XP SP2 PEAP MSCHAPv2
Thanks for the help. We tried the pre 1.0.2 CVS Solaris fixes but we are still hitting the same problem. The symptom has to do with password processing in module rlm_mschap. Has anyone successfully authenticated with XP SP2 using PEAP MSCHAPv2 using the Windows userid and passowrd, on Solaris 8? We are more interested in using the XP for our supplicant platform, but are less concerned about what OS to base the freeRADIUS server. What is an optimal OS and version alternative for freeRADIUS that will work with XP? We will also give 1.0.2 a run when it becomes available. A portion of the debug using the CVS download follows our previous exchange. Thanks,John Gauntt>[EMAIL PROTECTED] wrote:>> I have unsuccessfully attempted to authenticate an XP SP2>> supplicant using PEAP MSCHAPv2. I am using freeradius 1.0.1, Solaris 8,> There are known problems with 1.0.1 on Solaris.> 1.0.2 should be out in a week or two, or if you don't want to wait, do:>$ cvs -d :pserver:[EMAIL PROTECTED]:/source login>$ cvs -d :pserver:[EMAIL PROTECTED]:/source checkout -r release_1_0>radiusd> And that will get you 99.9% of what will be in 1.0.2, now. Most>importantly, it will get you the fixes for Solaris.> Alan DeKok.radiusd -XStarting - reading configuration files ...reread_config: reading radiusd.confConfig: including file: /usr/local/etc/raddb/proxy.confConfig: including file: /usr/local/etc/raddb/clients.confConfig: including file: /usr/local/etc/raddb/snmp.confConfig: including file: /usr/local/etc/raddb/eap.confConfig: including file: /usr/local/etc/raddb/sql.confmain: prefix = "/usr/local"main: localstatedir = "/usr/local/var"main: logdir = "/usr/local/var/log/radius"main: libdir = "/usr/local/lib"main: radacctdir = "/usr/local/var/log/radius/radacct"main: hostname_lookups = nomain: max_request_time = 30main: cleanup_delay = 5main: max_requests = 1024main: delete_blocked_requests = 0main: port = 0main: allow_core_dumps = nomain: log_stripped_names = nomain: log_file = "/usr/local/var/log/radius/radius.log"main: log_auth = nomain: log_auth_badpass = nomain: log_auth_goodpass = nomain: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"main: user = "(null)"main: group = "(null)"main: usercollide = nomain: lower_user = "no"main: lower_pass = "no"main: nospace_user = "no"main: nospace_pass = "no"main: checkrad = "/usr/local/sbin/checkrad"main: proxy_requests = noproxy: retry_delay = 5proxy: retry_count = 3proxy: synchronous = noproxy: default_fallback = yesproxy: dead_time = 120proxy: post_proxy_authorize = yesproxy: wake_all_if_all_dead = nosecurity: max_attributes = 200security: reject_delay = 1security: status_server = nomain: debug_level = 0read_config_files: reading dictionaryread_config_files: reading naslistUsing deprecated naslist file. Support for this will go away soon.read_config_files: reading clientsread_config_files: reading realmsradiusd: entering modules setupModule: Library search path is /usr/local/libModule: Loaded execexec: wait = yesexec: program = "(null)"exec: input_pairs = "request"exec: output_pairs = "(null)"exec: packet_type = "(null)"rlm_exec: Wait=yes but no output defined. Did you mean output=none?Module: Instantiated exec (exec)Module: Loaded exprModule: Instantiated expr (expr)Module: Loaded PAPpap: encryption_scheme = "crypt"Module: Instantiated pap (pap)Module: Loaded CHAPModule: Instantiated chap (chap)Module: Loaded MS-CHAPmschap: use_mppe = yesmschap: require_encryption = nomschap: require_strong = nomschap: with_ntdomain_hack = nomschap: passwd = "(null)"mschap: authtype = "MS-CHAP"mschap: ntlm_auth = "(null)"Module: Instantiated mschap (mschap)Module: Loaded Systemunix: cache = nounix: passwd = "(null)"unix: shadow = "(null)"unix: group = "(null)"unix: radwtmp = "/usr/local/var/log/radius/radwtmp"unix: usegroup = nounix: cache_reload = 600Module: Instantiated unix (unix)Module: Loaded eapeap: default_eap_type = "peap"eap: timer_expire = 60eap: ignore_unknown_eap_types = noeap: cisco_accounting_username_bug = norlm_eap: Loaded and initialized type md5rlm_eap: Loaded and initialized type leapgtc: challenge = "Password: "gtc: auth_type = "PAP"rlm_eap: Loaded and initialized type gtctls: rsa_key_exchange = notls: dh_key_exchange = yestls: rsa_key_length = 512tls: dh_key_length = 512tls: verify_depth = 0tls: CA_path = "(null)"tls: pem_file_type = yestls: private_key_file = "/usr/local/etc/raddb/certs/cert-srv.pem"tls: certificate_file = "/usr/local/etc/raddb/certs/cert-srv.pem"tls: CA_file = "/usr/local/etc/raddb/certs/demoCA/cacert.pem"tls: private_key_password = "whatever"tls: dh_file = "/usr/local/etc/raddb/certs/dh"tls: random_file = "/usr/local/etc/raddb/certs/random"tls: fragment_size = 1024tls: include_length = yestls: check_crl = yestls: check_cert_cn = "%{User-Name}"rlm_eap: Loaded and initialized type tlspeap: default_eap_type = "mschapv2"peap: copy_request_to_tunnel = nopeap: use_tunneled_reply = nopeap: proxy_tunneled_request_as_eap = yesrlm_eap: Loaded
