Re: Freeradius and Microsoft NPS
Phil Mayers wrote: > Actually, scratch that. Proxying in those versions doesn't work for me > at all: > > ERROR: Failed to create a new socket for proxying requests. > ERROR: Failed inserting request into proxy hash. > ERROR: Failed to proxy request 7 > > ...I'm baffled as to what I'm doing wrong, but I'm giving up at this point! 2.1.10: * Fix proxying of packets from inside a TTLS/PEAP tunnel. Closes bug #25. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and Microsoft NPS
On 13/04/11 16:32, Phil Mayers wrote: On 13/04/11 16:22, Alan DeKok wrote: Phil Mayers wrote: Actually, I was just testing this and proxying the inner EAP-MSCHAPv2 as plain MS-CHAPv2 seems to be broken, at least in my testing. It doesn't crash the server, but equally it doesn't pass the S=XXX success back correctly either, so the client does a PEAP reject. Hmm... OK. It seems as if the rlm_eap_mshcapv2 post_proxy function isn't working somehow; I am trying to perform a "git bisect" to find when it stopped working, but am running into problems with the commits which don't build :o( Sorry... we really need a test infrastructure. No worries; it seems to be broken for 2.1.7 and 2.1.8, but worked in 2.1.1 - still trying to track it down more tightly than that. Actually, scratch that. Proxying in those versions doesn't work for me at all: ERROR: Failed to create a new socket for proxying requests. ERROR: Failed inserting request into proxy hash. ERROR: Failed to proxy request 7 ...I'm baffled as to what I'm doing wrong, but I'm giving up at this point! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and Microsoft NPS
On 13/04/11 16:22, Alan DeKok wrote: Phil Mayers wrote: Actually, I was just testing this and proxying the inner EAP-MSCHAPv2 as plain MS-CHAPv2 seems to be broken, at least in my testing. It doesn't crash the server, but equally it doesn't pass the S=XXX success back correctly either, so the client does a PEAP reject. Hmm... OK. It seems as if the rlm_eap_mshcapv2 post_proxy function isn't working somehow; I am trying to perform a "git bisect" to find when it stopped working, but am running into problems with the commits which don't build :o( Sorry... we really need a test infrastructure. No worries; it seems to be broken for 2.1.7 and 2.1.8, but worked in 2.1.1 - still trying to track it down more tightly than that. (We don't actually use this feature so I'm not that fussed, but I'm determine to wrestle "git bisect" into submission ;o) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and Microsoft NPS
Phil Mayers wrote: > Actually, I was just testing this and proxying the inner EAP-MSCHAPv2 as > plain MS-CHAPv2 seems to be broken, at least in my testing. It doesn't > crash the server, but equally it doesn't pass the S=XXX success back > correctly either, so the client does a PEAP reject. Hmm... OK. > It seems as if the rlm_eap_mshcapv2 post_proxy function isn't working > somehow; I am trying to perform a "git bisect" to find when it stopped > working, but am running into problems with the commits which don't build > :o( Sorry... we really need a test infrastructure. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and Microsoft NPS
Phil Mayers wrote: > Sigh. I can't even build old version of the server any more; libtool > really is a crock of s**t. I'm looking to get rid of libtool && libltdl entirely for 3.0. At this point, every major OS has dlopen(). And libtool is just ridiculous. 99.9% of systems use GCC, so libtool is useless and slow. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and Microsoft NPS
On 13/04/11 16:01, Phil Mayers wrote: On 13/04/11 14:16, Alan DeKok wrote: Doty, Seth wrote: ok this should look better See commit 4dbb466b6526c0dacdcf36949bbdaa38416a1be2 on git.freeradius.org. Grab the v2.1.x branch, it should be fixed there. Actually, I was just testing this and proxying the inner EAP-MSCHAPv2 as plain MS-CHAPv2 seems to be broken, at least in my testing. It doesn't crash the server, but equally it doesn't pass the S=XXX success back correctly either, so the client does a PEAP reject. It seems as if the rlm_eap_mshcapv2 post_proxy function isn't working somehow; I am trying to perform a "git bisect" to find when it stopped working, but am running into problems with the commits which don't build :o( Sigh. I can't even build old version of the server any more; libtool really is a crock of s**t. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and Microsoft NPS
