Re: weird error
Joe Vieira wrote: > so, even tho LDAP_DEPRECATED was set as a cflag in > rlm_ldap/configure.in, it never shows up as a gcc option durring > compilation for some reason... Ah. The "configure" script hadn't been re-generated. Oops... I've committed the updated "configure" script. Hopefully the problem has been solved. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: weird error
seemingly thus far... Joe Vieira UNIX Systems Administrator Clark University - ITS [EMAIL PROTECTED] wrote: Hi, else you can get into a situation where the compiler assumed the function (in this case ldap_get_values) returns an int (32bit), but it actually returns a pointer (64bit on 64 bit systems) which can then get truncated (which is likely why it always looked the same, because the part that stayed after the truncation was the same...) good debian wiki article about implicit pointer conversion http://wiki.debian.org/ImplicitPointerConversions #define LDAP_DEPRECATED 1 added as the first line in rlm_ldap.c ... fixed the issue? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: weird error
Hi, > else you can get into a situation where the compiler assumed the function > (in this case ldap_get_values) returns an int (32bit), but it actually > returns a pointer (64bit on 64 bit systems) which can then get truncated > (which is likely why it always looked the same, because the part that > stayed after the truncation was the same...) > > good debian wiki article about implicit pointer conversion > http://wiki.debian.org/ImplicitPointerConversions > > #define LDAP_DEPRECATED 1 added as the first line in rlm_ldap.c ... fixed the issue? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: weird error
Joe Vieira wrote: Joe Vieira wrote: if that's the case, why do you think it seems to work fine single threaded? I dunno... so, even tho LDAP_DEPRECATED was set as a cflag in rlm_ldap/configure.in, it never shows up as a gcc option durring compilation for some reason... so i defined it in rlm_ldap.c because it is ABSOLUTELY required on 64bit systems, because of missing prototypes for ldap libraries .. which basically will ruin your day.. else you can get into a situation where the compiler assumed the function (in this case ldap_get_values) returns an int (32bit), but it actually returns a pointer (64bit on 64 bit systems) which can then get truncated (which is likely why it always looked the same, because the part that stayed after the truncation was the same...) good debian wiki article about implicit pointer conversion http://wiki.debian.org/ImplicitPointerConversions #define LDAP_DEPRECATED 1 added as the first line in rlm_ldap.c ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: weird error
Joe Vieira wrote: if that's the case, why do you think it seems to work fine single threaded? I dunno... So, more or less at this point threading seems to ruin this somehow. which is really weird. this same server was running freeradius 1.1.6, then i installed the new version, which basically goes to shit on the machine...i assume there was a lot of rewriting that occurred between these two versions, was threading re-written? or the rlm_ldap threading functions?? thanks joe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: weird error
if that's the case, why do you think it seems to work fine single threaded? I dunno... =( i am adding a ton of debugging stuff to the function so hopefully it might give some more insight... joe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: weird error
Joe Vieira wrote: > if that's the case, why do you think it seems to work fine single threaded? I dunno... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: weird error
1319 of rlm_ldap.c , gdb debugging shows me that vals[0] is not a valid memory location. (always 0xb00020e0) Try running it without the LDAP module. If it works, then the ldap module, or the LDAP libraries it uses aren't 64-bit clean. if that's the case, why do you think it seems to work fine single threaded? Joe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: weird error
I am consistently getting a segfault (~every 45minutes or so) from line 1319 of rlm_ldap.c , gdb debugging shows me that vals[0] is not a valid memory location. (always 0xb00020e0) Try running it without the LDAP module. If it works, then the ldap module, or the LDAP libraries it uses aren't 64-bit clean. i'm linked against redhat's 64bit ldap libraries, which function well in every test i can think to throw at them - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: weird error
Joe Vieira wrote: > I am consistently getting a segfault (~every 45minutes or so) from line > 1319 of rlm_ldap.c , gdb debugging shows me that vals[0] is not a valid > memory location. (always 0xb00020e0) Try running it without the LDAP module. If it works, then the ldap module, or the LDAP libraries it uses aren't 64-bit clean. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: weird error
Is anyone else running freeradius 2.0.1 on rhel5 x86-64?
I am consistently getting a segfault (~every 45minutes or so) from line
1319 of rlm_ldap.c , gdb debugging shows me that vals[0] is not a valid
memory location. (always 0xb00020e0)
this occurs on two physically different servers (different make and
model as well)
this only seems to occur when the server is run THREADED, when i run in
`radiusd -X` it DOES NOT segfault. however in `radiusd -f`
(threaded debug) it DOES segfault
attached seems to be the request that is causing a segfault
(threaded debug mode) as well as a backtrace and some other gdb info.
rad_recv: Access-Request packet from host 10.5.5.3 port 32770, id=198,
length=192
Fri Feb 8 08:55:09 2008 : Debug: Waking up in 0.9 seconds.
Fri Feb 8 08:55:09 2008 : Debug: Thread 8 got semaphore
Fri Feb 8 08:55:09 2008 : Debug: Thread 8 handling request 1112, (139
handled so far)
User-Name = "STUDENTS\\kcook"
Calling-Station-Id = "00-90-96-C7-15-7C"
Called-Station-Id = "00-19-07-06-68-40:ClarkWiFi"
NAS-Port = 29
NAS-IP-Address = 10.5.5.3
NAS-Identifier = "WISM1-8B"
Airespace-Wlan-Id = 2
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "177"
EAP-Message = 0x023e00130153545544454e54535c6b636f6f6b
Message-Authenticator = 0xa49c3013a1518db03e9dd79520678670
Fri Feb 8 08:55:09 2008 : Debug: +- entering group authorize
Fri Feb 8 08:55:09 2008 : Debug: modsingle[authorize]: calling
preprocess (rlm_preprocess) for request 1112
Fri Feb 8 08:55:09 2008 : Debug: hints: Matched DEFAULT at 65
Fri Feb 8 08:55:09 2008 : Debug: modsingle[authorize]: returned from
preprocess (rlm_preprocess) for reques
t 1112
Fri Feb 8 08:55:09 2008 : Debug: ++[preprocess] returns ok
Fri Feb 8 08:55:09 2008 : Debug: modsingle[authorize]: calling mschap
(rlm_mschap) for request 1112
Fri Feb 8 08:55:09 2008 : Debug: modsingle[authorize]: returned from
mschap (rlm_mschap) for request 1112
Fri Feb 8 08:55:09 2008 : Debug: ++[mschap] returns noop
Fri Feb 8 08:55:09 2008 : Debug: modsingle[authorize]: calling eap
(rlm_eap) for request 1112
Fri Feb 8 08:55:09 2008 : Debug: rlm_eap: EAP packet type response id
62 length 19
Fri Feb 8 08:55:09 2008 : Debug: rlm_eap: No EAP Start, assuming it's
an on-going EAP conversation
Fri Feb 8 08:55:09 2008 : Debug: modsingle[authorize]: returned from
eap (rlm_eap) for request 1112
Fri Feb 8 08:55:09 2008 : Debug: ++[eap] returns updated
Fri Feb 8 08:55:09 2008 : Debug: modsingle[authorize]: calling files
(rlm_files) for request 1112
Fri Feb 8 08:55:09 2008 : Debug: users: Matched entry DEFAULT at
line 17
Fri Feb 8 08:55:09 2008 : Debug: rlm_ldap: Entering ldap_groupcmp()
Fri Feb 8 08:55:09 2008 : Debug: expand: ou=Users, dc=clarku,
dc=edu -> ou=Users, dc=clarku, dc=edu
Fri Feb 8 08:55:09 2008 : Debug: radius_xlat: Running registered xlat
function of module mschap for string 'U
ser-Name'
Fri Feb 8 08:55:09 2008 : Debug: expand:
(uid=%{mschap:User-Name}) -> (uid=kcook)
Fri Feb 8 08:55:09 2008 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Fri Feb 8 08:55:09 2008 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Fri Feb 8 08:55:09 2008 : Debug: rlm_ldap: performing search in
ou=Users, dc=clarku, dc=edu , with filter (ui
d=kcook)
Fri Feb 8 08:55:09 2008 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Fri Feb 8 08:55:09 2008 : Debug: radius_xlat: Running registered xlat
function of module mschap for string 'U
ser-Name'
Fri Feb 8 08:55:09 2008 : Debug: expand:
(&(objectClass=posixGroup)(memberUid=%{mschap:User-Name})) ->
(&(objectClass=posixGroup)(memberUid=kcook))
Fri Feb 8 08:55:09 2008 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Fri Feb 8 08:55:09 2008 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Fri Feb 8 08:55:09 2008 : Debug: rlm_ldap: performing search in
cn=Administrators,ou=Groups,dc=clarku,dc=edu,
with filter (&(objectClass=posixGroup)(memberUid=kcook))
Fri Feb 8 08:55:09 2008 : Debug: rlm_ldap: object not found or got
ambiguous search result
Fri Feb 8 08:55:09 2008 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Fri Feb 8 08:55:09 2008 : Debug: rlm_ldap::ldap_groupcmp: Group
cn=Administrators,ou=Groups,dc=clarku,dc=edu
not found or user is not a member.
Fri Feb 8 08:55:09 2008 : Debug: rlm_ldap: Entering ldap_groupcmp()
Fri Feb 8 08:55:09 2008 : Debug: expand: ou=Users, dc=clarku,
dc=edu -> ou=Users, dc=clarku, dc=edu
Fri Feb 8 08:55:09 2008 : Debug: radius_xlat: Running registered xlat
function of module mschap for string 'U
ser-Name'
Fri Feb 8 08:55:09 2008 : Debug: expand:
(&(objectClass=posixGroup)(memberUid=%{mschap:User-Name})) ->
(&(objectClass=posixGroup)(memberUid=kcook))
Fri Feb 8 08:55:09 2008 : Debug:
Re: weird error
Joe Vieira wrote: > im running 2.0.1 and i saw those errors at the end of a string of these > errors... > > Wed Feb 6 10:43:04 2008 : Error: rlm_eap: Failed to remember handler! > Wed Feb 6 10:43:07 2008 : Error: rlm_eap: Failed to remember handler! Ugh. That means that something is going very wrong inside of the code. It was unable to store the state of the current EAP session, so the session can't be authenticated. I'm not sure why this would be happening. The EAP session storage is keyed off of the "State" variable, which should be unique for every Access-Challenge. If it's accidentally creating the same state for multiple EAP sessions, then that would explain the error... Is this on a 64-bit machine? I've committed some changes to src/modules/rlm_eap/ which *may* help. if not, it should now print more information about what's going wrong... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: weird error
Hi, > Wed Feb 6 10:43:04 2008 : Error: rlm_eap: Failed to remember handler! > Wed Feb 6 10:43:07 2008 : Error: rlm_eap: Failed to remember handler! > and > Wed Feb 6 10:43:07 2008 : Error: rlm_eap_tls: Unexpected ACK received > > > the reason i am looking over these logs right now is because the server > segfaulted with error 4, 4 seconds after this happened. hmm, similar to a behaviour that i have seen - ours didnt segfault though, it just stopped listening/answering. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: weird error
Joe Vieira wrote: Wed Feb 6 10:43:44 2008 : Error: TLS Alert write:fatal:bad record mac Wed Feb 6 10:43:44 2008 : Error: rlm_eap: SSL error error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac Wed Feb 6 10:43:44 2008 : Error: rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. could someone help me figure out what that means exactly? Something went wrong with the SSL session. It's big magic... im running 2.0.1 and i saw those errors at the end of a string of these errors... Wed Feb 6 10:43:04 2008 : Error: rlm_eap: Failed to remember handler! Wed Feb 6 10:43:07 2008 : Error: rlm_eap: Failed to remember handler! and Wed Feb 6 10:43:07 2008 : Error: rlm_eap_tls: Unexpected ACK received the reason i am looking over these logs right now is because the server segfaulted with error 4, 4 seconds after this happened. Joe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: weird error
Joe Vieira wrote: > Wed Feb 6 10:43:44 2008 : Error: TLS Alert write:fatal:bad record mac > Wed Feb 6 10:43:44 2008 : Error: rlm_eap: SSL error error:1408F119:SSL > routines:SSL3_GET_RECORD:decryption failed or bad record mac > Wed Feb 6 10:43:44 2008 : Error: rlm_eap_tls: SSL_read failed in a > system call (-1), TLS session fails. > > could someone help me figure out what that means exactly? Something went wrong with the SSL session. It's big magic... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
weird error
Wed Feb 6 10:43:44 2008 : Error: TLS Alert write:fatal:bad record mac Wed Feb 6 10:43:44 2008 : Error: rlm_eap: SSL error error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac Wed Feb 6 10:43:44 2008 : Error: rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. could someone help me figure out what that means exactly? thanks, -- Joe Vieira UNIX Systems Administrator Clark University - ITS - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: weird error rlm_radutmp
"Tim Mektrakarn" <[EMAIL PROTECTED]> wrote: > I'm getting flooded by these error messages, don't know what it means > > Sat Aug 21 18:57:55 2004 : Error: rlm_radutmp: Logout for NAS vb1 port > 661514, but no Login record It generally means that your NAS is sending accounting stop packets, but not accounting start packets. The messages can be ignored. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
weird error rlm_radutmp
I’m getting flooded by these error messages, don’t know what it means Sat Aug 21 18:57:55 2004 : Error: rlm_radutmp: Logout for NAS vb1 port 661514, but no Login record Sat Aug 21 18:57:55 2004 : Error: rlm_radutmp: Logout for NAS vb1 port 661573, but no Login record Sat Aug 21 18:57:55 2004 : Error: rlm_radutmp: Logout for NAS vb1 port 661438, but no Login record Sat Aug 21 18:57:55 2004 : Error: rlm_radutmp: Logout for NAS vb1 port 661514, but no Login record Sat Aug 21 18:57:56 2004 : Error: rlm_radutmp: Logout for NAS vb1 port 661546, but no Login record There are thousands of these entries with the port number being incremented. Any help would be great! Thanks, Tim
