/local/lib/rlm_logintime-2.2.0.so Reading symbols from /usr/local/lib/rlm_pap-2.2.0.so...done. Loaded symbols for /usr/local/lib/rlm_pap-2.2.0.so Reading symbols from /usr/local/lib/rlm_chap-2.2.0.so...done. Loaded symbols for /usr/local/lib/rlm_chap-2.2.0.so Reading symbols from /usr/local/lib/rlm_preprocess-2.2.0.so...done. Loaded symbols for /usr/local/lib/rlm_preprocess-2.2.0.so Reading symbols from /usr/local/lib/rlm_digest-2.2.0.so...done. Loaded symbols for /usr/local/lib/rlm_digest-2.2.0.so Reading symbols from /usr/local/lib/rlm_realm-2.2.0.so...done. Loaded symbols for /usr/local/lib/rlm_realm-2.2.0.so
RE: segfault error
I did some more debugging and I always seem to get a segfault at the same
place. Is there something I should be looking at on the LDAP backend?
[files] users: Matched entry DEFAULT at line 214
++[files] returns ok
[pap] Normalizing SSHA1-Password from base64 encoding
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = PAP
# Executing group from file /etc/raddb/sites-enabled/virtual.amtelecom.net
+- entering group PAP {...}
[pap] login attempt with password 45270
[pap] Using SSHA encryption.
[pap] Normalizing SSHA1-Password from base64 encoding
Segmentation fault
++[files] returns ok
[pap] Normalizing SSHA1-Password from base64 encoding
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = PAP
# Executing group from file /etc/raddb/sites-enabled/virtual.amtelecom.net
+- entering group PAP {...}
[pap] login attempt with password bradly
[pap] Using SSHA encryption.
[pap] Normalizing SSHA1-Password from base64 encoding
Segmentation fault
Thanks,
Chris
Chris Taylor
System Administrator
Network Operations
Eastlink
chris.tay...@corp.eastlink.caT: 519.773.1287
-Original Message-
From:
freeradius-users-bounces+chris.taylor=corp.eastlink...@lists.freeradius.org
[mailto:freeradius-users-bounces+chris.taylor=corp.eastlink...@lists.freeradius.org]
On Behalf Of Chris Taylor
Sent: Friday, April 12, 2013 4:31 PM
To: FreeRadius users mailing list
Subject: RE: segfault error
Yeah this is the only version of freeradius on the box the other was an rpm
version that was removed before I compiled this one.
-Original Message-
From:
freeradius-users-bounces+chris.taylor=corp.eastlink...@lists.freeradius.org
[mailto:freeradius-users-bounces+chris.taylor=corp.eastlink...@lists.freeradius.org]
On Behalf Of Alan DeKok
Sent: Friday, April 12, 2013 3:45 PM
To: FreeRadius users mailing list
Subject: Re: segfault error
Chris Taylor wrote:
Ok I have upgraded to a compiled version of freeradius 2.2.0, and I was able
to see the same result. It crashed after a few minutes with the error below.
on-radius01 kernel: radiusd[10038]: segfault at 73d87000 rip
003c6c07b5bb rsp 73d83c08 error 4
Check that you're really running v2.2.0. Sometimes scripts point to old
installations.
I turned on core dumps to see if I could get any more details out of it, but
I could not make it crash after that.
Did you follow the instructions in doc/bugs? That says how to find the bug.
Any ideas as to what this could be I can post my -X output but all it says at
the bottom when it stops working is segfault.