On 13/04/11 14:16, Alan DeKok wrote: Doty, Seth wrote: ok this should look better See commit 4dbb466b6526c0dacdcf36949bbdaa38416a1be2 on git.freeradius.org. Grab the v2.1.x branch, it should be fixed there. Actually, I was just testing this and proxying the inner EAP-MSCHAPv2 as plain MS-CHAPv2 seems to be broken, at least in my testing. It doesn't crash the server, but equally it doesn't pass the S=XXX success back correctly either, so the client does a PEAP reject. It seems as if the rlm_eap_mshcapv2 post_proxy function isn't working somehow; I am trying to perform a "git bisect" to find when it stopped working, but am running into problems with the commits which don't build :o( - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and Microsoft NPS
Doty, Seth wrote: > ok this should look better See commit 4dbb466b6526c0dacdcf36949bbdaa38416a1be2 on git.freeradius.org. Grab the v2.1.x branch, it should be fixed there. We should release 2.1.11 soon. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius and Microsoft NPS
ok this should look better Starting program: /usr/sbin/radiusd -X [Thread debugging using libthread_db enabled] Program received signal SIGSEGV, Segmentation fault. rbtree_find (tree=0xe19fdc02, Data=0xb79b21a4) at rbtree.c:476 476 rbnode_t *Current = tree->Root; Missing separate debuginfos, use: debuginfo-install glibc-2.13-1.i686 keyutils-libs-1.2-6.fc12.i686 krb5-libs-1.8.2-9.fc14.i686 libcom_err-1.41.12-6.fc14.i686 libselinux-2.0.96-6.fc14.1.i686 libtool-ltdl-2.2.10-3.fc14.i686 nss-softokn-freebl-3.12.9-5.fc14.i686 openssl-1.0.0d-1.fc14.i686 zlib-1.2.5-2.fc14.i686 Thread 1 (Thread 0xb79e8730 (LWP 17523)): #0 rbtree_find (tree=0xe19fdc02, Data=0xb79b21a4) at rbtree.c:476 Current = #1 0xb7fce38b in rbtree_deletebydata (tree=0xe19fdc02, data=0xb79b21a4) at rbtree.c:457 node = #2 0xb79d5123 in eap_handler_free (inst=0x294330, handler=0xb79b21a4) at mem.c:138 No locals. #3 0x00131127 in request_free (request_ptr=0xbfffebec) at util.c:235 this = next = 0x0 request = 0x2734d0 #4 0xb79aec29 in eappeap_postproxy (handler=0x2745b8, data=0x274e60) at peap.c:532 rcode = tls_session = 0x274e60 fake = 0x2734d0 request = 0x273ff8 #5 0xb79d2c07 in eap_post_proxy (inst=0x253b90, request=0x273ff8) at rlm_eap.c:602 rcode = data = i = len = vp = handler = 0x2745b8 #6 eap_post_proxy (inst=0x253b90, request=0x273ff8) at rlm_eap.c:565 No locals. #7 0x0012c95d in call_modsingle (component=6, c=0x26e778, request=0x273ff8) at modcall.c:297 myresult = #8 modcall (component=6, c=0x26e778, request=0x273ff8) at modcall.c:670 myresult = 1 stack = {pointer = 1, priority = {0 }, result = { 0 }, children = {0x0 }, start = {0x0 }} parent = 0x26e778 child = 0x26e368 sp = 0x26e368 if_taken = 0 was_if = 0 #9 0x0012b0a4 in indexed_modcall (comp=6, idx=0, request=0x273ff8) at modules.c:728 rcode = list = server = #10 0x0012ba4c in module_post_proxy (type=0, request=0x273ff8) at modules.c:1565 No locals. #11 0x0013504c in process_proxy_reply (request=0x273ff8) at event.c:1730 rcode = post_proxy_type = 0 vp = 0x0 #12 0x001350fe in request_pre_handler (request=0x273ff8) at event.c:1855 rcode = #13 0x001389c3 in radius_handle_request (request=0x273ff8, fun=0x118d80 ) at event.c:3767 No locals. #14 0x001309ec in thread_pool_addrequest (request=0x273ff8, fun=0x118d80 ) at threads.c:874 No locals. #15 0x00136424 in event_socket_handler (xel=, fd=14, ctx=0x273080) at event.c:3419 listener = 0x273080 fun = 0x118d80 request = 0x273ff8 #16 0xb7fd4d65 in fr_event_loop (el=0x26e948) at event.c:411 ef = i = rcode = 1 maxfd = when = {tv_sec = 1302699971, tv_usec = 386585} wake = read_fds = {fds_bits = {16384, 0 }} master_fds = {fds_bits = {31872, 0 }} #17 0x00138994 in radius_event_process () at event.c:3760 No locals. #18 0x0011821e in main (argc=2, argv=0xb7c4) at radiusd.c:406 rcode = argval = spawn_flag = 0 dont_fork = 1 flag = 0 act = {__sigaction_handler = {sa_handler = 0x12e6e0 , sa_sigaction = 0x12e6e0 }, sa_mask = {__val = { 0 }}, sa_flags = 0, sa_restorer = 0} From: freeradius-users-bounces+seth.doty=nebraska@lists.freeradius.org [freeradius-users-bounces+seth.doty=nebraska@lists.freeradius.org] On Behalf Of Phil Mayers [p.may...@imperial.ac.uk] Sent: Tuesday, April 12, 2011 5:07 PM To: freeradius-users@lists.freeradius.org Subject: Re: Freeradius and Microsoft NPS On 04/12/2011 07:32 PM, Doty, Seth wrote: > The box is fedora 14 with freeradius from the repos. This the the output of > the gdb log flle: > Can you install the freeradius-debuginfo RPM and do this again; the backtrace is partial/mangled. It looks like it may be dying in request_free in peap.c:625, but the debug info will give line numbers; you could also try stepping "up" a few times and examining relevant variables. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and Microsoft NPS
