LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   freeradius-server-2.0.5 + mysql + Segmentation fault (https://www.linuxquestions.org/questions/linux-newbie-8/freeradius-server-2-0-5-mysql-segmentation-fault-663879/)

conesh 08-19-2008 01:39 PM

freeradius-server-2.0.5 + mysql + Segmentation fault
 
Hi,this is my first question here I hope you can help me.

I'm running fedora core 9 on a xeon server, we are trying to use peap authentication, the thing is that the radius server is not working, it begins to load the configuration and then I get the segmentation fault.
I think it's the sql configuration but I'm not sure.

Any ideas?
here is my configuration:
Radiusd.conf

All the coments were removed to fit this window.
prefix = /usr/local

exec_prefix = ${prefix}

sysconfdir = ${prefix}/etc

localstatedir = ${prefix}/var

sbindir = ${exec_prefix}/sbin

logdir = ${localstatedir}/log/radius

raddbdir = ${sysconfdir}/raddb

radacctdir = ${logdir}/radacct



confdir = ${raddbdir}

run_dir = ${localstatedir}/run/radiusd



db_dir = $(raddbdir)
libdir = ${exec_prefix}/lib


pidfile = ${run_dir}/radiusd.pid

cleanup_delay = 5


max_requests = 1024


listen {

# Type of packets to listen for.
# Allowed values are:
#auth listen for authentication packets
#acct listen for accounting packets
#proxy IP to use for sending proxied packets
#detail Read from the detail file. For examples, see
#raddb/sites-available/copy-acct-to-home-server
#
type = auth

# Note: "type = proxy" lets you control the source IP used for
#proxying packets, with some limitations:
#
# * Only ONE proxy listener can be defined.
# * A proxy listener CANNOT be used in a virtual server section.
# * You should probably set "port = 0".
# * Any "clients" configuration will be ignored.

# IP address on which to listen.
# Allowed values are:
#dotted quad (1.2.3.4)
#hostname (radius.example.com)
#wildcard (*)
ipaddr = *

# OR, you can use an IPv6 address, but not both
# at the same time.
#ipv6addr = :: # any. ::1 == localhost


# Port on which to listen.
# Allowed values are:
#integer port number (1812)
#0 means "use /etc/services for the proper port"
port = 0

# Some systems support binding to an interface, in addition
# to the IP address. This feature isn't strictly necessary,
# but for sites with many IP addresses on one interface,
# it's useful to say "listen on all addresses for eth0".
#
# If your system does not support this feature, you will
# get an error if you try to use it.
#
#interface = eth0


# Per-socket lists of clients. This is a very useful feature.
#
# The name here is a reference to a section elsewhere in
# radiusd.conf, or clients.conf. Having the name as
# a reference allows multiple sockets to use the same
# set of clients.
#
# If this configuration is used, then the global list of clients
# is IGNORED for this "listen" section. Take care configuring
# this feature, to ensure you don't accidentally disable a
# client you need.
#
# See clients.conf for the configuration of "per_socket_clients".
#
#clients = per_socket_clients

}

# This second "listen" section is for listening on the accounting

# port, too.

#
listen {

ipaddr = *
#ipv6addr = ::