XP SP2 PEAP MSCHAPv2
Hi folks, I have unsuccessfully attempted to authenticate an XP SP2 supplicant using PEAP MSCHAPv2. I am using freeradius 1.0.1, Solaris 8, and a Cisco 1100 AP. The problem appears to be with freeradius not having an NT-Password and perhaps not having a correct challenge value when the mschap_authenticate function of module rlm_mschap is executing. I have put numerous debug statements in the code to better understand the logic flow and identify the problem. There was no NT-Password returned at the function pairfind but the smbdes_mschap no VALUE_PAIR containing an NT_Password and the challenge value appears to be about eight bytes long. I added an NT-Password to the users file to see if I could get the code to move further and validate the observation that the password was the problem. The code failed in the same place which brought attention to the challenge. Where could I put a debug statement to get the earliest look at the NT Password in the thread? What else should I be looking at besides the password at this phase of the dialogue? I would like to start with a simple configuration and then add complexity so I could better understand the behaviour of each component. However, with the XP SP2 wireless configuration it is a choice of 802.1x(PEAP/MSCHAPv2 or certificates) or nothing. Is there anyone who has gained success with this configuration? I appreciate any help. Thanks, John (609)485-8075 [EMAIL PROTECTED] users EI2F-ENDL1\\Tech_Support User-Password == "endl1_freeradius" NT-Password == "endl1_freeradius", Framed-IP-Address = 12.1.10.20, Framed-IP-Netmask = 255.255.255.0, Framed-MTU = 1500, Reply-Message = "Hello, %u", Fall-Through = no rlm_mschap /* * We need an NT-Password. */ nt_password = pairfind(request->config_items, PW_NT_PASSWORD); if (nt_password) { if ((nt_password->length == 16) || ((nt_password->length == 32) && (hex2bin(nt_password->strvalue, nt_password->strvalue, 16) == 16))) { DEBUG2(" rlm_mschap: Found NT-Password"); nt_password->length = 16; } else { radlog(L_ERR, "rlm_mschap: Invalid NT-Password"); nt_password = NULL; } } else if (!password) { DEBUG2(" rlm_mschap: No User-Password configured. Cannot create NT-Password."); } else { /* there is a configured User-Password */ nt_password = pairmake("NT-Password", "", T_OP_EQ); if (!nt_password) { radlog(L_ERR, "No memory"); } else { ntpwdhash(nt_password->strvalue, password->strvalue); nt_password->length = 16; pairadd(&request->config_items, nt_password); } } The null NT-Password and questionable challenge values result in FAILED message. /* * The old "mschapv2" function has been moved to * here. * * MS-CHAPv2 takes some additional data to create an * MS-CHAPv1 challenge, and then does MS-CHAPv1. */ challenge_hash(response->strvalue + 2, /* peer challenge */ challenge->strvalue, /* our challenge */ username_string, /* user name */ mschapv1_challenge); /* resulting challenge */ DEBUG2(" rlm_mschap: Told to do MS-CHAPv2 for %s with NT-Password", username_string); if (do_mschap(inst, request, nt_password, mschapv1_challenge, response->strvalue + 26, nthashhash) < 0) { DEBUG2(" rlm_mschap: FAILED: MS-CHAP2-Response is incorrect"); add_reply(&request->reply->vps, *response->strvalue, "MS-CHAP-Error", "E=691 R=1", 9); return RLM_MODULE_REJECT; } radiusd -X Waking up in 1 seconds... rad_recv: Access-Request packet from host 12.1.10.16:21647, id=128, length=254 paircreate: Name: User-Name, Attr: 1, Strvalue: User-Name = "EI2F-ENDL1\\Tech_Support" paircreate: Name: Framed-MTU, Attr: 12, Strvalue: Framed-MTU = 1400 paircreate: Name: Called-Station-Id, Attr: 30, Strvalue: Called-Station-Id = "0011.5c81.b2e0" paircreate: Name: Calling-Station-Id, Attr: 31, Strvalue: Calling-Station-Id = "000f.f736.3068" paircreate: Name: Message-Authenticator, Attr: 80, Strvalue: Message-Authenticator = 0x2d0787df62d97fb27613b813f61147db paircreate: Name: EAP-Message, Attr: 79, Strvalue: EAP-Message = 0x02