On 04/12/2011 07:32 PM, Doty, Seth wrote: The box is fedora 14 with freeradius from the repos. This the the output of the gdb log flle: Can you install the freeradius-debuginfo RPM and do this again; the backtrace is partial/mangled. It looks like it may be dying in request_free in peap.c:625, but the debug info will give line numbers; you could also try stepping "up" a few times and examining relevant variables. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius and Microsoft NPS
The box is fedora 14 with freeradius from the repos. This the the output of the gdb log flle: Starting program: /usr/sbin/radiusd -X [Thread debugging using libthread_db enabled] Program received signal SIGSEGV, Segmentation fault. 0xb7fce31d in rbtree_find () from /usr/lib/freeradius/libfreeradius-radius-2.1.10.so * 1 Thread 0xb79e8730 (LWP 15969) 0xb7fce31d in rbtree_find () from /usr/lib/freeradius/libfreeradius-radius-2.1.10.so Thread 1 (Thread 0xb79e8730 (LWP 15969)): #0 0xb7fce31d in rbtree_find () from /usr/lib/freeradius/libfreeradius-radius-2.1.10.so No symbol table info available. #1 0xb7fce38b in rbtree_deletebydata () from /usr/lib/freeradius/libfreeradius-radius-2.1.10.so No symbol table info available. #2 0xb79d5123 in eap_handler_free () from /usr/lib/freeradius/rlm_eap.so No symbol table info available. #3 0x00131127 in request_free () No symbol table info available. #4 0xb79aec29 in ?? () from /usr/lib/freeradius/rlm_eap_peap.so No symbol table info available. #5 0xb79d2c07 in ?? () from /usr/lib/freeradius/rlm_eap.so No symbol table info available. #6 0x0012c95d in modcall () No symbol table info available. #7 0x0012b0a4 in indexed_modcall () No symbol table info available. #8 0x0012ba4c in module_post_proxy () No symbol table info available. #9 0x0013504c in ?? () No symbol table info available. #10 0x001350fe in ?? () No symbol table info available. #11 0x001389c3 in radius_handle_request () No symbol table info available. #12 0x001309ec in thread_pool_addrequest () No symbol table info available. #13 0x00136424 in ?? () No symbol table info available. #14 0xb7fd4d65 in fr_event_loop () from /usr/lib/freeradius/libfreeradius-radius-2.1.10.so No symbol table info available. #15 0x00138994 in radius_event_process () No symbol table info available. #16 0x0011821e in main () No symbol table info available. A debugging session is active. Inferior 1 [process 15969] will be killed. From: freeradius-users-bounces+seth.doty=nebraska@lists.freeradius.org [freeradius-users-bounces+seth.doty=nebraska@lists.freeradius.org] On Behalf Of Phil Mayers [p.may...@imperial.ac.uk] Sent: Tuesday, April 12, 2011 12:00 PM To: freeradius-users@lists.freeradius.org Subject: Re: Freeradius and Microsoft NPS On 12/04/11 16:34, Doty, Seth wrote: > I couldn't find anything in the archives with this error and i am > fairly new to freeradius config anyway so i thought this would be a > good start. We are looking to authenticate wireless users through > freeradius and Microsoft NPS. Our outer authentication is PEAP and > terminates at the radius server, inner is MSCHAPv2 and is passed to > the NPS. With our current config we get a segfault at the end of the > exchange. See doc/bugs - you need to get a backtrace under "gdb" - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and Microsoft NPS
On 12/04/11 16:34, Doty, Seth wrote: I couldn't find anything in the archives with this error and i am fairly new to freeradius config anyway so i thought this would be a good start. We are looking to authenticate wireless users through freeradius and Microsoft NPS. Our outer authentication is PEAP and terminates at the radius server, inner is MSCHAPv2 and is passed to the NPS. With our current config we get a segfault at the end of the exchange. See doc/bugs - you need to get a backtrace under "gdb" - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html