doc/bugs has detailed instructions for just such an occasion.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: segfault error
I have tried a few times but I can't get a core dump. After radius dies I run gdb /usr/sbin/radiusd /tmp/core_dump/test.dump but I get the following output. # [root@on-radius01 core_dump]# gdb /usr/sbin/radiusd /tmp/core_dump/test.dump GNU gdb (GDB) CentOS (7.0.1-45.el5.centos) Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type show copying and show warranty for details. This GDB was configured as x86_64-redhat-linux-gnu. For bug reporting instructions, please see: http://www.gnu.org/software/gdb/bugs/... Reading symbols from /usr/sbin/radiusd...done. /tmp/core_dump/test.dump is not a core dump: File format not recognized # I have ulimit set to unlimited. [root@on-radius01 core_dump]# ulimit -a core file size (blocks, -c) unlimited data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited What am I doing wrong on this? Thanks, Chris -Original Message- From: freeradius-users-bounces+chris.taylor=corp.eastlink...@lists.freeradius.org [mailto:freeradius-users-bounces+chris.taylor=corp.eastlink...@lists.freeradius.org] On Behalf Of Alan DeKok Sent: Wednesday, May 01, 2013 12:14 PM To: FreeRadius users mailing list Subject: Re: segfault error Chris Taylor wrote: I did some more debugging and I always seem to get a segfault at the same place. Is there something I should be looking at on the LDAP backend? See doc/bugs That should help. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: segfault error
for /usr/local/lib/rlm_detail.so Reading symbols from /usr/local/lib/rlm_unix.so...done. Loaded symbols for /usr/local/lib/rlm_unix.so Reading symbols from /usr/local/lib/rlm_radutmp.so...done. Loaded symbols for /usr/local/lib/rlm_radutmp.so Reading symbols from /usr/local/lib/rlm_attr_filter.so...done. Loaded symbols for /usr/local/lib/rlm_attr_filter.so Reading symbols from /usr/local/lib/rlm_ldap.so...done. Loaded symbols for /usr/local/lib/rlm_ldap.so Reading symbols from /usr/lib64/libldap_r-2.3.so.0...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libldap_r-2.3.so.0 Reading symbols from /usr/lib64/liblber-2.3.so.0...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/liblber-2.3.so.0 Reading symbols from /usr/lib64/libsasl2.so.2...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libsasl2.so.2 Reading symbols from /usr/local/lib/rlm_sql.so...done. Loaded symbols for /usr/local/lib/rlm_sql.so Reading symbols from /usr/local/lib/rlm_sql_mysql.so...done. Loaded symbols for /usr/local/lib/rlm_sql_mysql.so Reading symbols from /usr/lib64/mysql/libmysqlclient_r.so.15...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/mysql/libmysqlclient_r.so.15 Reading symbols from /lib64/libm.so.6...(no debugging symbols found)...done. Loaded symbols for /lib64/libm.so.6 Reading symbols from /lib64/libgcc_s.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libgcc_s.so.1 Reading symbols from /lib64/libnss_dns.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libnss_dns.so.2 Reading symbols from /usr/local/lib/rlm_eap.so...done. Loaded symbols for /usr/local/lib/rlm_eap.so Reading symbols from /usr/local/lib/libfreeradius-eap-2.2.0.so...done. Loaded symbols for /usr/local/lib/libfreeradius-eap-2.2.0.so Reading symbols from /usr/local/lib/rlm_eap_md5.so...done. Loaded symbols for /usr/local/lib/rlm_eap_md5.so Reading symbols from /usr/local/lib/rlm_eap_leap.so...done. Loaded symbols for /usr/local/lib/rlm_eap_leap.so Reading symbols from /usr/local/lib/rlm_eap_gtc.so...done. Loaded symbols for /usr/local/lib/rlm_eap_gtc.so Reading symbols from /usr/local/lib/rlm_eap_tls.so...done. Loaded symbols for /usr/local/lib/rlm_eap_tls.so Reading symbols from /usr/local/lib/rlm_eap_ttls.so...done. Loaded symbols for /usr/local/lib/rlm_eap_ttls.so Reading symbols from /usr/local/lib/rlm_eap_peap.so...done. Loaded symbols for /usr/local/lib/rlm_eap_peap.so Reading symbols from /usr/local/lib/rlm_eap_mschapv2.so...done. Loaded symbols for /usr/local/lib/rlm_eap_mschapv2.so Reading symbols from /usr/local/lib/rlm_always.so...done. Loaded symbols for /usr/local/lib/rlm_always.so warning: no loadable sections found in added symbol-file system-supplied DSO at 0x7fff84bfd000 Core was generated by `/usr/sbin/radiusd -d /etc/raddb'. Program terminated with signal 11, Segmentation fault. #0 0x003c6c07b5bb in memcpy () from /lib64/libc.so.6 -Original Message- From: John Dennis [mailto:jden...@redhat.com] Sent: Wednesday, May 01, 2013 2:06 PM To: FreeRadius users mailing list Cc: Chris Taylor Subject: Re: segfault error On 05/01/2013 01:36 PM, Chris Taylor wrote: I have tried a few times but I can't get a core dump. After radius dies I run gdb /usr/sbin/radiusd /tmp/core_dump/test.dump but I get the following output. # [root@on-radius01 core_dump]# gdb /usr/sbin/radiusd /tmp/core_dump/test.dump GNU gdb (GDB) CentOS (7.0.1-45.el5.centos) Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type show copying and show warranty for details. This GDB was configured as x86_64-redhat-linux-gnu. For bug reporting instructions, please see: http://www.gnu.org/software/gdb/bugs/... Reading symbols from /usr/sbin/radiusd...done. /tmp/core_dump/test.dump is not a core dump: File format not recognized # I have ulimit set to unlimited. [root@on-radius01 core_dump]# ulimit -a core file size (blocks, -c) unlimited data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited What am I doing wrong on this? There is information in this bz you may find useful https://bugzilla.redhat.com/show_bug.cgi?id=602567 -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: segfault error