port = 0
type = acct
#interface = eth0

#clients = per_socket_clients

}

# hostname_lookups: Log the names of clients or just their IP addresses

# e.g., (on) or 206.47.27.232 (off).

#
# The default is 'off' because it would be overall better for the net

# if people had to knowingly turn this feature on, since enabling it

# means that each client request will result in AT LEAST one lookup

# request to the nameserver. Enabling hostname_lookups will also

# mean that your server may stop randomly for 30 seconds from time

# to time, if the DNS requests take too long.

#
# Turning hostname lookups off also means that the server won't block

# for 30 seconds, if it sees an IP address which has no name associated

# with it.

#
# allowed values: {no, yes}

#
hostname_lookups = no


# Core dumps are a bad thing. This should only be set to 'yes'

# if you're debugging a problem with the server.

#
# allowed values: {no, yes}

#
allow_core_dumps = no


# Regular expressions

#
# These items are set at configure time. If they're set to "yes",

# then setting them to "no" turns off regular expression support.

#
# If they're set to "no" at configure time, then setting them to "yes"

# WILL NOT WORK. It will give you an error.

#
regular_expressions = yes

extended_expressions = yes


#
# Logging section. The various "log_*" configuration items

# will eventually be moved here.

#
log {

#
# Destination for log messages. This can be one of:
#
#files - log to "file", as defined below.
#syslog - to syslog (see also the "syslog_facility", below.
#stdout - standard output
#stderr - standard error.
#
# The command-line option "-X" over-rides this option, and forces
# logging to go to stdout.
#
destination = files

#
# The logging messages for the server are appended to the
# tail of this file if ${destination} == "files"
#
# If the server is running in debugging mode, this file is
# NOT used.
#
file = ${logdir}/radius.log

#
# Which syslog facility to use, if ${destination} == "syslog"
#
# The exact values permitted here are OS-dependent. You probably
# don't want to change this.
#
syslog_facility = daemon

# Log the full User-Name attribute, as it was found in the request.
#
# allowed values: {no, yes}
#
stripped_names = no

# Log authentication requests to the log file.
#
# allowed values: {no, yes}
#
auth = no

# Log passwords with the authentication requests.
# auth_badpass - logs password if it's rejected
# auth_goodpass - logs password if it's correct
#
# allowed values: {no, yes}
#
auth_badpass = no
auth_goodpass = no
}

# The program to execute to do concurrency checks.

checkrad = ${sbindir}/checkrad


# SECURITY CONFIGURATION

#
# There may be multiple methods of attacking on the server. This

# section holds the configuration items which minimize the impact

# of those attacks

#
security {

#
# max_attributes: The maximum number of attributes
# permitted in a RADIUS packet. Packets which have MORE
# than this number of attributes in them will be dropped.
#
# If this number is set too low, then no RADIUS packets
# will be accepted.
#
# If this number is set too high, then an attacker may be
# able to send a small number of packets which will cause
# the server to use all available memory on the machine.
#
# Setting this number to 0 means "allow any number of attributes"
max_attributes = 200

#
# reject_delay: When sending an Access-Reject, it can be
# delayed for a few seconds. This may help slow down a DoS
# attack. It also helps to slow down people trying to brute-force
# crack a users password.
#
# Setting this number to 0 means "send rejects immediately"
#
# If this number is set higher than 'cleanup_delay', then the
# rejects will be sent at 'cleanup_delay' time, when the request
# is deleted from the internal cache of requests.
#
# Useful ranges: 1 to 5
reject_delay = 1

#
# status_server: Whether or not the server will respond
# to Status-Server requests.
#
# When sent a Status-Server message, the server responds with
# an Access-Accept or Accounting-Response packet.
#
# This is mainly useful for administrators who want to "ping"
# the server, without adding test users, or creating fake
# accounting packets.
#
# It's also useful when a NAS marks a RADIUS server "dead".
# The NAS can periodically "ping" the server with a Status-Server
# packet. If the server responds, it must be alive, and the
# NAS can start using it for real requests.
#
status_server = yes
}