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
Hi folks, I have unsuccessfully attempted to authenticate an XP SP2 user with PEAP MSCHAPv2. I am using Solaris 8 for the freeRADIUS server and a CISCO 1100 Access Point. Ron, I tried the "with_ntdomain_hack=yes" in the mschap section and it made no observable difference. Thanks. Module rlm_mschap is expecting an NT-Password type password, does not find one via the pairfind function, and subsequently builds a VALUE_PAIR containing an NULL NT_Password. This null password is what fails the password length criterion test (16 chars exactly) in the do_mschap function call and results in the "rlm_mschap: FAILED: MS-CHAP2-Response is incorrect " message. However, a pairfind function call in rlm_mschap does return a VALUE_PAIR of PW_Password type with my password, which is configured in the "users" file as well as on the XP SP2 supplicant. I am not sure if this this VALUE_PAIR with my password came from the "users" file(config_items) or from the XP SP2 supplicant. I am not yet sure if the XP SP2 supplicant is not sending the password and that is why rlm_mschap is creating a NULL password of NT-Passwowd type. I added debug statements to rlm_mschap.c module that appear in the "radiusd -X" output. I Included slices from "radiusd -X" output, ".conf" files "rlm_mschap" files. Thanks for any help. John Gauntt [EMAIL PROTECTED] The XP SP2 authentication settings are: "Enable IEEE 802.1x authentication" - checked "Validate server certificate" - checked "Connect to these servers" - identified and checked "Trusted Root Certification Authorities" - copied file, selected "Authentication Method" - EAP-MSCHAPV2 users EI2F-ENDL1\\Tech_Support User-Password == "endl1_freeradius" Framed-IP-Address = 12.1.10.20, Framed-IP-Netmask = 255.255.255.0, Framed-MTU = 1500, Reply-Message = "Hello, %u", Fall-Through = no rlm_mschap.c /* * mschap_authenticate() - authenticate user based on given * attributes and configuration. * We will try to find out password in configuration * or in configured passwd file. * If one is found we will check paraneters given by NAS. * * If PW_SMB_ACCOUNT_CTRL is not set to ACB_PWNOTREQ we must have * one of: * PAP: PW_PASSWORD or * MS-CHAP: PW_MSCHAP_CHALLENGE and PW_MSCHAP_RESPONSE or * MS-CHAP2: PW_MSCHAP_CHALLENGE and PW_MSCHAP2_RESPONSE * In case of password mismatch or locked account we MAY return * PW_MSCHAP_ERROR for MS-CHAP or MS-CHAP v2 * If MS-CHAP2 succeeds we MUST return * PW_MSCHAP2_SUCCESS */ static int mschap_authenticate(void * instance, REQUEST *request) { . . . /* * Decide how to get the passwords. */ password = pairfind(request->config_items, PW_PASSWORD); if ( password != NULL ) { DEBUG2(" rlm_mschap, PW-Password: valuepair \"%s\"", password->name); DEBUG2(" rlm_mschap, PW-Password: Password Length \"%x\"", password->length); DEBUG2(" rlm_mschap, PW-Password: Password \"%s\"", password->strvalue); } else { DEBUG2(" rlm_mschap, PW-Password: password = NULL "); } /* * We need an LM-Password. */ lm_password = pairfind(request->config_items, PW_LM_PASSWORD); if (lm_password) { /* * Allow raw octets. */ if ((lm_password->length == 16) || ((lm_password->length == 32) && (hex2bin(lm_password->strvalue, lm_password->strvalue, 16) == 16))) { DEBUG2(" rlm_mschap: Found LM-Password"); lm_password->length = 16; } else { radlog(L_ERR, "rlm_mschap: Invalid LM-Password"); lm_password = NULL; } } else if (!password) { DEBUG2(" rlm_mschap: No User-Password configured. Cannot create LM-Password."); } else { /* there is a configured User-Password */ lm_password = pairmake("LM-Password", "", T_OP_EQ); if (!lm_password) { radlog(L_ERR, "No memory"); } else { smbdes_lmpwdhash(password->strvalue, lm_password->strvalue); lm_password->length = 16; pairadd(&request->config_items, lm_password); } } /* * We need an NT-Password. */ nt_password = pairfind(request->config_items, PW_NT_PASSWORD); if (nt_password) { if ((nt_password->len
rlm_mschap: FAILED: MSCHAP2 -Response is incorrect
