freeradius proxying to Juniper Steel-Belted - returning trailing \000 in attributes
I'm running freeradius v2.1.1 that proxies to a Juniper Steel-Belted Radius. (NAS->freeradius->Juniper). The authentication works and the reply is sent to my NAS, but the Juniper sends back trailing \000 in the return attributes which my NAS obviously is not too fond of. The debug shows: rad_recv: Access-Accept packet from host port 1812, id=94, length=289 Class = 0x53425232434c978dc5a3c1f6cbdbd4c011802c01800281988002801081aa91aab5a2d5a6c5a9908ab5a1b99ccc12800e81978dc5a3c1f6cbdbd4c289e48c84 Proxy-State = 0x3838 Cisco-AVPair = "+=lcp:interface-config= ip unnumbered lo10\000" Cisco-AVPair = "+=ip:addr-pool=testpool\000" Cisco-AVPair = "+=lcp:interface-config= ip vrf forwarding testvrf\000" Cisco-AVPair = "+=ip:dns-servers=x.x.x.x y.y.y.y\000" I'm having a problem figuring out where the trailing \000 is coming from. Has anyone experienced similar behavior or have experience proxying from freeradius to Juniper? Cheers, Jørn - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxy - wrong IP
I got it working once I upgraded to 2.1.2. Guess something was wrong with my 2.1.1 install. A pity that it's not possible to have more then one proxy listener as this would be very useful. I guess I'll have to nest multiple freeradius installs in the future when I need to proxy to other networks. Cheers, Jørn Greg Woods wrote: >> You can control this. Read radiusd.conf, and look for the >> documentation in the "listen" section. > > What this means in a nutshell is that there is no direct way to tell > freeradius what source IP address to use when proxying(I'll be happy > if I'm proven wrong on that). Perhaps you could try reading what I said? Or, if you're not running 2.x, upgrade. > The only way to accomplish this is to force freeradius to listen on > only a single IP address (which I think is what Alan is suggesting). > This will cause freeradius to use that IP as the source for anything > it sends. I have run into this issue on multihomed servers and it's > the only way I found to solve it. This is documented. It works. It does what I said. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Proxy - wrong IP
Hi, My server has two interfaces, A and B. My NAS is on interface A and I'm proxying to another Radius on interface B. My problem is that FreeRadius is sending packets to the Radius at interface B with the IP of interface A (the listening interface to my NAS). I'm running FreeRadius v2.1.1. I've tried to add another listening interface with the IP from interface B, but no difference (shot in the dark really). How can I force FreeRadius to use another IP for the proxying? Cheers, Jørn - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Multiple groups
I'm trying to add multiple groups to a user, but only the group with the highest priority (lowest number) is being processed. I've tried this on Freeradius 1.1.7, 2.0.4 and 2.1.1. When I set the priorities different only the first is processed. If I set the priority to the same level only the first entry in the database is processed. Do I need to enable this feature somewhere, or what? Cheers, Jørn - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: memory corruption when proxying accounting requests
