LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-19-2008, 02:39 PM   #1
conesh
LQ Newbie
 
Registered: Aug 2008
Location: Mexico
Distribution: fedora core 9
Posts: 7

Rep: Reputation: 0
Unhappy freeradius-server-2.0.5 + mysql + Segmentation fault


Hi,this is my first question here I hope you can help me.

I'm running fedora core 9 on a xeon server, we are trying to use peap authentication, the thing is that the radius server is not working, it begins to load the configuration and then I get the segmentation fault.
I think it's the sql configuration but I'm not sure.

Any ideas?
here is my configuration:
Radiusd.conf

All the coments were removed to fit this window.
prefix = /usr/local

exec_prefix = ${prefix}

sysconfdir = ${prefix}/etc

localstatedir = ${prefix}/var

sbindir = ${exec_prefix}/sbin

logdir = ${localstatedir}/log/radius

raddbdir = ${sysconfdir}/raddb

radacctdir = ${logdir}/radacct



confdir = ${raddbdir}

run_dir = ${localstatedir}/run/radiusd



db_dir = $(raddbdir)
libdir = ${exec_prefix}/lib


pidfile = ${run_dir}/radiusd.pid

cleanup_delay = 5


max_requests = 1024


listen {

# Type of packets to listen for.
# Allowed values are:
#auth listen for authentication packets
#acct listen for accounting packets
#proxy IP to use for sending proxied packets
#detail Read from the detail file. For examples, see
#raddb/sites-available/copy-acct-to-home-server
#
type = auth

# Note: "type = proxy" lets you control the source IP used for
#proxying packets, with some limitations:
#
# * Only ONE proxy listener can be defined.
# * A proxy listener CANNOT be used in a virtual server section.
# * You should probably set "port = 0".
# * Any "clients" configuration will be ignored.

# IP address on which to listen.
# Allowed values are:
#dotted quad (1.2.3.4)
#hostname (radius.example.com)
#wildcard (*)
ipaddr = *

# OR, you can use an IPv6 address, but not both
# at the same time.
#ipv6addr = :: # any. ::1 == localhost


# Port on which to listen.
# Allowed values are:
#integer port number (1812)
#0 means "use /etc/services for the proper port"
port = 0

# Some systems support binding to an interface, in addition
# to the IP address. This feature isn't strictly necessary,
# but for sites with many IP addresses on one interface,
# it's useful to say "listen on all addresses for eth0".
#
# If your system does not support this feature, you will
# get an error if you try to use it.
#
#interface = eth0


# Per-socket lists of clients. This is a very useful feature.
#
# The name here is a reference to a section elsewhere in
# radiusd.conf, or clients.conf. Having the name as
# a reference allows multiple sockets to use the same
# set of clients.
#
# If this configuration is used, then the global list of clients
# is IGNORED for this "listen" section. Take care configuring
# this feature, to ensure you don't accidentally disable a
# client you need.
#
# See clients.conf for the configuration of "per_socket_clients".
#
#clients = per_socket_clients

}

# This second "listen" section is for listening on the accounting

# port, too.

#
listen {

ipaddr = *
#ipv6addr = ::

port = 0
type = acct
#interface = eth0

#clients = per_socket_clients

}

# hostname_lookups: Log the names of clients or just their IP addresses

# e.g., (on) or 206.47.27.232 (off).

#
# The default is 'off' because it would be overall better for the net

# if people had to knowingly turn this feature on, since enabling it

# means that each client request will result in AT LEAST one lookup

# request to the nameserver. Enabling hostname_lookups will also

# mean that your server may stop randomly for 30 seconds from time

# to time, if the DNS requests take too long.

#
# Turning hostname lookups off also means that the server won't block

# for 30 seconds, if it sees an IP address which has no name associated

# with it.

#
# allowed values: {no, yes}

#
hostname_lookups = no


# Core dumps are a bad thing. This should only be set to 'yes'

# if you're debugging a problem with the server.

#
# allowed values: {no, yes}

#
allow_core_dumps = no


# Regular expressions

#
# These items are set at configure time. If they're set to "yes",

# then setting them to "no" turns off regular expression support.

#
# If they're set to "no" at configure time, then setting them to "yes"

# WILL NOT WORK. It will give you an error.

#
regular_expressions = yes

extended_expressions = yes


#
# Logging section. The various "log_*" configuration items

# will eventually be moved here.

#
log {

#
# Destination for log messages. This can be one of:
#
#files - log to "file", as defined below.
#syslog - to syslog (see also the "syslog_facility", below.
#stdout - standard output
#stderr - standard error.
#
# The command-line option "-X" over-rides this option, and forces
# logging to go to stdout.
#
destination = files

