XP SP2 PEAP MSCHAPv2
Thanks for the help. We tried the pre 1.0.2 CVS Solaris fixes but we are still hitting the same problem. The symptom has to do with password processing in module rlm_mschap. Has anyone successfully authenticated with XP SP2 using PEAP MSCHAPv2 using the Windows userid and passowrd, on Solaris 8? We are more interested in using the XP for our supplicant platform, but are less concerned about what OS to base the freeRADIUS server. What is an optimal OS and version alternative for freeRADIUS that will work with XP? We will also give 1.0.2 a run when it becomes available. A portion of the debug using the CVS download follows our previous exchange. Thanks,John Gauntt>[EMAIL PROTECTED] wrote:>> I have unsuccessfully attempted to authenticate an XP SP2>> supplicant using PEAP MSCHAPv2. I am using freeradius 1.0.1, Solaris 8,> There are known problems with 1.0.1 on Solaris.> 1.0.2 should be out in a week or two, or if you don't want to wait, do:>$ cvs -d :pserver:[EMAIL PROTECTED]:/source login>$ cvs -d :pserver:[EMAIL PROTECTED]:/source checkout -r release_1_0>radiusd> And that will get you 99.9% of what will be in 1.0.2, now. Most>importantly, it will get you the fixes for Solaris.> Alan DeKok.radiusd -XStarting - reading configuration files ...reread_config: reading radiusd.confConfig: including file: /usr/local/etc/raddb/proxy.confConfig: including file: /usr/local/etc/raddb/clients.confConfig: including file: /usr/local/etc/raddb/snmp.confConfig: including file: /usr/local/etc/raddb/eap.confConfig: including file: /usr/local/etc/raddb/sql.confmain: prefix = "/usr/local"main: localstatedir = "/usr/local/var"main: logdir = "/usr/local/var/log/radius"main: libdir = "/usr/local/lib"main: radacctdir = "/usr/local/var/log/radius/radacct"main: hostname_lookups = nomain: max_request_time = 30main: cleanup_delay = 5main: max_requests = 1024main: delete_blocked_requests = 0main: port = 0main: allow_core_dumps = nomain: log_stripped_names = nomain: log_file = "/usr/local/var/log/radius/radius.log"main: log_auth = nomain: log_auth_badpass = nomain: log_auth_goodpass = nomain: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"main: user = "(null)"main: group = "(null)"main: usercollide = nomain: lower_user = "no"main: lower_pass = "no"main: nospace_user = "no"main: nospace_pass = "no"main: checkrad = "/usr/local/sbin/checkrad"main: proxy_requests = noproxy: retry_delay = 5proxy: retry_count = 3proxy: synchronous = noproxy: default_fallback = yesproxy: dead_time = 120proxy: post_proxy_authorize = yesproxy: wake_all_if_all_dead = nosecurity: max_attributes = 200security: reject_delay = 1security: status_server = nomain: debug_level = 0read_config_files: reading dictionaryread_config_files: reading naslistUsing deprecated naslist file. Support for this will go away soon.read_config_files: reading clientsread_config_files: reading realmsradiusd: entering modules setupModule: Library search path is /usr/local/libModule: Loaded execexec: wait = yesexec: program = "(null)"exec: input_pairs = "request"exec: output_pairs = "(null)"exec: packet_type = "(null)"rlm_exec: Wait=yes but no output defined. Did you mean output=none?Module: Instantiated exec (exec)Module: Loaded exprModule: Instantiated expr (expr)Module: Loaded PAPpap: encryption_scheme = "crypt"Module: Instantiated pap (pap)Module: Loaded CHAPModule: Instantiated chap (chap)Module: Loaded MS-CHAPmschap: use_mppe = yesmschap: require_encryption = nomschap: require_strong = nomschap: with_ntdomain_hack = nomschap: passwd = "(null)"mschap: authtype = "MS-CHAP"mschap: ntlm_auth = "(null)"Module: Instantiated mschap (mschap)Module: Loaded Systemunix: cache = nounix: passwd = "(null)"unix: shadow = "(null)"unix: group = "(null)"unix: radwtmp = "/usr/local/var/log/radius/radwtmp"unix: usegroup = nounix: cache_reload = 600Module: Instantiated unix (unix)Module: Loaded eapeap: default_eap_type = "peap"eap: timer_expire = 60eap: ignore_unknown_eap_types = noeap: cisco_accounting_username_bug = norlm_eap: Loaded and initialized type md5rlm_eap: Loaded and initialized type leapgtc: challenge = "Password: "gtc: auth_type = "PAP"rlm_eap: Loaded and initialized type gtctls: rsa_key_exchange = notls: dh_key_exchange = yestls: rsa_key_length = 512tls: dh_key_length = 512tls: verify_depth = 0tls: CA_path = "(null)"tls: pem_file_type = yestls: private_key_file = "/usr/local/etc/raddb/certs/cert-srv.pem"tls: certificate_file = "/usr/local/etc/raddb/certs/cert-srv.pem"tls: CA_file = "/usr/local/etc/raddb/certs/demoCA/cacert.pem"tls: private_key_password = "whatever"tls: dh_file = "/usr/local/etc/raddb/certs/dh"tls: random_file = "/usr/local/etc/raddb/certs/random"tls: fragment_size = 1024tls: include_length = yestls: check_crl = yestls: check_cert_cn = "%{User-Name}"rlm_eap: Loaded and initialized type tlspeap: default_eap_type = "mschapv2"peap: copy_request_to_tunnel = nopeap: use_tunneled_reply = nopeap: proxy_tunneled_request_as_eap = yesrlm_eap: Loaded
XP SP2 PEAP MSCHAPv2
Hi folks,
I
have unsuccessfully attempted to authenticate an XP SP2 supplicant using
PEAP MSCHAPv2. I am using freeradius 1.0.1, Solaris 8, and a Cisco
1100 AP. The problem appears to be with freeradius not having an
NT-Password and perhaps not having a correct challenge value when the mschap_authenticate
function of module rlm_mschap is executing. I have put numerous debug
statements in the code to better understand the logic flow and identify
the problem. There was no NT-Password returned at the function pairfind
but the smbdes_mschap no VALUE_PAIR containing an NT_Password and
the challenge value appears to be about eight bytes long. I added
an NT-Password to the users file to see if I could get the code to move
further and validate the observation that the password was the problem.
The code failed in the same place which brought attention to the
challenge. Where could I put a debug statement to get the earliest look
at the NT Password in the thread? What else should I be looking at
besides the password at this phase of the dialogue? I would like
to start with a simple configuration and then add complexity so I could
better understand the behaviour of each component. However, with
the XP SP2 wireless configuration it is a choice of 802.1x(PEAP/MSCHAPv2
or certificates) or nothing. Is there anyone who has gained success
with this configuration? I appreciate any help.
Thanks,
John
(609)485-8075
[EMAIL PROTECTED]
users
EI2F-ENDL1\\Tech_Support User-Password
== "endl1_freeradius"
NT-Password
== "endl1_freeradius",
Framed-IP-Address
= 12.1.10.20,
Framed-IP-Netmask
= 255.255.255.0,
Framed-MTU
= 1500,
Reply-Message
= "Hello, %u",
Fall-Through
= no
rlm_mschap
/*
*
We need an NT-Password.
*/
nt_password
= pairfind(request->config_items, PW_NT_PASSWORD);
if
(nt_password) {
if ((nt_password->length == 16) ||
((nt_password->length ==
32) &&
(hex2bin(nt_password->strvalue,
nt_password->strvalue, 16) == 16))) {
DEBUG2("
rlm_mschap: Found NT-Password");
nt_password->length
= 16;
} else {
radlog(L_ERR,
"rlm_mschap: Invalid NT-Password");
nt_password
= NULL;
}
}
else if (!password) {
DEBUG2(" rlm_mschap: No User-Password
configured. Cannot create NT-Password.");
}
else { /*
there is a configured User-Password */
nt_password = pairmake("NT-Password",
"", T_OP_EQ);
if (!nt_password) {
radlog(L_ERR,
"No memory");
} else {
ntpwdhash(nt_password->strvalue,
password->strvalue);
nt_password->length
= 16;
pairadd(&request->config_items,
nt_password);
}
}
The null NT-Password and questionable
challenge values result in FAILED message.