Hi folks, I have unsuccessfully attempted to authenticate an XP SP2 user with PEAP MSCHAPv2. I am using Solaris 8 for the freeRADIUS server and a CISCO 1100 Access Point. I have tried numerous combinations of ".conf" settings but have not progressed further. I copied the "root.p12" certificate file from the /usr/local/etc/raddb/certs directory and applied it to the XP SP2 Trusted Root Certification Authorities repository; Is this what you are supposed to do for PEAP MSCHAPv2 to complement the "cert-srv.pem" files referenced by TLS? Because of a post that I read, I added the Service Pack 2 to Win XP PRO. I traced the debug message "rlm_mschap: FAILED: MS-CHAP2-Response is incorrect " to the test statement, after the "smbdes_mschap" function call, that returns a "-1" because the "calculated" value is not equal in length to the "response" value. The comments in the "smbdes_mschap" function, that the "do_mschap" function calls, read that the NT Password must be 16 characters long, and presumably the "calculated" and "response" values will then be equal in length. I made my password on the XP machine and the "users" file 16 characters long and I added debug statements to the "rlm_mschap" module to backtrack on the data flow to find the problem. I Included slices from "radiusd -X" output, ".conf" files "rlm_mschap" files. Thanks for any help. John Gauntt [EMAIL PROTECTED] The XP SP2 authentication settings are: "Enable IEEE 802.1x authentication" - checked "Validate server certificate" - checked "Connect to these servers" - identified and checked "Trusted Root Certification Authorities" - copied file, selected "Authentication Method" - EAP-MSCHAPV2 users EI2F-ENDL1\\Tech_Support User-Password == "endl1_freeradius" Framed-IP-Address = 12.1.10.20, Framed-IP-Netmask = 255.255.255.0, Framed-MTU = 1500, Reply-Message = "Hello, %u", Fall-Through = no eap.conf default_eap_type = peap timer_expire = 60 ignore_unknown_eap_types = no md5 { } leap { } gtc { auth_type = PAP } tls { private_key_password = whatever private_key_file = ${raddbdir}/certs/cert-srv.pem certificate_file = ${raddbdir}/certs/cert-srv.pem CA_file = ${raddbdir}/certs/demoCA/cacert.pem dh_file = ${raddbdir}/certs/dh random_file = ${raddbdir}/certs/random fragment_size = 1024 include_length = yes } peap { default_eap_type = mschapv2 } mschapv2 { } } rlm_mschap.c (slices) /* * The old "mschapv2" function has been moved to * here. * * MS-CHAPv2 takes some additional data to create an * MS-CHAPv1 challenge, and then does MS-CHAPv1. */ challenge_hash(response->strvalue + 2, /* peer challenge */ challenge->strvalue, /* our challenge */ username_string, /* user name */ mschapv1_challenge); /* resulting challenge */ DEBUG2(" rlm_mschap: Told to do MS-CHAPv2 for %s with NT-Password", username_string); DEBUG2(" rlm_mschap, before do_mschap: PASSWORD \"%s\"", nt_password); if (do_mschap(inst, request, nt_password, mschapv1_challenge, response->strvalue + 26, nthashhash) < 0) { DEBUG2(" rlm_mschap: FAILED: MS-CHAP2-Response is incorrect"); DEBUG2(" rlm_mschap, after do_mschap: PASSWORD \"%s\"", nt_password); add_reply(&request->reply->vps, *response->strvalue, "MS-CHAP-Error", "E=691 R=1", 9); return RLM_MODULE_REJECT; } /* * Do normal authentication. */ if (!do_ntlm_auth) { /* * No password: can't do authentication. */ if (!password) { DEBUG2(" rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication."); return -1; } DEBUG2("rlm_mschap: Authenticate passwor
XP SP1 PEAP MSCHAPv2 configuration
Hi folks, I am attempting to configure an Windows XP SP1 client to authenticate with freeRadius, but am not progressing beyond a point where the freeRadius server periodically sends an "Access-Challenge". The other components are a Cisco 1100 access point, and Solaris 8 for the freeRadius server. I have tried numerous combinations of XP client settings and freeRadius "users" file entries. The latest combination is represented with the "radiusd -X" output, and slices of the "users" and eap.conf files. I understand that with PEAP-MSCHAPv2, only a server side certificate is needed. With that in mind, what is required of the client configuration for the options of selecting "Validate Server Certificate" and selecting "Trusted Root Authorities" ? Thank you for any help. John Gauntt XP Client Configuration "enable IEEE 802.1x authentication"-checked EAP type: Protected EAP (PEAP) "Validate server certificate"-checked "Connect to these servers"-checked and identified "Trusted Root Certification