#
# The logging messages for the server are appended to the
# tail of this file if ${destination} == "files"
#
# If the server is running in debugging mode, this file is
# NOT used.
#
file = ${logdir}/radius.log

#
# Which syslog facility to use, if ${destination} == "syslog"
#
# The exact values permitted here are OS-dependent. You probably
# don't want to change this.
#
syslog_facility = daemon

# Log the full User-Name attribute, as it was found in the request.
#
# allowed values: {no, yes}
#
stripped_names = no

# Log authentication requests to the log file.
#
# allowed values: {no, yes}
#
auth = no

# Log passwords with the authentication requests.
# auth_badpass - logs password if it's rejected
# auth_goodpass - logs password if it's correct
#
# allowed values: {no, yes}
#
auth_badpass = no
auth_goodpass = no
}

# The program to execute to do concurrency checks.

checkrad = ${sbindir}/checkrad


# SECURITY CONFIGURATION

#
# There may be multiple methods of attacking on the server. This

# section holds the configuration items which minimize the impact

# of those attacks

#
security {

#
# max_attributes: The maximum number of attributes
# permitted in a RADIUS packet. Packets which have MORE
# than this number of attributes in them will be dropped.
#
# If this number is set too low, then no RADIUS packets
# will be accepted.
#
# If this number is set too high, then an attacker may be
# able to send a small number of packets which will cause
# the server to use all available memory on the machine.
#
# Setting this number to 0 means "allow any number of attributes"
max_attributes = 200

#
# reject_delay: When sending an Access-Reject, it can be
# delayed for a few seconds. This may help slow down a DoS
# attack. It also helps to slow down people trying to brute-force
# crack a users password.
#
# Setting this number to 0 means "send rejects immediately"
#
# If this number is set higher than 'cleanup_delay', then the
# rejects will be sent at 'cleanup_delay' time, when the request
# is deleted from the internal cache of requests.
#
# Useful ranges: 1 to 5
reject_delay = 1

#
# status_server: Whether or not the server will respond
# to Status-Server requests.
#
# When sent a Status-Server message, the server responds with
# an Access-Accept or Accounting-Response packet.
#
# This is mainly useful for administrators who want to "ping"
# the server, without adding test users, or creating fake
# accounting packets.
#
# It's also useful when a NAS marks a RADIUS server "dead".
# The NAS can periodically "ping" the server with a Status-Server
# packet. If the server responds, it must be alive, and the
# NAS can start using it for real requests.
#
status_server = yes
}

