You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The server is RHEL5 : Linux dev1 2.6.18-238.el5 #1 SMP Sun Dec 19 14:22:44 EST 2010 x86_64 x86_64 x86_64 GNU/Linux
SQL is configured to use unixODBC driver, the segfault occurs in the sql module (does not segfault if I comment it out of the configuration):
(0) sql : expand: "%{User-Name}" -> 'JustAtest'
(0) sql : SQL-User-Name set to "JustAtest"
rlm_sql (sql): Reserved connection (4)
(0) sql : expand: "SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id" -> 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'JustAtest' ORDER BY id'
rlm_sql (sql): Executing query: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'JustAtest' ORDER BY id'
Segmentation fault (core dumped)
gdb Info:
* 1 Thread 6536 0x00002b2d689d5bb0 in sql_userparse (ctx=0xf1d86f0, head=0x7fff149a5518, row=0xefd1400) at src/modules/rlm_sql/sql.c:174
Thread 1 (Thread 6536):
#0 0x00002b2d689d5bb0 in sql_userparse (ctx=0xf1d86f0, head=0x7fff149a5518, row=0xefd1400) at src/modules/rlm_sql/sql.c:174
vp = 0x7fff149a5520
ptr = 0xeff05b0 "Ж\371\016"
value = 0xf05f300 "SELECT id,UserName,Attribute,Value,op \t\t\t\t FROM radcheck \t\t\t\t WHERE Username = 'JustAtest' \t\t\t\t ORDER BY id"
buf = "\320S\232\024\377\177\000\000\340\071\365(7\000\000\000\320S\232\024\377\177\000\000\b\000\000\000\000\000\000\000\340r\232\024\377\177", '\000' <repeats 18 times>, ".N\307(7\000\000\000\260k\375\016\000\000\000\000\320S\232\024\377\177\000\000\000\000\000\000\000\000\000\000\243\224\325f-+\000\000\000\363\005\017\000\000\000\000\b\000\000\000\000\000\000\000@d\023\017\000\000\000\000\000տ\000\000\200\347ʰk\375\016\000\000\000\000@T\232\024\377\177\000\000\000\000\000\000\000\000\000\000@d\023\017\000\000\000\000@T\232\024\377\177\000\000\060\264\275h-+\000\000\320c\023\017\000\000\000\000\220T\232\024\000\000\000\000\260\005\377\016\000\000\000\000\320c\023\017", '\000' <repeats 12 times>, "@d\023\017\000\000\000\000\376\377\377\377\377\377\377\377\227b\235h\000\000\000\000\200T\232\024\377\177\000\000\334_\235h-+"
do_xlat = 0 '\000'
token = 251703296
operator = T_EOL
#1 0x00002b2d689d63d9 in sql_getvpdata (inst=0xeff05b0, handle=0x7fff149a5520, ctx=0xf1d86f0, pair=0x7fff149a5518,
query=0xf05f300 "SELECT id,UserName,Attribute,Value,op \t\t\t\t FROM radcheck \t\t\t\t WHERE Username = 'JustAtest' \t\t\t\t ORDER BY id") at src/modules/rlm_sql/sql.c:424
row = 0xefd1400
rows = 0
#2 0x00002b2d689d45c5 in mod_authorize (instance=0xeff05b0, request=0xf1d86f0) at src/modules/rlm_sql/rlm_sql.c:942
rcode = 6
inst = 0xeff05b0
handle = 0xf1363d0
check_tmp = 0x0
reply_tmp = 0x0
user_profile = 0x0
dofallthrough = 1
rows = 0
expanded = 0xf05f300 "SELECT id,UserName,Attribute,Value,op \t\t\t\t FROM radcheck \t\t\t\t WHERE Username = 'JustAtest' \t\t\t\t ORDER BY id"