/*
* The
old "mschapv2" function has been moved to
* here.
*
* MS-CHAPv2
takes some additional data to create an
* MS-CHAPv1
challenge, and then does MS-CHAPv1.
*/
challenge_hash(response->strvalue + 2,
/* peer challenge */
challenge->strvalue, /* our challenge */
username_string, /*
user name */
mschapv1_challenge); /* resulting challenge */
DEBUG2(" rlm_mschap: Told
to do MS-CHAPv2 for %s with NT-Password",
username_string);
if (do_mschap(inst, request, nt_password,
mschapv1_challenge,
response->strvalue + 26, nthashhash) < 0) {
DEBUG2("
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect");
add_reply(&request->reply->vps,
*response->strvalue,
"MS-CHAP-Error", "E=691
R=1", 9);
return
RLM_MODULE_REJECT;
}
radiusd -X
Waking up in 1 seconds...
rad_recv: Access-Request packet from
host 12.1.10.16:21647, id=128, length=254
paircreate: Name: User-Name, Attr:
1, Strvalue:
User-Name
= "EI2F-ENDL1\\Tech_Support"
paircreate: Name: Framed-MTU, Attr:
12, Strvalue:
Framed-MTU
= 1400
paircreate: Name: Called-Station-Id,
Attr: 30, Strvalue:
Called-Station-Id
= "0011.5c81.b2e0"
paircreate: Name: Calling-Station-Id,
Attr: 31, Strvalue:
Calling-Station-Id
= "000f.f736.3068"
paircreate: Name: Message-Authenticator,
Attr: 80, Strvalue:
Message-Authenticator
= 0x2d0787df62d97fb27613b813f61147db
paircreate: Name: EAP-Message, Attr:
79, Strvalue:
EAP-Message
= 0x02
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
Hi folks,
I have unsuccessfully attempted to
authenticate an XP SP2 user with PEAP MSCHAPv2. I am using Solaris
8 for the freeRADIUS server and a CISCO 1100 Access Point.
Ron,
I tried the "with_ntdomain_hack=yes" in the mschap section and
it made no observable difference. Thanks.
Module
rlm_mschap is expecting an NT-Password type password, does not find one
via the pairfind function, and subsequently builds a VALUE_PAIR containing
an NULL NT_Password. This null password is what fails the password
length criterion test (16 chars exactly) in the do_mschap function call
and results in the "rlm_mschap:
FAILED: MS-CHAP2-Response is incorrect
" message. However, a pairfind function call in rlm_mschap
does return a VALUE_PAIR of PW_Password type with my password, which is
configured in the "users" file as well as on the XP SP2 supplicant.
I am not sure if this this VALUE_PAIR with my password came from
the "users" file(config_items) or from the XP SP2 supplicant.
I am not yet sure if the XP SP2 supplicant is not sending the password
and that is why rlm_mschap is creating a NULL password of NT-Passwowd type.
I added debug statements to rlm_mschap.c module that appear in the
"radiusd -X" output. I Included slices from "radiusd
-X" output, ".conf" files "rlm_mschap" files.
Thanks for any help.
John Gauntt
[EMAIL PROTECTED]
The XP SP2 authentication settings are:
"Enable IEEE 802.1x authentication"
- checked
"Validate server certificate" - checked
"Connect to these servers" - identified
and checked
"Trusted Root Certification Authorities"
- copied file, selected
"Authentication Method" - EAP-MSCHAPV2
users
EI2F-ENDL1\\Tech_Support User-Password == "endl1_freeradius"
Framed-IP-Address = 12.1.10.20,
Framed-IP-Netmask = 255.255.255.0,
Framed-MTU = 1500,
Reply-Message = "Hello, %u",
Fall-Through = no
rlm_mschap.c
/*
* mschap_authenticate()
- authenticate user based on given
* attributes
and configuration.