# PROXY CONFIGURATION

#
# proxy_requests: Turns proxying of RADIUS requests on or off.

#
# The server has proxying turned on by default. If your system is NOT

# set up to proxy requests to another server, then you can turn proxying

# off here. This will save a small amount of resources on the server.

#
# If you have proxying turned off, and your configuration files say

# to proxy a request, then an error message will be logged.

#
# To disable proxying, change the "yes" to "no", and comment the

# $INCLUDE line.

#
# allowed values: {no, yes}

#
proxy_requests = yes

$INCLUDE proxy.conf



# CLIENTS CONFIGURATION

#
# Client configuration is defined in "clients.conf".

#

# The 'clients.conf' file contains all of the information from the old

# 'clients' and 'naslist' configuration files. We recommend that you

# do NOT use 'client's or 'naslist', although they are still

# supported.

#
# Anything listed in 'clients.conf' will take precedence over the

# information from the old-style configuration files.

#
$INCLUDE clients.conf



# SNMP CONFIGURATION

#
# Snmp configuration is only valid if SNMP support was enabled

# at compile time.

#
# To enable SNMP querying of the server, set the value of the

# 'snmp' attribute to 'yes'

#
snmp = no

$INCLUDE snmp.conf



# THREAD POOL CONFIGURATION

#
# The thread pool is a long-lived group of threads which

# take turns (round-robin) handling any incoming requests.

#
# You probably want to have a few spare threads around,

# so that high-load situations can be handled immediately. If you

# don't have any spare threads, then the request handling will

# be delayed while a new thread is created, and added to the pool.

#
# You probably don't want too many spare threads around,

# otherwise they'll be sitting there taking up resources, and

# not doing anything productive.

#
# The numbers given below should be adequate for most situations.

#
thread pool {

# Number of servers to start initially --- should be a reasonable
# ballpark figure.
start_servers = 5

# Limit on the total number of servers running.
#
# If this limit is ever reached, clients will be LOCKED OUT, so it
# should NOT BE SET TOO LOW. It is intended mainly as a brake to
# keep a runaway server from taking the system with it as it spirals
# down...
#
# You may find that the server is regularly reaching the
# 'max_servers' number of threads, and that increasing
# 'max_servers' doesn't seem to make much difference.
#
# If this is the case, then the problem is MOST LIKELY that
# your back-end databases are taking too long to respond, and
# are preventing the server from responding in a timely manner.
#
# The solution is NOT do keep increasing the 'max_servers'
# value, but instead to fix the underlying cause of the
# problem: slow database, or 'hostname_lookups=yes'.
#
# For more information, see 'max_request_time', above.
#
max_servers = 32

# Server-pool size regulation. Rather than making you guess
# how many servers you need, FreeRADIUS dynamically adapts to
# the load it sees, that is, it tries to maintain enough
# servers to handle the current load, plus a few spare
# servers to handle transient load spikes.
#
# It does this by periodically checking how many servers are
# waiting for a request. If there are fewer than
# min_spare_servers, it creates a new spare. If there are
# more than max_spare_servers, some of the spares die off.
# The default values are probably OK for most sites.
#
min_spare_servers = 3
max_spare_servers = 10

# There may be memory leaks or resource allocation problems with
# the server. If so, set this value to 300 or so, so that the
# resources will be cleaned up periodically.
#
# This should only be necessary if there are serious bugs in the
# server which have not yet been fixed.
#
# '0' is a special value meaning 'infinity', or 'the servers never
# exit'
max_requests_per_server = 0
}

# MODULE CONFIGURATION

#
# The names and configuration of each module is located in this section.

#
# After the modules are defined here, they may be referred to by name,

# in other sections of this configuration file.

#
modules {

#
# Each module has a configuration as follows:
#
#name [ instance ] {
#config_item = value
#...
#}
#
# The 'name' is used to load the 'rlm_name' library
# which implements the functionality of the module.
#
# The 'instance' is optional. To have two different instances
# of a module, it first must be referred to by 'name'.
# The different copies of the module are then created by
# inventing two 'instance' names, e.g. 'instance1' and 'instance2'
#
# The instance names can then be used in later configuration
# INSTEAD of the original 'name'. See the 'radutmp' configuration
# below for an example.
#

#
# As of 2.0.5, most of the module configurations are in a
# separate directory. Files matching the regex /[a-zA-Z0-9_.]+/
# are loaded. The modules are initialized ONLY if they are
# referenced in a processing section, such as authorize,
# authenticate, accounting, pre/post-proxy, etc.
#
$INCLUDE ${confdir}/modules/

# Extensible Authentication Protocol
#
# For all EAP related authentications.
# Now in another file, because it is very large.
#
$INCLUDE eap.conf

# Include another file that has the SQL-related configuration.
# This is another file only because it tends to be big.
#
$INCLUDE sql.conf


# For Cisco VoIP specific accounting with Postgresql,
# use:${confdir}/sql/postgresql/voip-postpaid.conf
#
# You will also need the sql schema from:
#src/billing/cisco_h323_db_schema-postgres.sql
# Note: This config can be use AS WELL AS the standard sql
# config if you need SQL based Auth

