Re: Segmetation fault: [eap] Passing reply from proxy back into the tunnel
Phil Mayers wrote: > I'll try to test the Access-Reject thing tomorrow; I'm betting it'll be > a trivial fix. Thanks. > A 2.1.11 release would be good; we're been running a recent v2.1.x > snapshot in production for a while and it's stable (once I patched the > detail file reader segfault, which I believe is now upstream) Yeah, that was *weird*. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Segmetation fault: [eap] Passing reply from proxy back into the tunnel
On 06/01/2011 09:00 PM, Phil Mayers wrote: I'll try to test the Access-Reject thing tomorrow; I'm betting it'll be a trivial fix. Huh. It works just fine for me on v2.1.x HEAD. I'll try to dig out the email where someone said it was faulty (IIRC they said they'd emailed you also Alan). I wonder if their config was broken in some other fashion and/or it got fixed in a later commit. I'll roll out the v2.1.x head to our test server tomorrow, but 2.1.11 sounds good. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Segmetation fault: [eap] Passing reply from proxy back into the tunnel
On 06/01/2011 07:32 PM, Alan DeKok wrote: Phil Mayers wrote: No, v2.1.x Beware: I have since been informed that there is still a potential segfault if the remote proxy returns an Access-Reject. I haven't had time to test this yet. I'd like to release 2.1.11 soon. Maybe next week? Well in fairness this feature (proxying PEAP-inner as non-EAP) doesn't work at all in 2.1.10 so the patch in 2.1.11 is at least an improvement! I'll try to test the Access-Reject thing tomorrow; I'm betting it'll be a trivial fix. A 2.1.11 release would be good; we're been running a recent v2.1.x snapshot in production for a while and it's stable (once I patched the detail file reader segfault, which I believe is now upstream) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Segmetation fault: [eap] Passing reply from proxy back into the tunnel
Phil Mayers wrote: > No, v2.1.x > > Beware: I have since been informed that there is still a potential > segfault if the remote proxy returns an Access-Reject. > > I haven't had time to test this yet. I'd like to release 2.1.11 soon. Maybe next week? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Segmetation fault: [eap] Passing reply from proxy back into the tunnel
Simon L. wrote: > > I hope anyone got this before and can give a solution. > > Please have a look in my debug log attached. > Going to need some GDB lovin' too. http://freeradius.org/radiusd/doc/bugs If you are compiling from source, I recommend you go with the git version which might already have a fix: http://git.freeradius.org/ Cheers -- Alexander Clouter .sigmonster says: He's just like Capistrano, always ready for a few swallows. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Segmetation fault: [eap] Passing reply from proxy back into the tunnel
Phil Mayers schrieb: > On 01/06/11 15:45, Simon L. wrote: >> ok now i found this: >> >> https://lists.freeradius.org/pipermail/freeradius-users/2011-April/msg00295.html >> >> >> This means, i should download the latest freeradius from git master >> branch? > > No, v2.1.x > > Beware: I have since been informed that there is still a potential > segfault if the remote proxy returns an Access-Reject. > > I haven't had time to test this yet. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html i will test it on friday and will report here. thanks for the information! Simon - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Segmetation fault: [eap] Passing reply from proxy back into the tunnel
On 01/06/11 15:45, Simon L. wrote: ok now i found this: https://lists.freeradius.org/pipermail/freeradius-users/2011-April/msg00295.html This means, i should download the latest freeradius from git master branch? No, v2.1.x Beware: I have since been informed that there is still a potential segfault if the remote proxy returns an Access-Reject. I haven't had time to test this yet. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Segmetation fault: [eap] Passing reply from proxy back into the tunnel
Alan DeKok schrieb: > Simon L. wrote: > >> ok now i found this: >> >> https://lists.freeradius.org/pipermail/freeradius-users/2011-April/msg00295.html >> >> This means, i should download the latest freeradius from git master branch? >> > > Use the v2.1.x branch. It will become 2.1.11 soon. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > ok, thank you! Simon - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Segmetation fault: [eap] Passing reply from proxy back into the tunnel
Simon L. wrote: > ok now i found this: > > https://lists.freeradius.org/pipermail/freeradius-users/2011-April/msg00295.html > > This means, i should download the latest freeradius from git master branch? Use the v2.1.x branch. It will become 2.1.11 soon. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Segmetation fault: [eap] Passing reply from proxy back into the tunnel
