Just for some reference (Trying to find commonalities):
What OS/Distro are you?
I'm Debian testing release
How did you Install? (Prebuilt binary / created local package and install /
install from source)
I created a local Debian package, and installed it.
What modules did you enable?
PEAP, TTLS, and TLS
What is your authentication source?
Using ntlm_auth against Active Directory 2003
What is your supplicant?
98% Windows XP built in supplicant. The rest are Linux / Mac clients.
I wonder if this has something to do with this bug that got squashed....
2006.03.20 v1.0.5, and v1.1.0 - A validation issue exists with the EAP-MSCHAPv2
module in all versions from 1.0.0 (where the module first appeared) to 1.1.0.
Insufficient input validation was being done in the EAP-MSCHAPv2 state machine.
A malicious attacker could manipulate their EAP-MSCHAPv2 client state machine
to potentially convince the server to bypass authentication checks. This
bypassing could also result in the server crashing. We recommend that
administrators upgrade immediately.
> -----Original Message-----
> From:
> [EMAIL PROTECTED]
> g
> [mailto:[EMAIL PROTECTED]
> adius.org] On Behalf Of Stefan Winter
> Sent: Monday, March 27, 2006 1:49 AM
> To: FreeRadius users mailing list
> Subject: Re: Version 1.1.1 stops responding
>
> > Mine seg faulted as well..
> > Here's the last few lines of the freeradius -X -A
>
> > modcall: entering group authenticate for request 1002
> > rlm_eap: Request found, released from the list
> > rlm_eap: EAP/peap
> > rlm_eap: processing type peap
> > rlm_eap_peap: Authenticate
> > rlm_eap_tls: processing TLS
> > rlm_eap_tls: Length Included
> > eaptls_verify returned 11
>
> Interesting. This morning I encountered again that radiusd
> was claiming to be still listening on its ports, but didn't
> process anything any more. As other logs showed, someone
> logged into an Access Point via TTLS at 8:22 and at 8:25 the
> Nagios Monitoring system marked the RADIUS Server as
> critical. Scan interval for Nagios is every three minutes. So
> it could very well be that FreeRADIUS stopped processing
> packets when it tried to do TTLS. Sounds similar to your
> case, just that it didn't segfault. Note that we usually use
> TTLS it several times a day, and FreeRADIUS shows this
> behaviour only sporadically.
> I now reverted to 1.1.0 in the hope that it's better there.
> The way it is now is... disturbing.
>
> Greetings,
>
> Stefan Winter
>
> --
> Stefan WINTER
>
> Stiftung RESTENA - Réseau Téléinformatique de l'Education
> Nationale et de la Recherche Ingenieur Forschung & Entwicklung
>
> 6, rue Richard Coudenhove-Kalergi
> L-1359 Luxembourg
> E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1
> http://www.restena.lu Fax: +352 422473
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