#
# This module is an SQL enabled version of the counter module.
#
# Rather than maintaining seperate (GDBM) databases of
# accounting info for each counter, this module uses the data
# stored in the raddacct table by the sql modules. This
# module NEVER does any database INSERTs or UPDATEs. It is
# totally dependent on the SQL module to process Accounting
# packets.
#
$INCLUDE sql/mysql/counter.conf
#$INCLUDE sql/postgresql/counter.conf

# $INCLUDE sqlippool.conf

# OTP token support. Not included by default.
# $INCLUDE otp.conf

}

# Instantiation

#
# This section orders the loading of the modules. Modules

# listed here will get loaded BEFORE the later sections like

# authorize, authenticate, etc. get examined.

#
# This section is not strictly needed. When a section like

# authorize refers to a module, it's automatically loaded and

# initialized. However, some modules may not be listed in any

# of the following sections, so they can be listed here.

#
# Also, listing modules here ensures that you have control over

# the order in which they are initalized. If one module needs

# something defined by another module, you can list them in order

# here, and ensure that the configuration will be OK.

#
instantiate {

#
# Allows the execution of external scripts.
# The entire command line (and output) must fit into 253 bytes.
#
# e.g. Framed-Pool = `%{exec:/bin/echo foo}`
exec

#
# The expression module doesn't do authorization,
# authentication, or accounting. It only does dynamic
# translation, of the form:
#
#Session-Timeout = `%{expr:2 + 3}`
#
# So the module needs to be instantiated, but CANNOT be
# listed in any other section. See 'doc/rlm_expr' for
# more information.
#
expr

#
# We add the counter module here so that it registers
# the check-name attribute before any module which sets
# it
#daily

expiration
logintime

# subsections here can be thought of as "virtual" modules.
#
# e.g. If you have two redundant SQL servers, and you want to
# use them in the authorize and accounting sections, you could
# place a "redundant" block in each section, containing the
# exact same text. Or, you could uncomment the following
# lines, and list "redundant_sql" in the authorize and
# accounting sections.
#
#redundant redundant_sql {
#sql1
#sql2
#}
}

######################################################################

#
#Policies that can be applied in multiple places are listed

#globally. That way, they can be defined once, and referred

#to multiple times.

#
######################################################################

$INCLUDE policy.conf


######################################################################

#
#As of 2.0.0, the "authorize", "authenticate", etc. sections

#are in separate configuration files, per virtual host.

#
######################################################################


######################################################################

#
#Include all enabled virtual hosts.

#
#The following directory is searched for files that match

#the regex:

#
#/[a-zA-Z0-9_.]+/

#
#The files are then included here, just as if they were cut

#and pasted into this file.

#
#See "sites-enabled/default" for some additional documentation.

#
$INCLUDE sites-enabled/

authorize {

preprocess

chap

mschap

suffix

eap

sql

}

authenticate {

Auth-Type PAP {

pap

}

Auth-Type CHAP {

chap

}

Auth-Type MS-CHAP {

mschap

}

}
preacct {

preprocess

acct_unique

suffix

}
accounting {

detail

radutmp

sql

}
session {

radutmp

sql

}
post-auth {

sql

}
pre-proxy {

}
post-proxy {

eap

}
If you need any other configuration file please let me know.

Thanks Have a great day.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
MySQL-client-5.0.27-0.i386 V3 DSA signature: NOKEY,key ID 5072e1f5 segmentation fault shamigc Linux - Newbie 0 03-05-2008 06:52 PM
MySQL GUI tools fail, segmentation fault tisource Linux - Software 1 10-02-2006 12:28 PM
Server not booting - Segmentation fault ajaykk Linux - Enterprise 4 09-15-2006 08:14 PM
MySQL Administrator segmentation fault joe2280 Linux - Software 2 10-28-2005 05:30 AM
segmentation fault when insert data into mysql torontosmallbird Other *NIX 1 08-07-2005 08:13 AM


All times are GMT -5. The time now is 11:03 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration