Re: weird error
Joe Vieira wrote: > so, even tho LDAP_DEPRECATED was set as a cflag in > rlm_ldap/configure.in, it never shows up as a gcc option durring > compilation for some reason... Ah. The "configure" script hadn't been re-generated. Oops... I've committed the updated "configure" script. Hopefully the problem has been solved. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: weird error
seemingly thus far... Joe Vieira UNIX Systems Administrator Clark University - ITS [EMAIL PROTECTED] wrote: Hi, else you can get into a situation where the compiler assumed the function (in this case ldap_get_values) returns an int (32bit), but it actually returns a pointer (64bit on 64 bit systems) which can then get truncated (which is likely why it always looked the same, because the part that stayed after the truncation was the same...) good debian wiki article about implicit pointer conversion http://wiki.debian.org/ImplicitPointerConversions #define LDAP_DEPRECATED 1 added as the first line in rlm_ldap.c ... fixed the issue? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: weird error
Hi, > else you can get into a situation where the compiler assumed the function > (in this case ldap_get_values) returns an int (32bit), but it actually > returns a pointer (64bit on 64 bit systems) which can then get truncated > (which is likely why it always looked the same, because the part that > stayed after the truncation was the same...) > > good debian wiki article about implicit pointer conversion > http://wiki.debian.org/ImplicitPointerConversions > > #define LDAP_DEPRECATED 1 added as the first line in rlm_ldap.c ... fixed the issue? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: weird error
Joe Vieira wrote: Joe Vieira wrote: if that's the case, why do you think it seems to work fine single threaded? I dunno... so, even tho LDAP_DEPRECATED was set as a cflag in rlm_ldap/configure.in, it never shows up as a gcc option durring compilation for some reason... so i defined it in rlm_ldap.c because it is ABSOLUTELY required on 64bit systems, because of missing prototypes for ldap libraries .. which basically will ruin your day.. else you can get into a situation where the compiler assumed the function (in this case ldap_get_values) returns an int (32bit), but it actually returns a pointer (64bit on 64 bit systems) which can then get truncated (which is likely why it always looked the same, because the part that stayed after the truncation was the same...) good debian wiki article about implicit pointer conversion http://wiki.debian.org/ImplicitPointerConversions #define LDAP_DEPRECATED 1 added as the first line in rlm_ldap.c ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: weird error
Joe Vieira wrote: if that's the case, why do you think it seems to work fine single threaded? I dunno... So, more or less at this point threading seems to ruin this somehow. which is really weird. this same server was running freeradius 1.1.6, then i installed the new version, which basically goes to shit on the machine...i assume there was a lot of rewriting that occurred between these two versions, was threading re-written? or the rlm_ldap threading functions?? thanks joe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: weird error
if that's the case, why do you think it seems to work fine single threaded? I dunno... =( i am adding a ton of debugging stuff to the function so hopefully it might give some more insight... joe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: weird error
Joe Vieira wrote: > if that's the case, why do you think it seems to work fine single threaded? I dunno... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: weird error
1319 of rlm_ldap.c , gdb debugging shows me that vals[0] is not a valid memory location. (always 0xb00020e0) Try running it without the LDAP module. If it works, then the ldap module, or the LDAP libraries it uses aren't 64-bit clean. if that's the case, why do you think it seems to work fine single threaded? Joe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: weird error
I am consistently getting a segfault (~every 45minutes or so) from line 1319 of rlm_ldap.c , gdb debugging shows me that vals[0] is not a valid memory location. (always 0xb00020e0) Try running it without the LDAP module. If it works, then the ldap module, or the LDAP libraries it uses aren't 64-bit clean. i'm linked against redhat's 64bit ldap libraries, which function well in every test i can think to throw at them - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: weird error