#3 0x00000000004217ca in call_modsingle (component=RLM_COMPONENT_AUTZ, sp=0xf1be0c0, request=0xf1d86f0) at src/main/modcall.c:311
myresult = 253485248
blocked = 0
#4 0x0000000000422011 in modcall_recurse (request=0xf1d86f0, component=RLM_COMPONENT_AUTZ, depth=1, entry=0x7fff149a6490) at src/main/modcall.c:568
sp = 0xf1be0c0
if_taken = false
was_if = false
c = 0xf1be0c0
result = 7
priority = -1
#5 0x000000000042199a in modcall_child (request=0xf1d86f0, component=RLM_COMPONENT_AUTZ, depth=1, entry=0x7fff149a6480, c=0xf1bd9d0, result=0x7fff149a6368) at src/main/modcall.c:412
next = 0x7fff149a6490
#6 0x0000000000422e80 in modcall_recurse (request=0xf1d86f0, component=RLM_COMPONENT_AUTZ, depth=0, entry=0x7fff149a6480) at src/main/modcall.c:756
g = 0xf1bdad0
if_taken = false
was_if = false
c = 0xf1bdad0
result = 10
priority = -1
#7 0x0000000000423c21 in modcall (component=RLM_COMPONENT_AUTZ, c=0xf1bdad0, request=0xf1d86f0) at src/main/modcall.c:1000
stack = {{result = 6, priority = 0, c = 0xf1bdad0}, {result = 2, priority = 3, c = 0xf1be0c0}, {result = 345662640, priority = 32767, c = 0x3728c699da}, {result = -72515583, priority = 32767, c = 0x7fff149a6751}, {
result = 345663313, priority = 32767, c = 0x7fff149a6751}, {result = 345663313, priority = 32767, c = 0x7fff149a675d}, {result = 345664335, priority = 32767, c = 0x7fff149a6751}, {result = 345664335, priority = 32767,
c = 0x0}, {result = 0, priority = 0, c = 0x0}, {result = 0, priority = 0, c = 0x0}, {result = -1885478060, priority = 0, c = 0x3728808f64}, {result = 0, priority = 0, c = 0x0}, {result = -1885478060, priority = 0,
c = 0x7fff149a66f0}, {result = 345663240, priority = 32767, c = 0x0}, {result = 0, priority = 0, c = 0x0}, {result = 48, priority = 48, c = 0x7fff149a6690}, {result = 345662912, priority = 32767, c = 0x3728f51460}, {
result = 0, priority = 0, c = 0x0}, {result = 0, priority = 0, c = 0x2b2d66f65360}, {result = 1725304383, priority = 11053, c = 0x7fff149a66f0}, {result = -1885478060, priority = 0, c = 0x7fff149a6708}, {result = 0,
priority = 0, c = 0x3728809162}, {result = 4508903, priority = 0, c = 0xefd3ce0}, {result = 0, priority = 0, c = 0x7fff149a72e0}, {result = 0, priority = 0, c = 0xefd3ee7}, {result = 40, priority = 48,
c = 0x2ea8fb98149a66f0}, {result = 345663056, priority = 32767, c = 0x41e6ae}, {result = 4, priority = 152, c = 0xefd3ee0}, {result = 1727419232, priority = 11053, c = 0x2ea8fb9852e0276b}, {result = 345663104,
priority = 32767, c = 0x41e72d}, {result = 345663120, priority = 32767, c = 0xefd3ee0}, {result = 345666272, priority = 152, c = 0x2b2d66d58750}}
#8 0x000000000041f6b8 in indexed_modcall (comp=RLM_COMPONENT_AUTZ, idx=0, request=0xf1d86f0) at src/main/modules.c:747
rcode = 128
list = 0xf1bdad0
server = 0xf1bd170
#9 0x00000000004210df in process_authorize (autz_type=0, request=0xf1d86f0) at src/main/modules.c:1643
No locals.