* We
will try to find out password in configuration
* or
in configured passwd file.
* If
one is found we will check paraneters given by NAS.
*
* If
PW_SMB_ACCOUNT_CTRL is not set to ACB_PWNOTREQ we must have
* one
of:
*
PAP: PW_PASSWORD
or
*
MS-CHAP: PW_MSCHAP_CHALLENGE and
PW_MSCHAP_RESPONSE or
*
MS-CHAP2: PW_MSCHAP_CHALLENGE and PW_MSCHAP2_RESPONSE
* In
case of password mismatch or locked account we MAY return
* PW_MSCHAP_ERROR
for MS-CHAP or MS-CHAP v2
* If
MS-CHAP2 succeeds we MUST return
* PW_MSCHAP2_SUCCESS
*/
static int mschap_authenticate(void
* instance, REQUEST *request)
{
.
.
.
/*
*
Decide how to get the passwords.
*/
password
= pairfind(request->config_items, PW_PASSWORD);
if
( password != NULL ) {
DEBUG2(" rlm_mschap, PW-Password:
valuepair \"%s\"", password->name);
DEBUG2(" rlm_mschap, PW-Password:
Password Length \"%x\"", password->length);
DEBUG2(" rlm_mschap, PW-Password:
Password \"%s\"", password->strvalue);
}
else {
DEBUG2(" rlm_mschap, PW-Password:
password = NULL ");
}
/*
*
We need an LM-Password.
*/
lm_password
= pairfind(request->config_items, PW_LM_PASSWORD);
if
(lm_password) {
/*
* Allow
raw octets.
*/
if ((lm_password->length == 16) ||
((lm_password->length ==
32) &&
(hex2bin(lm_password->strvalue,
lm_password->strvalue, 16) == 16))) {
DEBUG2("
rlm_mschap: Found LM-Password");
lm_password->length
= 16;
} else {
radlog(L_ERR,
"rlm_mschap: Invalid LM-Password");
lm_password
= NULL;
}
}
else if (!password) {
DEBUG2(" rlm_mschap: No User-Password
configured. Cannot create LM-Password.");
}
else { /*
there is a configured User-Password */
lm_password = pairmake("LM-Password",
"", T_OP_EQ);
if (!lm_password) {
radlog(L_ERR,
"No memory");
} else {
smbdes_lmpwdhash(password->strvalue,
lm_password->strvalue);
lm_password->length
= 16;
pairadd(&request->config_items,
lm_password);
}
}
/*
*
We need an NT-Password.
*/
nt_password
= pairfind(request->config_items, PW_NT_PASSWORD);
if
(nt_password) {
if ((nt_password->len
rlm_mschap: FAILED: MSCHAP2 -Response is incorrect
Hi folks,
I have unsuccessfully attempted to authenticate
an XP SP2 user with PEAP MSCHAPv2. I am using Solaris 8 for the freeRADIUS
server and a CISCO 1100 Access Point. I have tried numerous combinations
of ".conf" settings but have not progressed further. I
copied the "root.p12" certificate file from the /usr/local/etc/raddb/certs
directory and applied it to the XP SP2 Trusted Root Certification Authorities
repository; Is this what you are supposed to do for PEAP MSCHAPv2 to complement
the "cert-srv.pem" files referenced by TLS? Because of
a post that I read, I added the Service Pack 2 to Win XP PRO. I traced
the debug message "rlm_mschap:
FAILED: MS-CHAP2-Response is incorrect
" to the test statement, after the "smbdes_mschap" function
call, that returns a "-1" because the "calculated"
value is not equal in length to the "response" value. The
comments in the "smbdes_mschap" function, that the "do_mschap"
function calls, read that the NT Password must be 16 characters long, and
presumably the "calculated" and "response" values will
then be equal in length. I made my password on the XP machine and
the "users" file 16 characters long and I added debug statements
to the "rlm_mschap" module to backtrack on the data flow to find
the problem. I Included slices from "radiusd -X" output,
".conf" files "rlm_mschap" files. Thanks
for any help.
