Dear Michael Lecuyer,
Try to use gdb to analyze coredump. The only "unusuall" thing I see is
packet contains both MS-CHAP Challenge/Response and plain text password
(it shouldn't). But I see no why this can produce the crash at least
with rlm_mschap.
It could also be nice to see user's configuration.
--Friday, June 14, 2002, 6:47:23 PM, you wrote to [EMAIL PROTECTED]:
ML> Using radiusd: FreeRADIUS Version 0.5, for host i686-pc-linux-gnu, built on
ML> Jun 14 2002 at 10:26:10
ML> If I send a packet with both the MS-CHAP-Challenge & MS-CHAP-Response I get
ML> a Segmentation fault. If I don't send the MS-CHAP-Response, just the
ML> MS-CHAP-Challenge the server runs, but of course complains about the
ML> missing LM/NT password.
ML> As you can see from the following output 'mschap' is not run during
ML> authorization - it dies after 'files'. I've tried pointing it to the SAMBA
ML> password file but it makes no difference.
ML> Here's the authentication when there's no MS-CHAP-Response - looks correct.
ML> Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp.
ML> Ready to process requests.
ML> rad_recv: Access-Request packet from host 192.168.1.137:1339, id=12, length=84
ML> NAS-IP-Address = 127.0.0.1
ML> NAS-Identifier = "radtest"
ML> NAS-Port-Id = 1
ML> Acct-Tunnel-Client-Endpoint = "\000149.225.44.2"
ML> User-Name = "michael"
ML> Password = "\373\366 \363\246o\021\001\325k\276\320\013\336\322\333"
ML> modcall: entering group authorize
ML> modcall[authorize]: module "preprocess" returns ok
ML> rlm_counter: Entering module authorize code
ML> rlm_counter: Could not find Check item value pair
ML> modcall[authorize]: module "counter" returns noop
ML> modcall[authorize]: module "suffix" returns ok
ML> users: Matched michael at 38
ML> modcall[authorize]: module "files" returns ok
ML> modcall[authorize]: module "mschap" returns noop
ML> modcall: group authorize returns ok
ML> rad_check_password: Found Auth-Type MS-CHAP
ML> auth: type "MS-CHAP"
ML> modcall: entering group authenticate
ML> Looking for LM password.
ML> Looking for NT password.
ML> rlm_mschap: No LM/NT password configured. Check authorization.
ML> modcall[authenticate]: module "mschap" returns invalid
ML> modcall: group authenticate returns invalid
ML> auth: Failed to validate the user.
ML> Login incorrect: [michael] (from nas UNKNOWN-NAS port 1)
ML> Sending Access-Reject of id 12 to 192.168.1.137:1339
ML> Finished request 0
ML> Here's what happens if the MS-CHAP-Response is present (full debug dump):
ML> [root@tb6 michael]# /usr/local/sbin/radiusd -xx -s
ML> Starting - reading configuration files ...
ML> reread_config: reading radiusd.conf
ML> Config: including file: /etc/raddb/proxy.conf
ML> Config: including file: /etc/raddb/clients.conf
ML> Config: including file: /etc/raddb/snmp.conf
ML> Config: including file: /etc/raddb/sql.conf
ML> main: prefix = "/usr/local"
ML> main: localstatedir = "/usr/local/var"
ML> main: logdir = "/usr/local/var/log/radius"
ML> main: libdir = "/usr/local/lib"
ML> main: radacctdir = "/usr/local/var/log/radius/radacct"
ML> main: hostname_lookups = no
ML> read_config_files: reading dictionary
ML> read_config_files: reading clients
ML> read_config_files: reading realms
ML> read_config_files: reading naslist
ML> main: max_request_time = 30
ML> main: cleanup_delay = 5
ML> main: max_requests = 256
ML> main: delete_blocked_requests = 0
ML> main: port = 0
ML> main: allow_core_dumps = no
ML> main: log_stripped_names = no
ML> main: log_auth = yes
ML> main: log_auth_badpass = no
ML> main: log_auth_goodpass = no
ML> main: pidfile = "/usr/local/var/run/radiusd.pid"
ML> main: user = "root"
ML> main: group = "root"
ML> main: usercollide = no
ML> main: lower_user = "no"
ML> main: lower_pass = "no"
ML> main: nospace_user = "no"
ML> main: nospace_pass = "no"
ML> main: proxy_requests = yes
ML> proxy: retry_delay = 5
ML> proxy: retry_count = 3
ML> proxy: synchronous = no
ML> proxy: default_fallback = yes
ML> proxy: dead_time = 120
ML> security: max_attributes = 200
ML> security: reject_delay = 0
ML> main: debug_level = 0
ML> read_config_files: entering modules setup
ML> Module: Library search path is /usr/local/lib
ML> Module: Loaded System
ML> unix: cache = yes
ML> unix: passwd = "/etc/passwd"
ML> unix: shadow = "/etc/shadow"
ML> unix: group = "/etc/group"
ML> unix: radwtmp = "/usr/local/var/log/radius/radwtmp"
ML> unix: usegroup = no
ML> unix: cache_reload = 600
ML> HASH: Reinitializing hash structures and lists for caching...
ML> ...
ML> HASH: Stored 34 entries from /etc/passwd
ML> HASH: Stored 47 entries from /etc/group
ML> Module: Instantiated unix (unix)
ML> Module: Loaded MS-CHAP
ML> mschap: ignore_password = no
ML> mschap: use_mppe = no
ML> mschap: require_encryption = no
ML> mschap: require_strong = no
ML> mschap: passwd = "(null)"
ML> mschap: authtype = "MS-CHAP"
ML> Module: Instantiated mschap (mschap)
ML> Module: Loaded preprocess
ML> preprocess: huntgroups = "/etc/raddb/huntgroups"
ML> preprocess: hints = "/etc/raddb/hints"
ML> preprocess: with_ascend_hack = no
ML> preprocess: ascend_channels_per_line = 23
ML> preprocess: with_ntdomain_hack = no
ML> preprocess: with_specialix_jetstream_hack = no
ML> preprocess: with_cisco_vsa_hack = no
ML> Module: Instantiated preprocess (preprocess)
ML> Module: Loaded Counter
ML> counter: filename = "/etc/raddb/db.counter"
ML> counter: key = "User-Name"
ML> counter: reset = "daily"
ML> counter: count-attribute = "Acct-Session-Time"
ML> counter: counter-name = "Daily-Session-Time"
ML> counter: check-name = "Max-Daily-Session"
ML> counter: allowed-servicetype = "Framed-User"
ML> counter: cache-size = 5000
ML> rlm_counter: Counter attribute Daily-Session-Time is number 1145
ML> rlm_counter: Current Time: 1024064994, Next reset 1024113600
ML> Module: Instantiated counter (counter)
ML> Module: Loaded realm
ML> realm: format = "suffix"
ML> realm: delimiter = "@"
ML> Module: Instantiated realm (suffix)
ML> Module: Loaded files
ML> files: usersfile = "/etc/raddb/users"
ML> files: acctusersfile = "/etc/raddb/acct_users"
ML> files: compat = "no"
ML> Module: Instantiated files (files)
ML> Module: Loaded detail
ML> detail: detailfile =
ML> "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail"
ML> detail: detailperm = 384
ML> detail: dirperm = 493
ML> Module: Instantiated detail (detail)
ML> Module: Loaded radutmp
ML> radutmp: filename = "/usr/local/var/log/radius/radutmp"
ML> radutmp: username = "%{User-Name}"
ML> radutmp: perm = 384
ML> radutmp: callerid = yes
ML> Module: Instantiated radutmp (radutmp)
ML> Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp.
ML> Ready to process requests.
ML> rad_recv: Access-Request packet from host 192.168.1.137:1325, id=10, length=136
ML> NAS-IP-Address = 127.0.0.1
ML> NAS-Identifier = "radtest"
ML> NAS-Port-Id = 1
ML> MS-CHAP-Challenge = 0x827d8a93f0f874dc
ML> MS-CHAP-Response =
ML>
0x640220db4e865aeb78a1e0b5a1fd77c8938bf8b0f66659e2767dad76c2c8c842d03b1cc1965e22726dbfeef095e2a00d2be5
ML> User-Name = "michael"
ML> Password = "J\210"\371JR^\202F\204:\225\242lt\321"
ML> modcall: entering group authorize
ML> modcall[authorize]: module "preprocess" returns ok
ML> rlm_counter: Entering module authorize code
ML> rlm_counter: Could not find Check item value pair
ML> modcall[authorize]: module "counter" returns noop
ML> modcall[authorize]: module "suffix" returns ok
ML> users: Matched michael at 38
ML> modcall[authorize]: module "files" returns ok
ML> Segmentation fault
ML> -
ML> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
~/ZARAZA
�������� ����� ��� ������������ ������ - �������.
�� ����� �������, ������ �����������. (���)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