Authorities"-none selected Authentication Method: EAP_MSCHAPV2 "When connecting: Automatically use my Windows logon name and password (and domain if any)"-checked "Enable Fast Reconnect"-checked users EI2F-ENDL1\\Tech_Support User-Password == "freeradius" Reply-Message = "Hello, %u", Fall-Through = Yes eap.conf eap { default_eap_type = peap timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no # Supported EAP-types md5 { } # Cisco LEAP # leap { } gtc { #challenge = "Password: " auth_type = PAP } tls { private_key_password = whatever private_key_file = ${raddbdir}/certs/cert-srv.pem certificate_file = ${raddbdir}/certs/cert-srv.pem # Trusted Root CA list CA_file = ${raddbdir}/certs/demoCA/cacert.pem dh_file = ${raddbdir}/certs/dh random_file = ${raddbdir}/certs/random fragment_size = 1024 # include_length = yes # check_crl = yes # check_cert_cn = %{User-Name} } peap { default_eap_type = mschapv2 } mschapv2 { } } radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/eap.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/usr/local/var" main: logdir = "/usr/local/var/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/usr/local/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/usr/local/var/log/radius/radius.log" main: log_auth = yes main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec:
Re: freeRadius, PEAP, MSCHAP, Segment Fault(coredump)
[EMAIL PROTECTED] wrote: >> This is my second try at this post; the first was too long. I read the >> archives and then attempted to >> configure freeRadius using PEAP MSCHAP. After some initial success I am >> stuck with a Segment Fault(coredump). Alan Dekok wrote: > It's another stupid bug in libltdl. The fix is to do: >$ configure --disable-shared >$ make >$ make install > Alan DeKok. I tried the configure switch and got another Segment Fault(coredump). Is there other debug information that is useful for resolving this problem? Thanks, John Gauntt [EMAIL PROTECTED]
freeRadius, PEAP, MSCHAP, Segment Fault(coredump)
Hi folks, This is my second try at this post; the first was too long. I read the archives and then attempted to configure freeRadius using PEAP MSCHAP. After some initial success I am stuck with a Segment Fault(coredump). I am using an Windows XP 802.1x client, Cisco 1100 AP and Sun Solaris ver. 8 for freeRadius 1.0.1. After configuring the client, the AP and the radiusd.conf, the client.conf and the users files (not yet the eap.conf file) I was successful in getting the freeRadius server to authenticate the client. Next I attempted to configure the client and the eap.conf file for PEAP MSCHAP, resulting in the coredump. Enabling PEAP results in error messages directing the configuration of TLS. Enabling TLS results in the coredump. I have tried numerous combinations of configuration, some of these I copied from the archive, with the same result. The "radius -X" output, the "gdb bt" output, the eap.conf file, and a slice of the radiusd.conf file follow this text. I appreciate any help on this problem. Thanks, John Gauntt radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/eap.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/usr/local/var" main: logdir = "/usr/local/var/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/usr/local/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = yes main: log_stripped_names = no main: log_file = "/usr/local/var/log/radius/radius.log" main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = yes main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = no mschap: require_encryption = yes mschap: require_strong = yes mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "/usr/local/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "peap" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc Segmentation Fault(coredump) gdb bt GNU gdb 5.0 Copyright 2000 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "sparc-sun-solaris2.8"... Core was generated by `radiusd -X'. Program terminated with signal 9, Killed. Reading symbols from /usr/lib/libcrypt_i.so.1...done. Loaded symbols for /usr/lib/libcrypt_i.so.1 Reading symbols from /usr/local/lib/libradius-1.0.1.so...done. Loaded symbols for /usr/local/lib/libradius-1.0.1.so Reading symbols from /usr/local/lib/libltdl.so.3...done. Loaded symbols for /usr/local/lib/libltdl.so.3 Reading symbols from /usr/lib/libdl.so.1...don