Freeradius 1.0.2 crashes in startup due tls

2005-05-31 Thread Mikko Saarinen 
Hey,

Not sure if this would belong to devel list, but still.

I'm trying to test the PEAP support, but Freeradius 1.0.2 dies when
it loads and configures the tls module. In older version 0.9.3 the
tls works a-ok, but it has no peap support.

Anyone have idea if this is a known problem and if there is version
in which the peap runs.

OpenSSL version:
OpenSSL 0.9.7e 25 Oct 2004

Here is the log and stack from running radiusd -X under gdb:

(gdb) run -X
Starting program: /usr/local/sbin/radiusd -X
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread 16384 (LWP 5377)]
Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /usr/local/etc/raddb/proxy.conf
Config:   including file: /usr/local/etc/raddb/clients.conf
Config:   including file: /usr/local/etc/raddb/snmp.conf
Config:   including file: /usr/local/etc/raddb/sql.conf
 main: prefix = /usr/local
 main: localstatedir = /usr/local/var
 main: logdir = /usr/local/var/log/radius
 main: libdir = /usr/local/lib
 main: radacctdir = /usr/local/var/log/radius/radacct
 main: hostname_lookups = no
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 0
 main: allow_core_dumps = no
 main: log_stripped_names = no
 main: log_file = /usr/local/var/log/radius/radius.log
 main: log_auth = no
 main: log_auth_badpass = no
 main: log_auth_goodpass = no
 main: pidfile = /usr/local/var/run/radiusd/radiusd.pid
 main: bind_address = 192.168.1.50 IP address [192.168.1.50]
 main: user = (null)
 main: group = (null)
 main: usercollide = no
 main: lower_user = no
 main: lower_pass = no
 main: nospace_user = no
 main: nospace_pass = no
 main: checkrad = /usr/local/sbin/checkrad
 main: proxy_requests = yes
 proxy: retry_delay = 5
 proxy: retry_count = 3
 proxy: synchronous = no
 proxy: default_fallback = yes
 proxy: dead_time = 120
 proxy: post_proxy_authorize = yes
 proxy: wake_all_if_all_dead = no
 security: max_attributes = 200
 security: reject_delay = 1
 security: status_server = no
 main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
Using deprecated naslist file.  Support for this will go away soon.
read_config_files:  reading clients
read_config_files:  reading realms
radiusd:  entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
 pap: encryption_scheme = crypt
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
 mschap: use_mppe = yes
 mschap: require_encryption = no
 mschap: require_strong = no
 mschap: with_ntdomain_hack = no
 mschap: passwd = (null)
 mschap: authtype = MS-CHAP
 mschap: ntlm_auth = (null)
Module: Instantiated mschap (mschap)
Module: Loaded System
 unix: cache = no
 unix: passwd = (null)
 unix: shadow = (null)
 unix: group = (null)
 unix: radwtmp = /usr/local/var/log/radius/radwtmp
 unix: usegroup = no
 unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
 eap: default_eap_type = peap
 eap: timer_expire = 60
 eap: ignore_unknown_eap_types = no
 eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
 tls: rsa_key_exchange = no
 tls: dh_key_exchange = yes
 tls: rsa_key_length = 512
 tls: dh_key_length = 512
 tls: verify_depth = 0
 tls: CA_path = (null)
 tls: pem_file_type = yes
 tls: private_key_file = /usr/local/etc/raddb/foocerts/privkey.pem
 tls: certificate_file = /usr/local/etc/raddb/foocerts/cacert.pem
 tls: CA_file = /usr/local/etc/raddb/foocerts/cacert.pem
 tls: private_key_password = SecretKeyPass77
 tls: dh_file = /usr/local/etc/raddb/certs/dh
 tls: random_file = /dev/urandom
 tls: fragment_size = 1024
 tls: include_length = yes
rlm_eap_tls: conf N ctx stored
rlm_eap: Loaded and initialized type tls

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 5377)]
0x400630df in lt_dlsym (handle=0x815e3f0, symbol=0xbfffe970
rlm_eap_peap)
at ltdl.c:3330
3330  lensym = LT_STRLEN (symbol) + LT_STRLEN
(handle-loader-sym_prefix)
(gdb) bt
#0  0x400630df in lt_dlsym (handle=0x815e3f0, symbol=0xbfffe970
rlm_eap_peap)
at ltdl.c:3330
#1  0x402324c7 in eaptype_load (type=0xc, eap_type=12, cs=0xc) at
eap.c:114
#2  0x40231aea in eap_instantiate (cs=0x80a7410, instance=0xc) at
rlm_eap.c:134
#3  0x080558f3 in find_module_instance ()
#4  0x08056cd5 in modcall ()
#5  0x08056e32 in compile_modsingle ()
#6  0x08055dad in find_module_instance ()
#7  0x08056144 in setup_modules ()
#8  0x0804cea0 in main ()
(gdb)


-- 
Mikko Saarinen  [EMAIL PROTECTED]
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius 1.0.2 crashes in startup due tls

2005-05-31 Thread Alan DeKok 
Mikko Saarinen [EMAIL PROTECTED] wrote:
 I'm trying to test the PEAP support, but Freeradius 1.0.2 dies when
 it loads and configures the tls module. In older version 0.9.3 the
 tls works a-ok, but it has no peap support.
 
 Anyone have idea if this is a known problem and if there is version
 in which the peap runs.

  It's a bug in libtldl.  It can't find the libraries on your system,
but it lies, and tells FreeRADIUS it can.  When FreeRADIUS asks
libltdl to use the libraries, it dies.

  Build the server statically, and it will work.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html