#10 0x000000000040caca in rad_authenticate (request=0xf1d86f0) at src/main/auth.c:409
check_item = 0x7fff149a6c58
module_msg = 0x0
tmp = 0x0
result = 0
autz_retry = 0 '\000'
autz_type = 0
#11 0x0000000000431188 in request_running (request=0xf1d86f0, action=1) at src/main/process.c:1210
__FUNCTION__ = "request_running"
#12 0x0000000000430498 in request_queue_or_run (request=0xf1d86f0, process=0x4310c7 <request_running>) at src/main/process.c:849
when = {tv_sec = 1382542364, tv_usec = 421386}
#13 0x0000000000431851 in request_receive (listener=0xf1d6f20, packet=0xf1d8550, client=0xefb2be0, fun=0x40c90a <rad_authenticate>) at src/main/process.c:1409
count = 0
packet_p = 0x0
request = 0xf1d86f0
now = {tv_sec = 1382542364, tv_usec = 88034}
sock = 0xf1d7050
#14 0x0000000000413f8f in auth_socket_recv (listener=0xf1d6f20) at src/main/listen.c:1492
rcode = 92
code = 1
src_port = 43790
packet = 0xf1d8550
fun = 0x40c90a <rad_authenticate>
client = 0xefb2be0
src_ipaddr = {af = 2, ipaddr = {ip4addr = {s_addr = 94109823}, ip6addr = {in6_u = {u6_addr8 = "\177\000\234\005\362\233\366f-+\000\000\000\000\000", u6_addr16 = {127, 1436, 39922, 26358, 11053, 0, 0, 0}, u6_addr32 = {94109823,
1727437810, 11053, 0}}}}, scope = 0}
#15 0x0000000000436f74 in event_socket_handler (xel=0xf1c1410, fd=9, ctx=0xf1d6f20) at src/main/process.c:3494
listener = 0xf1d6f20
#16 0x00002b2d66f8e298 in fr_event_loop (el=0xf1c1410) at src/lib/event.c:417
ef = 0xf1c1440
i = 0
rcode = 1
maxfd = 12
when = {tv_sec = 0, tv_usec = 0}
wake = 0x0
read_fds = {fds_bits = {512, 0 <repeats 15 times>}}
master_fds = {fds_bits = {7680, 0 <repeats 15 times>}}
#17 0x0000000000438070 in radius_event_process () at src/main/process.c:4211
No locals.
#18 0x0000000000426d4a in main (argc=4, argv=0x7fff149a72e8) at src/main/radiusd.c:473
rcode = 0
status = 681688000
argval = -1
spawn_flag = 0
dont_fork = 1
write_pid = 0
flag = 0
act = {__sigaction_handler = {sa_handler = 0x427070 <sig_fatal>, sa_sigaction = 0x427070 <sig_fatal>}, sa_mask = {__val = {0 <repeats 16 times>}}, sa_flags = 0, sa_restorer = 0}
quit
Radiusd DEBUG:
# /usr/local/sbin/radiusd -X -d /usr/local/etc/raddb
radiusd: FreeRADIUS Version 3.0.1 (git #4c389d4), for host x86_64-unknown-linux-gnu, built on Oct 23 2013 at 11:27:40
Copyright (C) 1999-2013 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
For more information about these matters, see the file named COPYRIGHT.
Starting - reading configuration files ...