ok now i found this: https://lists.freeradius.org/pipermail/freeradius-users/2011-April/msg00295.html This means, i should download the latest freeradius from git master branch? Simon Simon L. schrieb: > Hi, > > my freeradius works as a proxy, terminates eap and proxy the request > with mschap to another freeradius. > > When "Passing reply from proxy back into the tunnel" the proxy quits > with a segmentation fault. > > This happens, with little difference, when sending the accept or reject > back to NAS. > > EAP/PEAP-MS-CHAPv2 is working when using a local user from users file so > that the request is not proxied. > > My System is Ubuntu 10.4.2 LTS Server and freeradius 2.1.10 from source. > > > I hope anyone got this before and can give a solution. > > Please have a look in my debug log attached. > > Thank you very much! > Simon > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Segmetation fault: [eap] Passing reply from proxy back into the tunnel
Hi, my freeradius works as a proxy, terminates eap and proxy the request with mschap to another freeradius. When "Passing reply from proxy back into the tunnel" the proxy quits with a segmentation fault. This happens, with little difference, when sending the accept or reject back to NAS. EAP/PEAP-MS-CHAPv2 is working when using a local user from users file so that the request is not proxied. My System is Ubuntu 10.4.2 LTS Server and freeradius 2.1.10 from source. I hope anyone got this before and can give a solution. Please have a look in my debug log attached. Thank you very much! Simon FreeRADIUS Version 2.1.10, for host i686-pc-linux-gnu, built on Jun 1 2011 at 14:11:11 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/proxy.conf including configuration file /usr/local/etc/raddb/clients.conf including files in directory /usr/local/etc/raddb/modules/ including configuration file /usr/local/etc/raddb/modules/attr_filter including configuration file /usr/local/etc/raddb/modules/exec including configuration file /usr/local/etc/raddb/modules/passwd including configuration file /usr/local/etc/raddb/modules/realm including configuration file /usr/local/etc/raddb/modules/linelog including configuration file /usr/local/etc/raddb/modules/cui including configuration file /usr/local/etc/raddb/modules/chap including configuration file /usr/local/etc/raddb/modules/wimax including configuration file /usr/local/etc/raddb/modules/detail including configuration file /usr/local/etc/raddb/modules/sradutmp including configuration file /usr/local/etc/raddb/modules/mac2vlan including configuration file /usr/local/etc/raddb/modules/pam including configuration file /usr/local/etc/raddb/modules/sqlcounter_expire_on_login including configuration file /usr/local/etc/raddb/modules/krb5 including configuration file /usr/local/etc/raddb/modules/ippool including configuration file /usr/local/etc/raddb/modules/logintime including configuration file /usr/local/etc/raddb/modules/detail.example.com including configuration file /usr/local/etc/raddb/modules/dynamic_clients including configuration file /usr/local/etc/raddb/modules/otp including configuration file /usr/local/etc/raddb/modules/expr including configuration file /usr/local/etc/raddb/modules/counter including configuration file /usr/local/etc/raddb/modules/ldap including configuration file /usr/local/etc/raddb/modules/opendirectory including configuration file /usr/local/etc/raddb/modules/preprocess including configuration file /usr/local/etc/raddb/modules/files including configuration file /usr/local/etc/raddb/modules/always including configuration file /usr/local/etc/raddb/modules/unix including configuration file /usr/local/etc/raddb/modules/expiration including configuration file /usr/local/etc/raddb/modules/ntlm_auth including configuration file /usr/local/etc/raddb/modules/smbpasswd including configuration file /usr/local/etc/raddb/modules/detail.log including configuration file /usr/local/etc/raddb/modules/mschap including configuration file /usr/local/etc/raddb/modules/sql_log including configuration file /usr/local/etc/raddb/modules/digest including configuration file /usr/local/etc/raddb/modules/policy including configuration file /usr/local/etc/raddb/modules/mac2ip including configuration file /usr/local/etc/raddb/modules/acct_unique including configuration file /usr/local/etc/raddb/modules/radutmp including configuration file /usr/local/etc/raddb/modules/etc_group including configuration file /usr/local/etc/raddb/modules/echo including configuration file /usr/local/etc/raddb/modules/attr_rewrite including configuration file /usr/local/etc/raddb/modules/smsotp including configuration file /usr/local/etc/raddb/modules/inner-eap including configuration file /usr/local/etc/raddb/modules/pap including configuration file /usr/local/etc/raddb/modules/checkval including configuration file /usr/local/etc/raddb/modules/perl including configuration file /usr/local/etc/raddb/eap.conf including configuration file /usr/local/etc/raddb/policy.conf including files in directory /usr/local/etc/raddb/sites-enabled/ including configuration file /usr/local/etc/raddb/sites-enabled/proxy-inner-tunnel including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel including configuration file /usr/local/etc/raddb/sites-enabled/default including configuration file /usr/local/etc/raddb/sites-enabled/control-socket main { allow_core_dumps = yes } Core dumps are enabled. including dictionary file /usr/local/etc/raddb/dictionary main { prefix = "/usr/local" localstatedir = "/usr/local/v