Ok I have upgraded to a compiled version of freeradius 2.2.0, and I was able to see the same result. It crashed after a few minutes with the error below. on-radius01 kernel: radiusd[10038]: segfault at 73d87000 rip 003c6c07b5bb rsp 73d83c08 error 4 I turned on core dumps to see if I could get any more details out of it, but I could not make it crash after that. Any ideas as to what this could be I can post my -X output but all it says at the bottom when it stops working is segfault. Thanks, Chris -Original Message- From: freeradius-users-bounces+chris.taylor=corp.eastlink...@lists.freeradius.org [mailto:freeradius-users-bounces+chris.taylor=corp.eastlink...@lists.freeradius.org] On Behalf Of Alan DeKok Sent: Wednesday, April 10, 2013 9:45 AM To: FreeRadius users mailing list Subject: Re: segfault error Chris Taylor wrote: I am running freeradius2-2.1.12-5.el5 on a CentOS server release 5.9 (Final). I was doing some testing on some new RADIUS servers that we want to put into production and I got the following error. Well... upgrade to 2.2.0. There's no reason for us to debug issues in old versions. Those have already been debugged and fixed. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: segfault error
Yeah this is the only version of freeradius on the box the other was an rpm version that was removed before I compiled this one. -Original Message- From: freeradius-users-bounces+chris.taylor=corp.eastlink...@lists.freeradius.org [mailto:freeradius-users-bounces+chris.taylor=corp.eastlink...@lists.freeradius.org] On Behalf Of Alan DeKok Sent: Friday, April 12, 2013 3:45 PM To: FreeRadius users mailing list Subject: Re: segfault error Chris Taylor wrote: Ok I have upgraded to a compiled version of freeradius 2.2.0, and I was able to see the same result. It crashed after a few minutes with the error below. on-radius01 kernel: radiusd[10038]: segfault at 73d87000 rip 003c6c07b5bb rsp 73d83c08 error 4 Check that you're really running v2.2.0. Sometimes scripts point to old installations. I turned on core dumps to see if I could get any more details out of it, but I could not make it crash after that. Did you follow the instructions in doc/bugs? That says how to find the bug. Any ideas as to what this could be I can post my -X output but all it says at the bottom when it stops working is segfault. doc/bugs has detailed instructions for just such an occasion. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
segfault error
I am running freeradius2-2.1.12-5.el5 on a CentOS server release 5.9 (Final). I was doing some testing on some new RADIUS servers that we want to put into production and I got the following error. /var/log/messages Apr 9 17:33:45 on-radius01 kernel: radiusd[8831]: segfault at 2aae660ae000 rip 2aae5b6215eb rsp 2aae660ab7c8 error 4 What should I be looking for the RADIUS logs didn't turn up anything as it wasn't in debug mode. Thanks, Chris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
compile with ldap support
What are options do I have to use to compile freeradius with ldap support turned on? I tried ./configure -with-ldap but that didn't seem to work I still get an error about not being able to find rlm_ldap. I checked the mail archives but I couldn't find anything. Thanks, Chris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: compile with ldap support
How do I check that I have them installed I have the openldap rpm installed. I am trying to go from an rpm build to a source build to fix a problem. Chris -Original Message- From: freeradius-users-bounces+chris.taylor=corp.eastlink...@lists.freeradius.org [mailto:freeradius-users-bounces+chris.taylor=corp.eastlink...@lists.freeradius.org] On Behalf Of Arran Cudbard-Bell Sent: Wednesday, April 10, 2013 10:07 PM To: FreeRadius users mailing list Subject: Re: compile with ldap support On 10 Apr 2013, at 21:12, Chris Taylor chris.tay...@corp.eastlink.ca wrote: What are options do I have to use to compile freeradius with ldap support turned on? I tried ./configure -with-ldap but that didn't seem to work I still get an error about not being able to find rlm_ldap. I checked the mail archives but I couldn't find anything. It'll build it by default if you have the libldap headers installed. Check the output of configure to verify it's actually building rlm_ldap. Arran Cudbard-Bell a.cudba...@freeradius.org FreeRADIUS Development Team Please contribute documentation: http://wiki.freeradius.org Fruity Oaty Bars, make a man out of a mouse. Fruity Oaty Bars, make you bust out of your blouse - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_ldap group search filter
I am have profiles setup for all our users but I am having some trouble with
the setting the groupmembership_filter correctly. It will query LDAP
successfully but only after it does a failed search first.
I have tried using numerous filters including the default one but I cant seem
to separate the username by itself which is causing the initial search failure.
I read through the rlm_ldap doc a few times but I didn't seem anything that I
thought would help.
Here is the output from radius -X
This is the part where it uses the search filter and fails.
[files] users: Matched entry DEFAULT at line 214
[domain1] Entering ldap_groupcmp()
[files] expand: ou=radius,o=domain.on.ca,dc=placeholder,dc=ca -
ou=radius,o=domain.on.ca,dc=placeholder,dc=ca
[files] expand:
((objectClass=radiusProfile)(member=%{control:Ldap-UserDn})) -
((objectClass=radiusProfile)(member=uid\3d112boy\2cou\3dradius\2co\3ddomain.on.ca\2cdc\3dplaceholder\2cdc\3dca))
[domain1] ldap_get_conn: Checking Id: 0
[domain1] ldap_get_conn: Got Id: 0
[domain1] performing search in ou=radius,o=domain.on.ca,dc=placeholder,dc=ca,
with filter
((cn=residential_profile)((objectClass=radiusProfile)(member=uid\3d112boy\2cou\3dradius\2co\3ddomain.on.ca\2cdc\3dplaceholder\2cdc\3dca)))
[domain1] object not found
It starts a second search and succeeds.
[domain1] ldap_release_conn: Release Id: 0
[domain1] ldap_get_conn: Checking Id: 0
[domain1] ldap_get_conn: Got Id: 0
[domain1] performing search in
uid=112boy,ou=radius,o=domain.on.ca,dc=palceholder,dc=ca, with filter
(objectclass=*)
rlm_ldap::ldap_groupcmp: User found in group residential_profile
[domain1] ldap_release_conn: Release Id: 0
[files] users: Matched entry DEFAULT at line 222
++[files] returns ok
My users file looks like this.
ldap domain1 {
server = ldap01.placeholder.ca
identity = username xxx
password =
basedn = ou=radius,o=domain.on.ca,dc=placeholder,dc=ca
filter =
((uid=%{%{Stripped-User-Name}:-%{User-Name}})(objectclass=posixAccount)(cn=true))
groupname_attribute = cn
groupmembership_attribute = radiusGroupName
groupmembership_filter =
((objectClass=radiusProfile)(member=%{control:Ldap-UserDn}))
#do_xlat = yes
#compare_check_items = yes
#access_attr_used_for_allow = yes
ldap_connections_number = 5
My users file
DEFAULT Service-Type == Framed-User, Huntgroup-Name == bras, domain1-Ldap-Group
== residential_profile
Service-Type = Framed-User,
Framed-Protocol = PPP,
Cisco-AVPair += ip:inacl#100=permit tcp any x.x.0.16 0.0.0.15 eq 25,
Cisco-AVPair += ip:inacl#200=deny tcp any any eq 25,
Cisco-AVPair += ip:inacl#300=permit ip any any,
Fall-Through = No
Any help is apprecaited.
Thanks,
Chris
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: LDAP groups and profiles
I added this to the users file
DEFAULT ldap1.REALM-2.ca-Ldap-Group == residential_profile
But I get this error when I fire up radius -X
/etc/raddb/users[222]: Parse error (check) for entry DEFAULT:
expecting operator Errors reading /etc/raddb/users
Wild guess, but you might try a simpler module name e.g. ldap2 instead of
ldap2.some.dots-and.hyphens.
Phil I gave that a try but ended up with the same result.
Chris
I was able to get this working by adding that ldap instance to the instantiate
section of radius.conf. I can do a query successfully from LDAP now and pull
the group info, but during the query I am seeing first a failed query then a
successful query how could I go about fixing this? I believe it's the
groupmembership_filter settings but I left them to the default values which
seems to be the consensus on the mailing list.
radius -X output #
[REALM1] Entering ldap_groupcmp()
[files] expand: ou=radius,o=realm1.ca,dc=company,dc=ca -
ou=radius,o=realm1.ca,dc=company,dc=ca
[files] expand:
(|((objectClass=GroupOfNames)(member=%{Ldap-UserDn}))((objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))
-
(|((objectClass=GroupOfNames)(member=))((objectClass=GroupOfUniqueNames)(uniquemember=)))
[REALM1] ldap_get_conn: Checking Id: 0
[REALM1] ldap_get_conn: Got Id: 0
[REALM1] performing search in ou=radius,o=realm1.ca,dc=company,dc=ca, with
filter
((cn=residential_profile)(|((objectClass=GroupOfNames)(member=))((objectClass=GroupOfUniqueNames)(uniquemember=
[REALM1] object not found
[REALM1] ldap_release_conn: Release Id: 0
[REALM1] ldap_get_conn: Checking Id: 0
[REALM1] ldap_get_conn: Got Id: 0
[REALM1] performing search in
uid=112boy,ou=radius,o=realm1.ca,dc=company,dc=ca, with filter (objectclass=*)
rlm_ldap::ldap_groupcmp: User found in group residential_profile
[REALM1] ldap_release_conn: Release Id: 0
###
### Group section of LDAP module #
groupname_attribute = cn
groupmembership_filter =
(|((objectClass=GroupOfNames)(member=%{Ldap-UserDn}))((objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))
groupmembership_attribute = radiusGroupName
#
# LDAP entry for an account I am querying against ##
dn: uid=112boy,ou=radius,o=realm1.ca,dc=company,dc=ca
uid: 112boy
userPassword:
objectClass:top
objectClass: posixAccount
objectClass: radiusProfile
uidNumber: 1100
gidNumber:1100
radiusSimultaneousUse: 099
radiusAuthType: PAP
homeDirectory: //
radiusGroupName: residential_profile
cn: TRUE
###
I do get a successful query I would just like to figure out how to get it to
resolve on the first attempt.
Thanks,
Chris
-Original Message-
From:
freeradius-users-bounces+chris.taylor=corp.eastlink...@lists.freeradius.org
[mailto:freeradius-users-bounces+chris.taylor=corp.eastlink...@lists.freeradius.org]
On Behalf Of Phil Mayers
Sent: Tuesday, February 05, 2013 11:23 AM
To: freeradius-users@lists.freeradius.org
Subject: Re: LDAP groups and profiles
On 05/02/13 15:50, Chris Taylor wrote:
I added this to the users file
DEFAULT ldap1.REALM-2.ca-Ldap-Group == residential_profile
But I get this error when I fire up radius -X
/etc/raddb/users[222]: Parse error (check) for entry DEFAULT:
expecting operator Errors reading /etc/raddb/users
Wild guess, but you might try a simpler module name e.g. ldap2 instead of
ldap2.some.dots-and.hyphens.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: LDAP groups and profiles
I have RADIUS running with multiple realms and multiple LDAP back ends
that stores all my user attributes. I am trying to apply different
user profiles to different groups. What I did was setup the profile in
the USERS file, add the group attributes to the ldap config file, and
on the user’s LDAP account I added the attribute radiusGroupName with
the value “residential_profile”, but I can’t seem to get it to work
correctly.
The debug output is pretty clear. It does an LDAP search, and the object
isn't found.
Make sure that (a) the object is in LDAP, and (b) you've configured
FreeRADIUS to do the right LDAP search.
It
doesn’t seem to query the correct backend.
For backend-specific queries, prefix the LDAP-Group with the backend name:
ldap ldap2.REALM-2.ca {
basedn = ou=radius,o=REALM-2.ca,dc=container,dc=ca
To query this backend, use ldap2.REALM-2.ca-LDAP-Group == ...
Alan DeKok.
Alan I tried the setup that you suggested but it just threw an error at me.
I added this to the users file
DEFAULT ldap1.REALM-2.ca-Ldap-Group == residential_profile
But I get this error when I fire up radius -X
/etc/raddb/users[222]: Parse error (check) for entry DEFAULT: expecting operator
Errors reading /etc/raddb/users
Thanks,
Chris
-Original Message-
From:
freeradius-users-bounces+chris.taylor=corp.eastlink...@lists.freeradius.org
[mailto:freeradius-users-bounces+chris.taylor=corp.eastlink...@lists.freeradius.org]
On Behalf Of Alan DeKok
Sent: Monday, February 04, 2013 3:51 PM
To: FreeRadius users mailing list
Subject: Re: LDAP groups and profiles
Chris Taylor wrote:
I have RADIUS running with multiple realms and multiple LDAP back ends
that stores all my user attributes. I am trying to apply different
user profiles to different groups. What I did was setup the profile in
the USERS file, add the group attributes to the ldap config file, and
on the user’s LDAP account I added the attribute radiusGroupName with
the value “residential_profile”, but I can’t seem to get it to work
correctly.
The debug output is pretty clear. It does an LDAP search, and the object
isn't found.
Make sure that (a) the object is in LDAP, and (b) you've configured
FreeRADIUS to do the right LDAP search.
It
doesn’t seem to query the correct backend.
For backend-specific queries, prefix the LDAP-Group with the backend name:
ldap ldap2.REALM-2.ca {
basedn = ou=radius,o=REALM-2.ca,dc=container,dc=ca
To query this backend, use ldap2.REALM-2.ca-LDAP-Group == ...
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: LDAP groups and profiles
I added this to the users file DEFAULT ldap1.REALM-2.ca-Ldap-Group == residential_profile But I get this error when I fire up radius -X /etc/raddb/users[222]: Parse error (check) for entry DEFAULT: expecting operator Errors reading /etc/raddb/users Wild guess, but you might try a simpler module name e.g. ldap2 instead of ldap2.some.dots-and.hyphens. Phil I gave that a try but ended up with the same result. Chris Chris Taylor System Administrator Network Operations Eastlink chris.tay...@corp.eastlink.caT: 519.773.1287 -Original Message- From: freeradius-users-bounces+chris.taylor=corp.eastlink...@lists.freeradius.org [mailto:freeradius-users-bounces+chris.taylor=corp.eastlink...@lists.freeradius.org] On Behalf Of Phil Mayers Sent: Tuesday, February 05, 2013 11:23 AM To: freeradius-users@lists.freeradius.org Subject: Re: LDAP groups and profiles On 05/02/13 15:50, Chris Taylor wrote: I added this to the users file DEFAULT ldap1.REALM-2.ca-Ldap-Group == residential_profile But I get this error when I fire up radius -X /etc/raddb/users[222]: Parse error (check) for entry DEFAULT: expecting operator Errors reading /etc/raddb/users Wild guess, but you might try a simpler module name e.g. ldap2 instead of ldap2.some.dots-and.hyphens. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
LDAP groups and profiles
I have RADIUS running with multiple realms and multiple LDAP back ends that
stores all my user attributes. I am trying to apply different user profiles to
different groups. What I did was setup the profile in the USERS file, add the
group attributes to the ldap config file, and on the user's LDAP account I
added the attribute radiusGroupName with the value residential_profile, but
I can't seem to get it to work correctly. It doesn't seem to query the correct
backend. I am sure that I have something wrong but I am not sure what I looked
at rlm_ldap and searched the archive list but haven't been able to find
anything any help would be appreciated.
