Re: Segmetation fault: [eap] Passing reply from proxy back into the tunnel
Phil Mayers wrote: > I'll try to test the Access-Reject thing tomorrow; I'm betting it'll be > a trivial fix. Thanks. > A 2.1.11 release would be good; we're been running a recent v2.1.x > snapshot in production for a while and it's stable (once I patched the > detail file reader segfault, which I believe is now upstream) Yeah, that was *weird*. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Segmetation fault: [eap] Passing reply from proxy back into the tunnel
On 06/01/2011 09:00 PM, Phil Mayers wrote: I'll try to test the Access-Reject thing tomorrow; I'm betting it'll be a trivial fix. Huh. It works just fine for me on v2.1.x HEAD. I'll try to dig out the email where someone said it was faulty (IIRC they said they'd emailed you also Alan). I wonder if their config was broken in some other fashion and/or it got fixed in a later commit. I'll roll out the v2.1.x head to our test server tomorrow, but 2.1.11 sounds good. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Segmetation fault: [eap] Passing reply from proxy back into the tunnel
On 06/01/2011 07:32 PM, Alan DeKok wrote: Phil Mayers wrote: No, v2.1.x Beware: I have since been informed that there is still a potential segfault if the remote proxy returns an Access-Reject. I haven't had time to test this yet. I'd like to release 2.1.11 soon. Maybe next week? Well in fairness this feature (proxying PEAP-inner as non-EAP) doesn't work at all in 2.1.10 so the patch in 2.1.11 is at least an improvement! I'll try to test the Access-Reject thing tomorrow; I'm betting it'll be a trivial fix. A 2.1.11 release would be good; we're been running a recent v2.1.x snapshot in production for a while and it's stable (once I patched the detail file reader segfault, which I believe is now upstream) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Segmetation fault: [eap] Passing reply from proxy back into the tunnel
Phil Mayers wrote: > No, v2.1.x > > Beware: I have since been informed that there is still a potential > segfault if the remote proxy returns an Access-Reject. > > I haven't had time to test this yet. I'd like to release 2.1.11 soon. Maybe next week? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Segmetation fault: [eap] Passing reply from proxy back into the tunnel
Simon L. wrote: > > I hope anyone got this before and can give a solution. > > Please have a look in my debug log attached. > Going to need some GDB lovin' too. http://freeradius.org/radiusd/doc/bugs If you are compiling from source, I recommend you go with the git version which might already have a fix: http://git.freeradius.org/ Cheers -- Alexander Clouter .sigmonster says: He's just like Capistrano, always ready for a few swallows. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Segmetation fault: [eap] Passing reply from proxy back into the tunnel
Phil Mayers schrieb: > On 01/06/11 15:45, Simon L. wrote: >> ok now i found this: >> >> https://lists.freeradius.org/pipermail/freeradius-users/2011-April/msg00295.html >> >> >> This means, i should download the latest freeradius from git master >> branch? > > No, v2.1.x > > Beware: I have since been informed that there is still a potential > segfault if the remote proxy returns an Access-Reject. > > I haven't had time to test this yet. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html i will test it on friday and will report here. thanks for the information! Simon - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Segmetation fault: [eap] Passing reply from proxy back into the tunnel
On 01/06/11 15:45, Simon L. wrote: ok now i found this: https://lists.freeradius.org/pipermail/freeradius-users/2011-April/msg00295.html This means, i should download the latest freeradius from git master branch? No, v2.1.x Beware: I have since been informed that there is still a potential segfault if the remote proxy returns an Access-Reject. I haven't had time to test this yet. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Segmetation fault: [eap] Passing reply from proxy back into the tunnel
Alan DeKok schrieb: > Simon L. wrote: > >> ok now i found this: >> >> https://lists.freeradius.org/pipermail/freeradius-users/2011-April/msg00295.html >> >> This means, i should download the latest freeradius from git master branch? >> > > Use the v2.1.x branch. It will become 2.1.11 soon. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > ok, thank you! Simon - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Segmetation fault: [eap] Passing reply from proxy back into the tunnel
Simon L. wrote: > ok now i found this: > > https://lists.freeradius.org/pipermail/freeradius-users/2011-April/msg00295.html > > This means, i should download the latest freeradius from git master branch? Use the v2.1.x branch. It will become 2.1.11 soon. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Segmetation fault: [eap] Passing reply from proxy back into the tunnel
ok now i found this: https://lists.freeradius.org/pipermail/freeradius-users/2011-April/msg00295.html This means, i should download the latest freeradius from git master branch? Simon Simon L. schrieb: > Hi, > > my freeradius works as a proxy, terminates eap and proxy the request > with mschap to another freeradius. > > When "Passing reply from proxy back into the tunnel" the proxy quits > with a segmentation fault. > > This happens, with little difference, when sending the accept or reject > back to NAS. > > EAP/PEAP-MS-CHAPv2 is working when using a local user from users file so > that the request is not proxied. > > My System is Ubuntu 10.4.2 LTS Server and freeradius 2.1.10 from source. > > > I hope anyone got this before and can give a solution. > > Please have a look in my debug log attached. > > Thank you very much! > Simon > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Segmetation fault: [eap] Passing reply from proxy back into the tunnel
Hi,
my freeradius works as a proxy, terminates eap and proxy the request
with mschap to another freeradius.