John Gauntt
[EMAIL PROTECTED]
The XP SP2 authentication settings are:
"Enable IEEE 802.1x authentication"
- checked
"Validate server certificate" - checked
"Connect to these servers" - identified
and checked
"Trusted Root Certification Authorities"
- copied file, selected
"Authentication Method" - EAP-MSCHAPV2
users
EI2F-ENDL1\\Tech_Support User-Password == "endl1_freeradius"
Framed-IP-Address = 12.1.10.20,
Framed-IP-Netmask = 255.255.255.0,
Framed-MTU = 1500,
Reply-Message = "Hello, %u",
Fall-Through = no
eap.conf
default_eap_type
= peap
timer_expire
= 60
ignore_unknown_eap_types
= no
md5 {
}
leap {
}
gtc {
auth_type = PAP
}
tls {
private_key_password = whatever
private_key_file = ${raddbdir}/certs/cert-srv.pem
certificate_file = ${raddbdir}/certs/cert-srv.pem
CA_file = ${raddbdir}/certs/demoCA/cacert.pem
dh_file = ${raddbdir}/certs/dh
random_file = ${raddbdir}/certs/random
fragment_size = 1024
include_length = yes
}
peap {
default_eap_type = mschapv2
}
mschapv2 {
}
}
rlm_mschap.c
(slices)
/*
* The
old "mschapv2" function has been moved to
* here.
*
* MS-CHAPv2
takes some additional data to create an
* MS-CHAPv1
challenge, and then does MS-CHAPv1.
*/
challenge_hash(response->strvalue + 2,
/* peer challenge */
challenge->strvalue, /* our challenge */
username_string, /*
user name */
mschapv1_challenge); /* resulting challenge */
DEBUG2(" rlm_mschap: Told to do
MS-CHAPv2 for %s with NT-Password",
username_string);
DEBUG2("
rlm_mschap, before do_mschap: PASSWORD \"%s\"", nt_password);
if (do_mschap(inst, request, nt_password,
mschapv1_challenge,
response->strvalue + 26, nthashhash) < 0) {
DEBUG2("
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect");
DEBUG2("
rlm_mschap, after do_mschap: PASSWORD \"%s\"", nt_password);
add_reply(&request->reply->vps,
*response->strvalue,
"MS-CHAP-Error", "E=691
R=1", 9);
return
RLM_MODULE_REJECT;
}
/*
*
Do normal authentication.
*/
if
(!do_ntlm_auth) {
/*
* No
password: can't do authentication.
*/
if (!password) {
DEBUG2("
rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication.");
return
-1;
}
DEBUG2("rlm_mschap: Authenticate passwor
XP SP1 PEAP MSCHAPv2 configuration
Hi folks,
I am attempting to configure an Windows XP
SP1 client to
authenticate with freeRadius, but am not progressing beyond a point where
the freeRadius server periodically sends an "Access-Challenge".
The other
components are a Cisco 1100 access point, and Solaris 8 for the freeRadius
server. I have tried numerous combinations of XP client settings
and
freeRadius "users" file entries. The latest combination
is represented
with the "radiusd -X" output, and slices of the "users"
and eap.conf files.
I understand that with PEAP-MSCHAPv2, only
a server side
certificate is needed. With that in mind, what is required of the
client
configuration for the options of selecting "Validate Server Certificate"
and selecting "Trusted Root Authorities" ?
Thank you for any help.
John Gauntt
XP Client Configuration
"enable IEEE 802.1x authentication"-checked
EAP type: Protected EAP (PEAP)
"Validate server certificate"-checked
"Connect to these servers"-checked
and identified
"Trusted Root Certification Authorities"-none
selected
Authentication Method: EAP_MSCHAPV2
"When connecting: Automatically use my
Windows logon name and
password (and domain if any)"-checked
"Enable Fast Reconnect"-checked
users
EI2F-ENDL1\\Tech_Support User-Password == "freeradius"
Reply-Message = "Hello, %u",
Fall-Through = Yes
eap.conf
eap {
default_eap_type
= peap
timer_expire
= 60
ignore_unknown_eap_types
= no
cisco_accounting_username_bug
= no
# Supported EAP-types
md5 {
}
# Cisco LEAP
#
leap {
}
gtc {
#challenge = "Password: "
auth_type = PAP
}
tls {
private_key_password = whatever
private_key_file = ${raddbdir}/certs/cert-srv.pem
certificate_file = ${raddbdir}/certs/cert-srv.pem
# Trusted Root CA list
CA_file = ${raddbdir}/certs/demoCA/cacert.pem
dh_file = ${raddbdir}/certs/dh
random_file = ${raddbdir}/certs/random
fragment_size = 1024
#
include_length = yes
#
check_crl = yes
#
check_cert_cn = %{User-Name}
}
peap {
default_eap_type = mschapv2
}
mschapv2 {
}
}
radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
Config: including file: /usr/local/etc/raddb/eap.conf
Config: including file: /usr/local/etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/usr/local/var"
main: logdir = "/usr/local/var/log/radius"
main: libdir = "/usr/local/lib"
main: radacctdir = "/usr/local/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/usr/local/var/log/radius/radius.log"
main: log_auth = yes
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec:
Re: freeRadius, PEAP, MSCHAP, Segment Fault(coredump)
[EMAIL PROTECTED] wrote: >> This is my second try at this post; the first was too long. I read the >> archives and then attempted to >> configure freeRadius using PEAP MSCHAP. After some initial success I am >> stuck with a Segment Fault(coredump). Alan Dekok wrote: > It's another stupid bug in libltdl. The fix is to do: >$ configure --disable-shared >$ make >$ make install > Alan DeKok. I tried the configure switch and got another Segment Fault(coredump). Is there other debug information that is useful for resolving this problem? Thanks, John Gauntt [EMAIL PROTECTED]
freeRadius, PEAP, MSCHAP, Segment Fault(coredump)
Hi folks, This is my second try at this post; the first was too long. I read the archives and then attempted to configure freeRadius using PEAP MSCHAP. After some initial success I am stuck with a Segment Fault(coredump). I am using an Windows XP 802.1x client, Cisco 1100 AP and Sun Solaris ver. 8 for freeRadius 1.0.1. After configuring the client, the AP and the radiusd.conf, the client.conf and the users files (not yet the eap.conf file) I was successful in getting the freeRadius server to authenticate the client. Next I attempted to configure the client and the eap.conf file for PEAP MSCHAP, resulting in the coredump. Enabling PEAP results in error messages directing the configuration of TLS. Enabling TLS results in the coredump. I have tried numerous combinations of configuration, some of these I copied from the archive, with the same result. The "radius -X" output, the "gdb bt" output, the eap.conf file, and a slice of the radiusd.conf file follow this text. I appreciate any help on this problem. Thanks, John Gauntt radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/eap.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/usr/local/var" main: logdir = "/usr/local/var/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/usr/local/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = yes main: log_stripped_names = no main: log_file = "/usr/local/var/log/radius/radius.log" main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = yes main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = no mschap: require_encryption = yes mschap: require_strong = yes mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "/usr/local/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "peap" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc Segmentation Fault(coredump) gdb bt GNU gdb 5.0 Copyright 2000 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "sparc-sun-solaris2.8"... Core was generated by `radiusd -X'. Program terminated with signal 9, Killed. Reading symbols from /usr/lib/libcrypt_i.so.1...done. Loaded symbols for /usr/lib/libcrypt_i.so.1 Reading symbols from /usr/local/lib/libradius-1.0.1.so...done. Loaded symbols for /usr/local/lib/libradius-1.0.1.so Reading symbols from /usr/local/lib/libltdl.so.3...done. Loaded symbols for /usr/local/lib/libltdl.so.3 Reading symbols from /usr/lib/libdl.so.1...don