Sorry! The CVS fixed the problem. Thanks! -Opprinnelig melding- Fra: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] På vegne av Alan DeKok Sendt: 30. januar 2008 15:21 Til: FreeRadius users mailing list Emne: Re: memory corruption when proxying accounting requests Jørn Kostøl wrote: > I tried the latest snapshot freeradius-server-snapshot-20080130.tar.bz2 but > this has the same problem. That's nice. Did you download it from CVS as instructed? The bug was fixed about 15 minutes before I sent my email. The fix is *not* in that snapshot. It *is* in CVS, as I said. Honestly, if you're told the fix is in a particular place, I don't understand why anyone would look for a fix anywhere else... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: memory corruption when proxying accounting requests
I tried the latest snapshot freeradius-server-snapshot-20080130.tar.bz2 but this has the same problem. -Opprinnelig melding- Fra: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] På vegne av Alan DeKok Sendt: 30. januar 2008 10:35 Til: FreeRadius users mailing list Emne: Re: memory corruption when proxying accounting requests Jørn Kostøl wrote: > Local auth and acct works fine, and proxying auth works. But as soon as > I try to proxy accounting then Freeradius crashes. The issue isn't proxying, but dealing with attributes that aren't in the dictionaries. Bug #514 was recently filed about this. The solution is in CVS. Grab the latest version of src/lib/valuepair.c, and it will be fixed. The file will work in 2.0.1 (if you re-build from source), or you can just install from CVS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
memory corruption when proxying accounting requests
Hi, Im having problems proxying accounting requests on FreeRadius 2. Local auth and acct works fine, and proxying auth works. But as soon as I try to proxy accounting then Freeradius crashes. I have tried proxying to an old stable freeradius server, through a home server, direct to a virtual server, home server pools, and I have tried to add and remove all the modules and options I can to try to find if there is a particular part that makes it crash but no luck. The accounting requests gets sent, and FreeRadius crashes after. Ive tried to install both version FreeRadius 2.0.0 and 2.0.1 on two different servers both running different Ubuntu versions. Anyone have an idea what I can try next? Here is output from one of the installations: *** glibc detected *** ../../sbin/radiusd: malloc(): memory corruption: 0x081b7460 *** === Backtrace: = /lib/tls/i686/cmov/libc.so.6[0xb7c7c1cd] /lib/tls/i686/cmov/libc.so.6(malloc+0x7f)[0xb7c7d83f] /usr/local/freeradius2/lib/libfreeradius-radius-2.0.1.so(paircopy2+0x69)[0xb 7f503d9] /usr/local/freeradius2/lib/libfreeradius-radius-2.0.1.so(paircopy+0x25)[0xb7 f50475] ../../sbin/radiusd[0x806150d] ../../sbin/radiusd(radius_handle_request+0x5b)[0x806160b] ../../sbin/radiusd(thread_pool_addrequest+0x36)[0x805bd56] ../../sbin/radiusd[0x8060c32] /usr/local/freeradius2/lib/libfreeradius-radius-2.0.1.so(fr_event_loop+0x236 )[0xb7f53db6] ../../sbin/radiusd(radius_event_process+0x30)[0x80624e0] ../../sbin/radiusd(main+0x572)[0x805ad52] /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xdc)[0xb7c2a8cc] ../../sbin/radiusd[0x804d1f1] === Memory map: 08048000-08076000 r-xp 08:07 326643 /usr/local/freeradius2/sbin/radiusd 08076000-08078000 rw-p 0002d000 08:07 326643 /usr/local/freeradius2/sbin/radiusd 08078000-081d3000 rw-p 08078000 00:00 0 [heap] b780-b7821000 rw-p b780 00:00 0 b7821000-b790 ---p b7821000 00:00 0 b79ab000-b79b5000 r-xp 08:01 144592 /lib/libgcc_s.so.1 b79b5000-b79b6000 rw-p 9000 08:01 144592 /lib/libgcc_s.so.1 b79bb000-b79bd000 r-xp 08:07 326401 /usr/local/freeradius2/lib/rlm_attr_filter-2.0.1.so b79bd000-b79be000 rw-p 1000 08:07 326401 /usr/local/freeradius2/lib/rlm_attr_filter-2.0.1.so b79be000-b79e2000 r-xp 08:01 144858 /lib/tls/i686/cmov/libm-2.4.so b79e2000-b79e4000 rw-p 00023000 08:01 144858 /lib/tls/i686/cmov/libm-2.4.so b79e4000-b7b73000 r-xp 08:07 505387 /usr/lib/libmysqlclient_r.so.15.0.0 b7b73000-b7bb7000 rw-p 0018e000 08:07 505387 /usr/lib/libmysqlclient_r.so.15.0.0 b7bb7000-b7bb8000 rw-p b7bb7000 00:00 0 b7bba000-b7bbc000 r-xp 08:07 326391 /usr/local/freeradius2/lib/rlm_acct_unique-2.0.1.so b7bbc000-b7bbd000 rw-p 1000 08:07 326391 /usr/local/freeradius2/lib/rlm_acct_unique-2.0.1.so b7bbd000-b7bbf000 r-xp 08:07 326608 /usr/local/freeradius2/lib/rlm_sql_mysql-2.0.1.so b7bbf000-b7bc rw-p 1000 08:07 326608 /usr/local/freeradius2/lib/rlm_sql_mysql-2.0.1.so b7bc-b7bc8000 r-xp 08:07 326613 /usr/local/freeradius2/lib/rlm_sql-2.0.1.so b7bc8000-b7bc9000 rw-p 7000 08:07 326613 /usr/local/freeradius2/lib/rlm_sql-2.0.1.so b7bc9000-b7bcb000 r-xp 08:07 326598 /usr/local/freeradius2/lib/rlm_realm-2.0.1.so b7bcb000-b7bcc000 rw-p 1000 08:07 326598 /usr/local/freeradius2/lib/rlm_realm-2.0.1.so b7bcc000-b7bce000 r-xp 08:07 326583 /usr/local/freeradius2/lib/rlm_preprocess-2.0.1.so b7bce000-b7bcf000 rw-p 2000 08:07 326583 /usr/local/freeradius2/lib/rlm_preprocess-2.0.1.so b7bcf000-b7bd1000 r-xp 08:07 326411 /usr/local/freeradius2/lib/rlm_chap-2.0.1.so b7bd1000-b7bd2000 rw-p 1000 08:07 326411 /usr/local/freeradius2/lib/rlm_chap-2.0.1.so b7bd2000-b7bd5000 r-xp 08:07 326567 /usr/local/freeradius2/lib/rlm_pap-2.0.1.so b7bd5000-b7bd6000 rw-p 3000 08:07 326567 /usr/local/freeradius2/lib/rlm_pap-2.0.1.so b7bd6000-b7bd9000 r-xp 08:07 326551 /usr/local/freeradius2/lib/rlm_logintime-2.0.1.so b7bd9000-b7bda000 rw-p 2000 08:07 326551 /usr/local/freeradius2/lib/rlm_logintime-2.0.1.so b7bda000-b7bdc000 r-xp 08:07 326514 /usr/local/freeradius2/lib/rlm_expiration-2.0.1.so b7bdc000-b7bdd000 rw-p 1000 08:07 326514 /usr/local/freeradius2/lib/rlm_expiration-2.0.1.so b7bdd000-b7be r-xp 08:07 326519 /usr/local/freeradius2/lib/rlm_expr-2.0.1.so b7be-b7be1000 rw-p 2000 08:07 326519 /usr/local/freeradius2/lib/rlm_expr-2.0.1.so b7be1000-b7beaAborted Cheers, Jørn - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Different outgoing then ingoing IP when proxying
Hi, I have a 2.0.1 server running as proxy, with a virtual server handling the proxied requests. However a firewall, which cannot be changed, does not let me send packets from the external IP to the localhost on which the virtual server is listening. Is it possible to have Freeradius listen on one IP for the NAS, but proxy on a different IP (localhost) ? Cheers, Jørn - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
SV: Reject reason
I have specified Calling-Station-Id in the radcheck table along with the Username/Password entry. Fra: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] På vegne av Garber, Neal Sendt: 13. november 2006 15:36 Til: FreeRadius users mailing list Emne: RE: Reject reason >I am authenticating users based on Calling-Station-Id in addition to password. >All accepts and rejects are logged to the postauth table in my database. Using what type of authentication? Are you really checking Calling-Station-Id during authenticate or are you checking it during authorize? What module are you using to validate it? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Reject reason
I am authenticating users based on Calling-Station-Id in addition to password. All accepts and rejects are logged to the postauth table in my database. But I cannot see why the user got rejected, if it was wrong Calling-Station-Id or wrong password. Any ideas? Cheers, Jørn - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html