including dictionary file /usr/local/etc/raddb/dictionary
including configuration file /usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/proxy.conf
including configuration file /usr/local/etc/raddb/clients.conf
including files in directory /usr/local/etc/raddb/mods-enabled/
including configuration file /usr/local/etc/raddb/mods-enabled/sradutmp
including configuration file /usr/local/etc/raddb/mods-enabled/unix
including configuration file /usr/local/etc/raddb/mods-enabled/utf8
including configuration file /usr/local/etc/raddb/mods-enabled/ntlm_auth
including configuration file /usr/local/etc/raddb/mods-enabled/attr_filter
including configuration file /usr/local/etc/raddb/mods-enabled/always
including configuration file /usr/local/etc/raddb/mods-enabled/linelog
including configuration file /usr/local/etc/raddb/mods-enabled/realm
including configuration file /usr/local/etc/raddb/mods-enabled/soh
including configuration file /usr/local/etc/raddb/mods-enabled/dynamic_clients
including configuration file /usr/local/etc/raddb/mods-enabled/detail.log
including configuration file /usr/local/etc/raddb/mods-enabled/sql
including configuration file /usr/local/etc/raddb/mods-config/sql/main/mssql/queries.conf
including configuration file /usr/local/etc/raddb/mods-enabled/echo
including configuration file /usr/local/etc/raddb/mods-enabled/passwd
including configuration file /usr/local/etc/raddb/mods-enabled/expr
including configuration file /usr/local/etc/raddb/mods-enabled/chap
including configuration file /usr/local/etc/raddb/mods-enabled/replicate
including configuration file /usr/local/etc/raddb/mods-enabled/digest
including configuration file /usr/local/etc/raddb/mods-enabled/detail
including configuration file /usr/local/etc/raddb/mods-enabled/preprocess
including configuration file /usr/local/etc/raddb/mods-enabled/cache_eap
including configuration file /usr/local/etc/raddb/mods-enabled/logintime
including configuration file /usr/local/etc/raddb/mods-enabled/dhcp
including configuration file /usr/local/etc/raddb/mods-enabled/eap
including configuration file /usr/local/etc/raddb/mods-enabled/files
including configuration file /usr/local/etc/raddb/mods-enabled/pap
including configuration file /usr/local/etc/raddb/mods-enabled/radutmp
including configuration file /usr/local/etc/raddb/mods-enabled/exec
including configuration file /usr/local/etc/raddb/mods-enabled/mschap
including configuration file /usr/local/etc/raddb/mods-enabled/expiration
including files in directory /usr/local/etc/raddb/policy.d/
including configuration file /usr/local/etc/raddb/policy.d/canonicalization
including configuration file /usr/local/etc/raddb/policy.d/control
including configuration file /usr/local/etc/raddb/policy.d/operator-name
including configuration file /usr/local/etc/raddb/policy.d/filter
including configuration file /usr/local/etc/raddb/policy.d/accounting
including configuration file /usr/local/etc/raddb/policy.d/dhcp
including configuration file /usr/local/etc/raddb/policy.d/eap
including configuration file /usr/local/etc/raddb/policy.d/cui
including files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file /usr/local/etc/raddb/sites-enabled/default
including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel
main {
security {
allow_core_dumps = yes
}
}
Core dumps are enabled.
main {
name = "radiusd"
prefix = "/usr/local"
localstatedir = "/usr/local/var"
sbindir = "/usr/local/sbin"
logdir = "/usr/local/var/log/radius"
run_dir = "/usr/local/var/run/radiusd"
libdir = "/usr/local/lib"
radacctdir = "/usr/local/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
checkrad = "/usr/local/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
colourise = yes
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "testing123"
response_window = 20
max_outstanding = 65536
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
revive_interval = 120
status_check_timeout = 4
coa {
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
limit {
max_connections = 16
max_requests = 0
lifetime = 0
idle_timeout = 0
}
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