When "Passing reply from proxy back into the tunnel" the proxy quits
with a segmentation fault.
This happens, with little difference, when sending the accept or reject
back to NAS.
EAP/PEAP-MS-CHAPv2 is working when using a local user from users file so
that the request is not proxied.
My System is Ubuntu 10.4.2 LTS Server and freeradius 2.1.10 from source.
I hope anyone got this before and can give a solution.
Please have a look in my debug log attached.
Thank you very much!
Simon
FreeRADIUS Version 2.1.10, for host i686-pc-linux-gnu, built on Jun 1 2011 at
14:11:11
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/proxy.conf
including configuration file /usr/local/etc/raddb/clients.conf
including files in directory /usr/local/etc/raddb/modules/
including configuration file /usr/local/etc/raddb/modules/attr_filter
including configuration file /usr/local/etc/raddb/modules/exec
including configuration file /usr/local/etc/raddb/modules/passwd
including configuration file /usr/local/etc/raddb/modules/realm
including configuration file /usr/local/etc/raddb/modules/linelog
including configuration file /usr/local/etc/raddb/modules/cui
including configuration file /usr/local/etc/raddb/modules/chap
including configuration file /usr/local/etc/raddb/modules/wimax
including configuration file /usr/local/etc/raddb/modules/detail
including configuration file /usr/local/etc/raddb/modules/sradutmp
including configuration file /usr/local/etc/raddb/modules/mac2vlan
including configuration file /usr/local/etc/raddb/modules/pam
including configuration file
/usr/local/etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /usr/local/etc/raddb/modules/krb5
including configuration file /usr/local/etc/raddb/modules/ippool
including configuration file /usr/local/etc/raddb/modules/logintime
including configuration file /usr/local/etc/raddb/modules/detail.example.com
including configuration file /usr/local/etc/raddb/modules/dynamic_clients
including configuration file /usr/local/etc/raddb/modules/otp
including configuration file /usr/local/etc/raddb/modules/expr
including configuration file /usr/local/etc/raddb/modules/counter
including configuration file /usr/local/etc/raddb/modules/ldap
including configuration file /usr/local/etc/raddb/modules/opendirectory
including configuration file /usr/local/etc/raddb/modules/preprocess
including configuration file /usr/local/etc/raddb/modules/files
including configuration file /usr/local/etc/raddb/modules/always
including configuration file /usr/local/etc/raddb/modules/unix
including configuration file /usr/local/etc/raddb/modules/expiration
including configuration file /usr/local/etc/raddb/modules/ntlm_auth
including configuration file /usr/local/etc/raddb/modules/smbpasswd
including configuration file /usr/local/etc/raddb/modules/detail.log
including configuration file /usr/local/etc/raddb/modules/mschap
including configuration file /usr/local/etc/raddb/modules/sql_log
including configuration file /usr/local/etc/raddb/modules/digest
including configuration file /usr/local/etc/raddb/modules/policy
including configuration file /usr/local/etc/raddb/modules/mac2ip
including configuration file /usr/local/etc/raddb/modules/acct_unique
including configuration file /usr/local/etc/raddb/modules/radutmp
including configuration file /usr/local/etc/raddb/modules/etc_group
including configuration file /usr/local/etc/raddb/modules/echo
including configuration file /usr/local/etc/raddb/modules/attr_rewrite
including configuration file /usr/local/etc/raddb/modules/smsotp
including configuration file /usr/local/etc/raddb/modules/inner-eap
including configuration file /usr/local/etc/raddb/modules/pap
including configuration file /usr/local/etc/raddb/modules/checkval
including configuration file /usr/local/etc/raddb/modules/perl
including configuration file /usr/local/etc/raddb/eap.conf
including configuration file /usr/local/etc/raddb/policy.conf
including files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file
/usr/local/etc/raddb/sites-enabled/proxy-inner-tunnel
including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel
including configuration file /usr/local/etc/raddb/sites-enabled/default
including configuration file /usr/local/etc/raddb/sites-enabled/control-socket
main {
allow_core_dumps = yes
}
Core dumps are enabled.
including dictionary file /usr/local/etc/raddb/dictionary
main {
prefix = "/usr/local"
localstatedir = "/usr/local/v