Joe Vieira wrote: > I am consistently getting a segfault (~every 45minutes or so) from line > 1319 of rlm_ldap.c , gdb debugging shows me that vals[0] is not a valid > memory location. (always 0xb00020e0) Try running it without the LDAP module. If it works, then the ldap module, or the LDAP libraries it uses aren't 64-bit clean. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: weird error
Is anyone else running freeradius 2.0.1 on rhel5 x86-64? I am consistently getting a segfault (~every 45minutes or so) from line 1319 of rlm_ldap.c , gdb debugging shows me that vals[0] is not a valid memory location. (always 0xb00020e0) this occurs on two physically different servers (different make and model as well) this only seems to occur when the server is run THREADED, when i run in `radiusd -X` it DOES NOT segfault. however in `radiusd -f` (threaded debug) it DOES segfault attached seems to be the request that is causing a segfault (threaded debug mode) as well as a backtrace and some other gdb info. rad_recv: Access-Request packet from host 10.5.5.3 port 32770, id=198, length=192 Fri Feb 8 08:55:09 2008 : Debug: Waking up in 0.9 seconds. Fri Feb 8 08:55:09 2008 : Debug: Thread 8 got semaphore Fri Feb 8 08:55:09 2008 : Debug: Thread 8 handling request 1112, (139 handled so far) User-Name = "STUDENTS\\kcook" Calling-Station-Id = "00-90-96-C7-15-7C" Called-Station-Id = "00-19-07-06-68-40:ClarkWiFi" NAS-Port = 29 NAS-IP-Address = 10.5.5.3 NAS-Identifier = "WISM1-8B" Airespace-Wlan-Id = 2 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "177" EAP-Message = 0x023e00130153545544454e54535c6b636f6f6b Message-Authenticator = 0xa49c3013a1518db03e9dd79520678670 Fri Feb 8 08:55:09 2008 : Debug: +- entering group authorize Fri Feb 8 08:55:09 2008 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 1112 Fri Feb 8 08:55:09 2008 : Debug: hints: Matched DEFAULT at 65 Fri Feb 8 08:55:09 2008 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for reques t 1112 Fri Feb 8 08:55:09 2008 : Debug: ++[preprocess] returns ok Fri Feb 8 08:55:09 2008 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 1112 Fri Feb 8 08:55:09 2008 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 1112 Fri Feb 8 08:55:09 2008 : Debug: ++[mschap] returns noop Fri Feb 8 08:55:09 2008 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 1112 Fri Feb 8 08:55:09 2008 : Debug: rlm_eap: EAP packet type response id 62 length 19 Fri Feb 8 08:55:09 2008 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Fri Feb 8 08:55:09 2008 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 1112 Fri Feb 8 08:55:09 2008 : Debug: ++[eap] returns updated Fri Feb 8 08:55:09 2008 : Debug: modsingle[authorize]: calling files (rlm_files) for request 1112 Fri Feb 8 08:55:09 2008 : Debug: users: Matched entry DEFAULT at line 17 Fri Feb 8 08:55:09 2008 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Feb 8 08:55:09 2008 : Debug: expand: ou=Users, dc=clarku, dc=edu -> ou=Users, dc=clarku, dc=edu Fri Feb 8 08:55:09 2008 : Debug: radius_xlat: Running registered xlat function of module mschap for string 'U ser-Name' Fri Feb 8 08:55:09 2008 : Debug: expand: (uid=%{mschap:User-Name}) -> (uid=kcook) Fri Feb 8 08:55:09 2008 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Feb 8 08:55:09 2008 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Feb 8 08:55:09 2008 : Debug: rlm_ldap: performing search in ou=Users, dc=clarku, dc=edu , with filter (ui d=kcook) Fri Feb 8 08:55:09 2008 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Feb 8 08:55:09 2008 : Debug: radius_xlat: Running registered xlat function of module mschap for string 'U ser-Name' Fri Feb 8 08:55:09 2008 : Debug: expand: (&(objectClass=posixGroup)(memberUid=%{mschap:User-Name})) -> (&(objectClass=posixGroup)(memberUid=kcook)) Fri Feb 8 08:55:09 2008 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Feb 8 08:55:09 2008 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Feb 8 08:55:09 2008 : Debug: rlm_ldap: performing search in cn=Administrators,ou=Groups,dc=clarku,dc=edu, with filter (&(objectClass=posixGroup)(memberUid=kcook)) Fri Feb 8 08:55:09 2008 : Debug: rlm_ldap: object not found or got ambiguous search result Fri Feb 8 08:55:09 2008 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Feb 8 08:55:09 2008 : Debug: rlm_ldap::ldap_groupcmp: Group cn=Administrators,ou=Groups,dc=clarku,dc=edu not found or user is not a member. Fri Feb 8 08:55:09 2008 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Feb 8 08:55:09 2008 : Debug: expand: ou=Users, dc=clarku, dc=edu -> ou=Users, dc=clarku, dc=edu Fri Feb 8 08:55:09 2008 : Debug: radius_xlat: Running registered xlat function of module mschap for string 'U ser-Name' Fri Feb 8 08:55:09 2008 : Debug: expand: (&(objectClass=posixGroup)(memberUid=%{mschap:User-Name})) -> (&(objectClass=posixGroup)(memberUid=kcook)) Fri Feb 8 08:55:09 2008 : Debug:
Re: weird error
Joe Vieira wrote: > im running 2.0.1 and i saw those errors at the end of a string of these > errors... > > Wed Feb 6 10:43:04 2008 : Error: rlm_eap: Failed to remember handler! > Wed Feb 6 10:43:07 2008 : Error: rlm_eap: Failed to remember handler! Ugh. That means that something is going very wrong inside of the code. It was unable to store the state of the current EAP session, so the session can't be authenticated. I'm not sure why this would be happening. The EAP session storage is keyed off of the "State" variable, which should be unique for every Access-Challenge. If it's accidentally creating the same state for multiple EAP sessions, then that would explain the error... Is this on a 64-bit machine? I've committed some changes to src/modules/rlm_eap/ which *may* help. if not, it should now print more information about what's going wrong... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: weird error
Hi, > Wed Feb 6 10:43:04 2008 : Error: rlm_eap: Failed to remember handler! > Wed Feb 6 10:43:07 2008 : Error: rlm_eap: Failed to remember handler! > and > Wed Feb 6 10:43:07 2008 : Error: rlm_eap_tls: Unexpected ACK received > > > the reason i am looking over these logs right now is because the server > segfaulted with error 4, 4 seconds after this happened. hmm, similar to a behaviour that i have seen - ours didnt segfault though, it just stopped listening/answering. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: weird error
Joe Vieira wrote: Wed Feb 6 10:43:44 2008 : Error: TLS Alert write:fatal:bad record mac Wed Feb 6 10:43:44 2008 : Error: rlm_eap: SSL error error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac Wed Feb 6 10:43:44 2008 : Error: rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. could someone help me figure out what that means exactly? Something went wrong with the SSL session. It's big magic... im running 2.0.1 and i saw those errors at the end of a string of these errors... Wed Feb 6 10:43:04 2008 : Error: rlm_eap: Failed to remember handler! Wed Feb 6 10:43:07 2008 : Error: rlm_eap: Failed to remember handler! and Wed Feb 6 10:43:07 2008 : Error: rlm_eap_tls: Unexpected ACK received the reason i am looking over these logs right now is because the server segfaulted with error 4, 4 seconds after this happened. Joe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: weird error
Joe Vieira wrote: > Wed Feb 6 10:43:44 2008 : Error: TLS Alert write:fatal:bad record mac > Wed Feb 6 10:43:44 2008 : Error: rlm_eap: SSL error error:1408F119:SSL > routines:SSL3_GET_RECORD:decryption failed or bad record mac > Wed Feb 6 10:43:44 2008 : Error: rlm_eap_tls: SSL_read failed in a > system call (-1), TLS session fails. > > could someone help me figure out what that means exactly? Something went wrong with the SSL session. It's big magic... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
weird error
Wed Feb 6 10:43:44 2008 : Error: TLS Alert write:fatal:bad record mac Wed Feb 6 10:43:44 2008 : Error: rlm_eap: SSL error error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac Wed Feb 6 10:43:44 2008 : Error: rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. could someone help me figure out what that means exactly? thanks, -- Joe Vieira UNIX Systems Administrator Clark University - ITS - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: weird error rlm_radutmp
"Tim Mektrakarn" <[EMAIL PROTECTED]> wrote: > I'm getting flooded by these error messages, don't know what it means > > Sat Aug 21 18:57:55 2004 : Error: rlm_radutmp: Logout for NAS vb1 port > 661514, but no Login record It generally means that your NAS is sending accounting stop packets, but not accounting start packets. The messages can be ignored. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
weird error rlm_radutmp
I’m getting flooded by these error messages, don’t know what it means Sat Aug 21 18:57:55 2004 : Error: rlm_radutmp: Logout for NAS vb1 port 661514, but no Login record Sat Aug 21 18:57:55 2004 : Error: rlm_radutmp: Logout for NAS vb1 port 661573, but no Login record Sat Aug 21 18:57:55 2004 : Error: rlm_radutmp: Logout for NAS vb1 port 661438, but no Login record Sat Aug 21 18:57:55 2004 : Error: rlm_radutmp: Logout for NAS vb1 port 661514, but no Login record Sat Aug 21 18:57:56 2004 : Error: rlm_radutmp: Logout for NAS vb1 port 661546, but no Login record There are thousands of these entries with the port number being incremented. Any help would be great! Thanks, Tim