This is what my configuration files look like;
USERS
DEFAULT Ldap-Group == residential_profile
Service-Type = Framed-User,
Framed-Protocol = PPP,
Cisco-AVPair += ip:inacl#100=permit tcp any x.x.x.x 0.0.0.15 eq 25,
Cisco-AVPair += ip:inacl#200=deny tcp any any eq 25,
Cisco-AVPair += ip:inacl#300=permit ip any any,
Fall-Through = No
ldap ldap2.REALM-2.ca {
basedn = ou=radius,o=REALM-2.ca,dc=container,dc=ca
filter =
((uid=%{%{Stripped-User-Name}:-%{User-Name}})(objectclass=posixAccount)(cn=true))
ldap ldap1.REALM-1.ca {
basedn = ou=radius,o=REALM-1.ca,dc=container,dc=ca
filter =
((uid=%{%{Stripped-User-Name}:-%{User-Name}})(objectclass=posixAccount)(cn=true))
groupname_attribute = cn
groupmembership_filter =
(|((objectClass=GroupOfNames)(member=%{control:Ldap-UserDn}))((objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn})))
groupmembership_attribute = radiusGroupName
Output from radius -X
[files] users: Matched entry DEFAULT at line 214
[ldap2.REALM-2.ca] Entering ldap_groupcmp()
[files] expand: ou=radius,o=REALM-2.ca,dc=container,dc=ca -
ou=radius,o= REALM-2ca,dc= container,dc=ca
[files] expand: %{Stripped-User-Name} - 112boy
[files] expand:
((uid=%{%{Stripped-User-Name}:-%{User-Name}})(objectclass=posixAccount)(cn=true))
- ((uid=112boy)(objectclass=posixAccount)(cn=true))
[ldap2. REALM-2.ca] ldap_get_conn: Checking Id: 0
[ldap2. REALM-2.ca] ldap_get_conn: Got Id: 0
[ldap2. REALM-2.ca] attempting LDAP reconnection
[ldap2. REALM-2.ca] Bind was successful
[ldap2. REALM-2.ca] performing search in ou=radius,o= REALM-2.ca,dc=
container,dc=ca, with filter ((uid=112boy)(objectclass=posixAccount)(cn=true))
[ldap2. REALM-2.ca] object not found
rlm_ldap::ldap_groupcmp: search failed
[ldap2. REALM-2.ca] ldap_release_conn: Release Id: 0
Thanks,
Chris
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Best way to apply default profile
This is the scenario that I have freeradius with LDAP for authentication and authorization and SQL for accounting. I want to try and force every user to have a default profile that will allow them to only use our local SMTP server. I also have some businesses that I will need to exclude from this profile and allow to them send SMTP traffic anywhere. What is the best way to go about this? Should I put the options in the users file and then create an entry for the select users in SQL and have it pull the separate profile from there? These are the options and profiles that I would like to apply; ### Allow local SMTP only ### acl_permit_local_smtp Cisco-AVPair += ip:inacl#100=permit tcp any 24.222.0.16 0.0.0.15 eq 25 acl_permit_local_smtp Cisco-AVPair += ip:inacl#200=deny tcp any any eq 25 acl_permit_lcoal_smtp Cisco-AVPair += ip:inacl#300=permit ip any any acl_permit_lcoal_smtp Fall-Through = Yes ### Allow any SMTP ### acl_permit_all_smtp Cisco-AVPair += ip:inacl#90=permit tcp any any eq 25 acl_permit_all_smtp Fall-Through = Yes I am just looking for the best way to do this. Thanks, Chris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Setting up multiple NULL realms
I am trying to collapse multiple domains into one RADIUS server (version
2-2.1.12-4.el5_8)with and LDAP backend.
I have everything that has a realm suffix working I.E. username@domain-name,
RADIUS will strip the username query the LDAP server (each domain has its own
OU)and life is good.
The problem I am running into is this. Each of the domains that I am collapsing
had multiple users that would just connect with username. I can setup the
NULL realm but I have only been successful in getting it to work for one of my
domains (domain-1.com), all others (I.E. domain-2.com, domain-3.com) will get a
password reject error as it queries against that virtual server and subsequent
OU, I have tried to setup multiple virtual servers in the realm NULL setup but
that doesn't work. I have looked in the mailing list archives and searched the
net but I have not been able to find anything related to this.
Proxy.conf setup
realm NULL {
virtual_server = virtual.domain-1.com
virtual_server = virtual.domain-1.com
}
Users file setup
DEFAULT Realm == NULL, Service-Type == Framed-User, Huntgroup-Name == bras
Filter-Id = NoRealm,
Fall-Through = Yes
What way should I be going about this?
Thanks,
Chris
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Best way to capture RADIUS passwords
I am migrating from one RADIUS setup that checks against a flat file with usernames and passwords inside it . Over to a RADIUS server with and LDAP backend. I have used JTR to crack most of the passwords but I still have some left over that JTR cant crack. I was thinking of trying to run a packet capture to get the remaining usernames and passwords. What would be the best way to do this? Run RADIUS in debug mode Radius -X? Or try to use tcpdump and pick it up that way or is it even possible to do? I have been trolling the internet for a few days and have not come up with a good way to do it. I setup tcpdump to dump to a file (tcpdump -i eth0 -n -s0 port radius -w rad-capture.lpc) , but when I check it out with wireshark I am unable to see the password (just the username). Am I going about this the wrong way? Thanks, Chris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