nas_type = "other"
proto = "*"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client 127.0.156.5 {
require_message_authenticator = no
secret = "acsSecret"
shortname = "ACS-test"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
radiusd: #### Instantiating modules ####
instantiate {
}
modules {
# Loaded module rlm_radutmp
# Instantiating module "sradutmp" from file /usr/local/etc/raddb/mods-enabled/sradutmp
radutmp sradutmp {
filename = "/usr/local/var/log/radius/sradutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
permissions = 420
caller_id = no
}
# Loaded module rlm_unix
# Instantiating module "unix" from file /usr/local/etc/raddb/mods-enabled/unix
unix {
radwtmp = "/usr/local/var/log/radius/radwtmp"
}
# Loaded module rlm_utf8
# Instantiating module "utf8" from file /usr/local/etc/raddb/mods-enabled/utf8
# Loaded module rlm_exec
# Instantiating module "ntlm_auth" from file /usr/local/etc/raddb/mods-enabled/ntlm_auth
exec ntlm_auth {
wait = yes
program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}"
shell_escape = yes
}
# Loaded module rlm_attr_filter
# Instantiating module "attr_filter.post-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter
attr_filter attr_filter.post-proxy {
filename = "/usr/local/etc/raddb/mods-config/attr_filter/post-proxy"
key = "%{Realm}"
relaxed = no
}
reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/post-proxy
# Instantiating module "attr_filter.pre-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter
attr_filter attr_filter.pre-proxy {
filename = "/usr/local/etc/raddb/mods-config/attr_filter/pre-proxy"
key = "%{Realm}"
relaxed = no
}
reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/pre-proxy
# Instantiating module "attr_filter.access_reject" from file /usr/local/etc/raddb/mods-enabled/attr_filter
attr_filter attr_filter.access_reject {
filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_reject"
key = "%{User-Name}"
relaxed = no
}
reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/access_reject
# Instantiating module "attr_filter.access_challenge" from file /usr/local/etc/raddb/mods-enabled/attr_filter
attr_filter attr_filter.access_challenge {
filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_challenge"
key = "%{User-Name}"
relaxed = no
}
reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/access_challenge
# Instantiating module "attr_filter.accounting_response" from file /usr/local/etc/raddb/mods-enabled/attr_filter
attr_filter attr_filter.accounting_response {
filename = "/usr/local/etc/raddb/mods-config/attr_filter/accounting_response"
key = "%{User-Name}"
relaxed = no
}
reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/accounting_response
# Loaded module rlm_always
# Instantiating module "fail" from file /usr/local/etc/raddb/mods-enabled/always
always fail {
rcode = "fail"
simulcount = 0
mpp = no
}
# Instantiating module "reject" from file /usr/local/etc/raddb/mods-enabled/always
always reject {
rcode = "reject"
simulcount = 0
mpp = no
}
# Instantiating module "noop" from file /usr/local/etc/raddb/mods-enabled/always
always noop {
rcode = "noop"
simulcount = 0
mpp = no
}
# Instantiating module "handled" from file /usr/local/etc/raddb/mods-enabled/always
always handled {
rcode = "handled"
simulcount = 0
mpp = no
}
# Instantiating module "updated" from file /usr/local/etc/raddb/mods-enabled/always
always updated {
rcode = "updated"
simulcount = 0
mpp = no
}
# Instantiating module "notfound" from file /usr/local/etc/raddb/mods-enabled/always
always notfound {
rcode = "notfound"
simulcount = 0
mpp = no
}
# Instantiating module "ok" from file /usr/local/etc/raddb/mods-enabled/always
always ok {
rcode = "ok"
simulcount = 0
mpp = no
}
# Loaded module rlm_linelog
# Instantiating module "linelog" from file /usr/local/etc/raddb/mods-enabled/linelog
linelog {
filename = "/usr/local/var/log/radius/linelog"
permissions = 384
format = "This is a log message for %{User-Name}"
reference = "%{%{Packet-Type}:-format}"
}
# Loaded module rlm_realm
# Instantiating module "IPASS" from file /usr/local/etc/raddb/mods-enabled/realm
realm IPASS {