# PROXY CONFIGURATION

#
# proxy_requests: Turns proxying of RADIUS requests on or off.

#
# The server has proxying turned on by default. If your system is NOT

# set up to proxy requests to another server, then you can turn proxying

# off here. This will save a small amount of resources on the server.

#
# If you have proxying turned off, and your configuration files say

# to proxy a request, then an error message will be logged.

#
# To disable proxying, change the "yes" to "no", and comment the

# $INCLUDE line.

#
# allowed values: {no, yes}

#
proxy_requests = yes

$INCLUDE proxy.conf



# CLIENTS CONFIGURATION

#
# Client configuration is defined in "clients.conf".

#

# The 'clients.conf' file contains all of the information from the old

# 'clients' and 'naslist' configuration files. We recommend that you

# do NOT use 'client's or 'naslist', although they are still

# supported.

#
# Anything listed in 'clients.conf' will take precedence over the

# information from the old-style configuration files.

#
$INCLUDE clients.conf



# SNMP CONFIGURATION

#
# Snmp configuration is only valid if SNMP support was enabled

# at compile time.

#
# To enable SNMP querying of the server, set the value of the

# 'snmp' attribute to 'yes'

#
snmp = no

$INCLUDE snmp.conf



# THREAD POOL CONFIGURATION

#
# The thread pool is a long-lived group of threads which

# take turns (round-robin) handling any incoming requests.

#
# You probably want to have a few spare threads around,

# so that high-load situations can be handled immediately. If you

# don't have any spare threads, then the request handling will

# be delayed while a new thread is created, and added to the pool.

#
# You probably don't want too many spare threads around,

# otherwise they'll be sitting there taking up resources, and

# not doing anything productive.

#
# The numbers given below should be adequate for most situations.

#
thread pool {

# Number of servers to start initially --- should be a reasonable
# ballpark figure.
start_servers = 5

# Limit on the total number of servers running.
#
# If this limit is ever reached, clients will be LOCKED OUT, so it
# should NOT BE SET TOO LOW. It is intended mainly as a brake to
# keep a runaway server from taking the system with it as it spirals
# down...
#
# You may find that the server is regularly reaching the
# 'max_servers' number of threads, and that increasing
# 'max_servers' doesn't seem to make much difference.
#
# If this is the case, then the problem is MOST LIKELY that
# your back-end databases are taking too long to respond, and
# are preventing the server from responding in a timely manner.
#
# The solution is NOT do keep increasing the 'max_servers'
# value, but instead to fix the underlying cause of the
# problem: slow database, or 'hostname_lookups=yes'.
#
# For more information, see 'max_request_time', above.
#
max_servers = 32

# Server-pool size regulation. Rather than making you guess
# how many servers you need, FreeRADIUS dynamically adapts to
# the load it sees, that is, it tries to maintain enough
# servers to handle the current load, plus a few spare
# servers to handle transient load spikes.
#
# It does this by periodically checking how many servers are
# waiting for a request. If there are fewer than
# min_spare_servers, it creates a new spare. If there are
# more than max_spare_servers, some of the spares die off.
# The default values are probably OK for most sites.
#
min_spare_servers = 3
max_spare_servers = 10

# There may be memory leaks or resource allocation problems with
# the server. If so, set this value to 300 or so, so that the
# resources will be cleaned up periodically.
#
# This should only be necessary if there are serious bugs in the
# server which have not yet been fixed.
#
# '0' is a special value meaning 'infinity', or 'the servers never
# exit'
max_requests_per_server = 0
}

# MODULE CONFIGURATION

#
# The names and configuration of each module is located in this section.

#
# After the modules are defined here, they may be referred to by name,

# in other sections of this configuration file.

#
modules {

#
# Each module has a configuration as follows:
#
#name [ instance ] {
#config_item = value
#...
#}
#
# The 'name' is used to load the 'rlm_name' library
# which implements the functionality of the module.
#
# The 'instance' is optional. To have two different instances
# of a module, it first must be referred to by 'name'.
# The different copies of the module are then created by
# inventing two 'instance' names, e.g. 'instance1' and 'instance2'
#
# The instance names can then be used in later configuration
# INSTEAD of the original 'name'. See the 'radutmp' configuration
# below for an example.
#

#
# As of 2.0.5, most of the module configurations are in a
# separate directory. Files matching the regex /[a-zA-Z0-9_.]+/
# are loaded. The modules are initialized ONLY if they are
# referenced in a processing section, such as authorize,
# authenticate, accounting, pre/post-proxy, etc.
#
$INCLUDE ${confdir}/modules/

# Extensible Authentication Protocol
#
# For all EAP related authentications.
# Now in another file, because it is very large.
#
$INCLUDE eap.conf

# Include another file that has the SQL-related configuration.
# This is another file only because it tends to be big.
#
$INCLUDE sql.conf


# For Cisco VoIP specific accounting with Postgresql,
# use:${confdir}/sql/postgresql/voip-postpaid.conf
#
# You will also need the sql schema from:
#src/billing/cisco_h323_db_schema-postgres.sql
# Note: This config can be use AS WELL AS the standard sql
# config if you need SQL based Auth

#
# This module is an SQL enabled version of the counter module.
#
# Rather than maintaining seperate (GDBM) databases of
# accounting info for each counter, this module uses the data
# stored in the raddacct table by the sql modules. This
# module NEVER does any database INSERTs or UPDATEs. It is
# totally dependent on the SQL module to process Accounting
# packets.
#
$INCLUDE sql/mysql/counter.conf
#$INCLUDE sql/postgresql/counter.conf

# $INCLUDE sqlippool.conf

# OTP token support. Not included by default.
# $INCLUDE otp.conf

}

# Instantiation

#
# This section orders the loading of the modules. Modules

# listed here will get loaded BEFORE the later sections like

# authorize, authenticate, etc. get examined.

#
# This section is not strictly needed. When a section like

# authorize refers to a module, it's automatically loaded and

# initialized. However, some modules may not be listed in any

# of the following sections, so they can be listed here.

#
# Also, listing modules here ensures that you have control over

# the order in which they are initalized. If one module needs

# something defined by another module, you can list them in order

# here, and ensure that the configuration will be OK.

#
instantiate {

#
# Allows the execution of external scripts.
# The entire command line (and output) must fit into 253 bytes.
#
# e.g. Framed-Pool = `%{exec:/bin/echo foo}`
exec

#
# The expression module doesn't do authorization,
# authentication, or accounting. It only does dynamic
# translation, of the form:
#
#Session-Timeout = `%{expr:2 + 3}`
#
# So the module needs to be instantiated, but CANNOT be
# listed in any other section. See 'doc/rlm_expr' for
# more information.
#
expr

#
# We add the counter module here so that it registers
# the check-name attribute before any module which sets
# it
#daily

expiration
logintime

# subsections here can be thought of as "virtual" modules.
#
# e.g. If you have two redundant SQL servers, and you want to
# use them in the authorize and accounting sections, you could
# place a "redundant" block in each section, containing the
# exact same text. Or, you could uncomment the following
# lines, and list "redundant_sql" in the authorize and
# accounting sections.
#
#redundant redundant_sql {
#sql1
#sql2
#}
}

######################################################################

#
#Policies that can be applied in multiple places are listed

#globally. That way, they can be defined once, and referred

#to multiple times.

#
######################################################################

$INCLUDE policy.conf


######################################################################

#
#As of 2.0.0, the "authorize", "authenticate", etc. sections

#are in separate configuration files, per virtual host.

#
######################################################################


######################################################################

#
#Include all enabled virtual hosts.

#
#The following directory is searched for files that match

#the regex:

#
#/[a-zA-Z0-9_.]+/

#
#The files are then included here, just as if they were cut

#and pasted into this file.

#
#See "sites-enabled/default" for some additional documentation.

#
$INCLUDE sites-enabled/

authorize {

preprocess

chap

mschap

suffix

eap

sql

}

authenticate {

Auth-Type PAP {

pap

}

Auth-Type CHAP {

chap

}

Auth-Type MS-CHAP {

mschap

}

}
preacct {

preprocess

acct_unique

suffix

}
accounting {

detail

radutmp

sql

}
session {

radutmp

sql

}
post-auth {

sql

}
pre-proxy {

}
post-proxy {

eap

}
If you need any other configuration file please let me know.

Thanks Have a great day.


All times are GMT -5. The time now is 10:14 AM.