format = "prefix"
delimiter = "/"
ignore_default = no
ignore_null = no
}
# Instantiating module "suffix" from file /usr/local/etc/raddb/mods-enabled/realm
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
# Instantiating module "realmpercent" from file /usr/local/etc/raddb/mods-enabled/realm
realm realmpercent {
format = "suffix"
delimiter = "%"
ignore_default = no
ignore_null = no
}
# Instantiating module "ntdomain" from file /usr/local/etc/raddb/mods-enabled/realm
realm ntdomain {
format = "prefix"
delimiter = "\"
ignore_default = no
ignore_null = no
}
# Loaded module rlm_soh
# Instantiating module "soh" from file /usr/local/etc/raddb/mods-enabled/soh
soh {
dhcp = yes
}
# Loaded module rlm_dynamic_clients
# Instantiating module "dynamic_clients" from file /usr/local/etc/raddb/mods-enabled/dynamic_clients
# Loaded module rlm_detail
# Instantiating module "auth_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
detail auth_log {
filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
header = "%t"
permissions = 384
dir_permissions = 493
locking = no
log_packet_header = no
}
# Instantiating module "reply_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
detail reply_log {
filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
header = "%t"
permissions = 384
dir_permissions = 493
locking = no
log_packet_header = no
}
# Instantiating module "pre_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
detail pre_proxy_log {
filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
header = "%t"
permissions = 384
dir_permissions = 493
locking = no
log_packet_header = no
}
# Instantiating module "post_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
detail post_proxy_log {
filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
header = "%t"
permissions = 384
dir_permissions = 493
locking = no
log_packet_header = no
}
# Loaded module rlm_sql
# Instantiating module "sql" from file /usr/local/etc/raddb/mods-enabled/sql
sql {
driver = "rlm_sql_unixodbc"
server = "prodDB"
port = ""
login = "test"
password = "test"
radius_db = "radius"
read_groups = yes
read_clients = no
delete_stale_sessions = yes
sql_user_name = "%{User-Name}"
default_user_profile = ""
client_query = "SELECT id,nasname,shortname,type,secret FROM nas"
authorize_check_query = "SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id"
authorize_reply_query = "SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id"
authorize_group_check_query = "SELECT radgroupcheck.id,radgroupcheck.GroupName, radgroupcheck.Attribute,radgroupcheck.Value, radgroupcheck.op FROM radgroupcheck,radusergroup WHERE radusergroup.Username = '%{SQL-User-Name}' AND radusergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id"
authorize_group_reply_query = "SELECT radgroupreply.id,radgroupreply.GroupName, radgroupreply.Attribute,radgroupreply.Value, radgroupreply.op FROM radgroupreply,radusergroup WHERE radusergroup.Username = '%{SQL-User-Name}' AND radusergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id"
group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority"
simul_count_query = ""
simul_verify_query = ""
safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
}
accounting {
reference = "%{tolower:type.%{Acct-Status-Type}.query}"
}
post-auth {
reference = ".query"
}
rlm_sql (sql): Driver rlm_sql_unixodbc (module rlm_sql_unixodbc) loaded and linked
rlm_sql (sql): Attempting to connect to database "radius"
rlm_sql (sql): Initialising connection pool
pool {
start = 5
min = 4
max = 10
spare = 3
uses = 0
lifetime = 0
cleanup_delay = 5
idle_timeout = 60
spread = no
}
rlm_sql (sql): Opening additional connection (0)
rlm_sql (sql): Opening additional connection (1)
rlm_sql (sql): Opening additional connection (2)
rlm_sql (sql): Opening additional connection (3)
rlm_sql (sql): Opening additional connection (4)
# Instantiating module "echo" from file /usr/local/etc/raddb/mods-enabled/echo
exec echo {
wait = yes
program = "/bin/echo %{User-Name}"
input_pairs = "request"
output_pairs = "reply"
shell_escape = yes
}
# Loaded module rlm_passwd
# Instantiating module "etc_passwd" from file /usr/local/etc/raddb/mods-enabled/passwd
passwd etc_passwd {
filename = "/etc/passwd"
format = "*User-Name:Crypt-Password:"
delimiter = ":"
ignore_nislike = no
ignore_empty = yes
allow_multiple_keys = no
hash_size = 100
}
rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
# Loaded module rlm_expr
# Instantiating module "expr" from file /usr/local/etc/raddb/mods-enabled/expr
expr {
safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
}
# Loaded module rlm_chap
# Instantiating module "chap" from file /usr/local/etc/raddb/mods-enabled/chap
# Loaded module rlm_replicate
# Instantiating module "replicate" from file /usr/local/etc/raddb/mods-enabled/replicate
# Loaded module rlm_digest
# Instantiating module "digest" from file /usr/local/etc/raddb/mods-enabled/digest
# Instantiating module "detail" from file /usr/local/etc/raddb/mods-enabled/detail
detail {
filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
header = "%t"
permissions = 384
dir_permissions = 493
locking = no
log_packet_header = no
}
# Loaded module rlm_preprocess
# Instantiating module "preprocess" from file /usr/local/etc/raddb/mods-enabled/preprocess
preprocess {
huntgroups = "/usr/local/etc/raddb/mods-config/preprocess/huntgroups"
hints = "/usr/local/etc/raddb/mods-config/preprocess/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/huntgroups
reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/hints
# Loaded module rlm_cache
# Instantiating module "cache_eap" from file /usr/local/etc/raddb/mods-enabled/cache_eap
cache cache_eap {
key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
ttl = 15
max_entries = 16384
epoch = 0
add_stats = no
}
# Loaded module rlm_logintime
# Instantiating module "logintime" from file /usr/local/etc/raddb/mods-enabled/logintime
logintime {
minimum_timeout = 60
}
# Loaded module rlm_dhcp
# Instantiating module "dhcp" from file /usr/local/etc/raddb/mods-enabled/dhcp
# Loaded module rlm_eap
# Instantiating module "eap" from file /usr/local/etc/raddb/mods-enabled/eap
eap {
default_eap_type = "md5"
timer_expire = 60
ignore_unknown_eap_types = no
mod_accounting_username_bug = no
max_sessions = 4096
}
# Linked to sub-module rlm_eap_md5
# Linked to sub-module rlm_eap_leap
# Linked to sub-module rlm_eap_gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
# Linked to sub-module rlm_eap_tls
tls {
tls = "tls-common"
}
tls-config tls-common {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
ca_path = "/usr/local/etc/raddb/certs"
pem_file_type = yes
private_key_file = "/usr/local/etc/raddb/certs/server.pem"
certificate_file = "/usr/local/etc/raddb/certs/server.pem"
ca_file = "/usr/local/etc/raddb/certs/ca.pem"
private_key_password = "whatever"
dh_file = "/usr/local/etc/raddb/certs/dh"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
cache {
enable = yes
lifetime = 24
max_entries = 255
}
verify {
}
ocsp {
enable = no
override_cert_url = yes
url = "http://127.0.0.1/ocsp/"
use_nonce = yes
timeout = 0
softfail = yes
}
}
# Linked to sub-module rlm_eap_ttls
ttls {
tls = "tls-common"
default_eap_type = "md5"
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
include_length = yes
require_client_cert = no
}
Using cached TLS configuration from previous invocation
# Linked to sub-module rlm_eap_peap
peap {
tls = "tls-common"
default_method = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
soh = no
require_client_cert = no
}
Using cached TLS configuration from previous invocation
# Linked to sub-module rlm_eap_mschapv2
mschapv2 {
with_ntdomain_hack = no
send_error = no
}
# Loaded module rlm_files
# Instantiating module "files" from file /usr/local/etc/raddb/mods-enabled/files
files {
filename = "/usr/local/etc/raddb/mods-config/files/authorize"
usersfile = "/usr/local/etc/raddb/mods-config/files/authorize"
acctusersfile = "/usr/local/etc/raddb/mods-config/files/accounting"
preproxy_usersfile = "/usr/local/etc/raddb/mods-config/files/pre-proxy"
compat = "no"
}
reading pairlist file /usr/local/etc/raddb/mods-config/files/authorize
reading pairlist file /usr/local/etc/raddb/mods-config/files/authorize
reading pairlist file /usr/local/etc/raddb/mods-config/files/accounting
reading pairlist file /usr/local/etc/raddb/mods-config/files/pre-proxy
# Loaded module rlm_pap
# Instantiating module "pap" from file /usr/local/etc/raddb/mods-enabled/pap
pap {
auto_header = no
normalise = yes
}
# Instantiating module "radutmp" from file /usr/local/etc/raddb/mods-enabled/radutmp
radutmp {
filename = "/usr/local/var/log/radius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
permissions = 384
caller_id = yes
}
# Instantiating module "exec" from file /usr/local/etc/raddb/mods-enabled/exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
}
# Loaded module rlm_mschap
# Instantiating module "mschap" from file /usr/local/etc/raddb/mods-enabled/mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = yes
passchange {
}
allow_retry = yes
}
# Loaded module rlm_expiration
# Instantiating module "expiration" from file /usr/local/etc/raddb/mods-enabled/expiration
} # modules
radiusd: #### Loading Virtual Servers ####
server { # from file /usr/local/etc/raddb/radiusd.conf
} # server
server default { # from file /usr/local/etc/raddb/sites-enabled/default
# Creating Auth-Type = digest
# Loading authenticate {...}
# Loading authorize {...}
WARNING: Ignoring "ldap" (see raddb/mods-available/README.rst)
# Loading preacct {...}
# Loading virtual module acct_unique
# Loading accounting {...}
# Loading post-proxy {...}
# Loading post-auth {...}
# Loading virtual module remove_reply_message_if_eap
# Loading virtual module remove_reply_message_if_eap
} # server
server inner-tunnel { # from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
# Loading authenticate {...}
# Loading authorize {...}
WARNING: Ignoring "ldap" (see raddb/mods-available/README.rst)
# Loading session {...}
# Loading post-proxy {...}
# Loading post-auth {...}
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
type = "acct"
ipaddr = *
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
type = "auth"
ipaddr = 127.0.0.1
port = 18120
}
Listening on auth address * port 1812 as server default
Listening on acct address * port 1813 as server default
Listening on auth address 127.0.0.1 port 18120 as server inner-tunnel
Opening new proxy address * port 1814
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.156.5 port 43790, id=153, length=92
Acct-Session-Id = 'TEST-20131023-113244-6537-1'
User-Password = 'guessme'
Calling-Station-Id = 'FFFFFFFFFFF0'
User-Name = 'JustAtest'
(0) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(0) authorize {
(0) [preprocess] = ok
(0) update reply {
(0) expand: "%{User-Name}" -> 'JustAtest'
(0) SQL-User-Name set to "JustAtest"
rlm_sql (sql): Reserved connection (4)
rlm_sql (sql): Executing query: 'SELECT username from mytest WHERE csid = 'FFFFFFFFFFF0''
(0) sql_xlat finished
rlm_sql (sql): Released connection (4)
rlm_sql (sql): Closing connection (0): Too many free connections (5 > 3)
rlm_sql_unixodbc: Socket destructor called, closing socket
(0) expand: "%{sql:SELECT username from mytest WHERE csid = '%{Calling-Station-Id}'}" -> 'test'
(0) Tmp-String-0 := "test"
(0) } # update reply = noop
(0) [chap] = noop
(0) [mschap] = noop
(0) [digest] = noop
(0) suffix : No '@' in User-Name = "JustAtest", looking up realm NULL
(0) suffix : No such realm "NULL"
(0) [suffix] = noop
(0) eap : No EAP-Message, not doing EAP
(0) [eap] = noop
(0) [files] = noop
(0) sql : expand: "%{User-Name}" -> 'JustAtest'
(0) sql : SQL-User-Name set to "JustAtest"
rlm_sql (sql): Reserved connection (4)
(0) sql : expand: "SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id" -> 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'JustAtest' ORDER BY id'
rlm_sql (sql): Executing query: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'JustAtest' ORDER BY id'
Segmentation fault (core dumped)
The text was updated successfully, but these errors were encountered:
The server is RHEL5 : Linux dev1 2.6.18-238.el5 #1 SMP Sun Dec 19 14:22:44 EST 2010 x86_64 x86_64 x86_64 GNU/Linux
gdb Info:
Radiusd DEBUG:
The text was updated successfully, but these errors were encountered: