(RADIATOR) Segmentation faul
Hugh Irvine
hugh at open.com.au
Wed Nov 5 16:51:13 CST 2003
Hello Julio -
Thanks for sending the files.
There are a couple of things that I notice straight away.
The first is a very large number of errors with the communication with
the Oracle database. This should be addressed first of all so you have
a stable communication channel with no errors. The usual cause of
problems like this is the versions of either the DBI module or the
DBD-Oracle module. You should check the CPAN site and either upgrade or
downgrade until you find a stable combination.
The second is a configuration issue which is your use of "Fork" in your
AuthBy RADIUS clauses. You should not use "Fork" in an AuthBy RADIUS
clause. This may also be contributing the Oracle communications
problems.
Note that the AuthBy RADIUS clause operates asynchronously in any case,
so "Fork" is not required.
regards
Hugh
On 06/11/2003, at 4:37 AM, Julio Cesar Pinto wrote:
> Hi Hung,
>
> Ok, our config file is a little complex, but the summary is the
> following:
>
> Foreground
> Trace 4
> ### CONFIGURATION ###
> LogDir /home/radius/log/%{GlobalVar:RadiusIP}
> LogFile %L/radiator.log
> DbDir /home/radius/etc/conf
> DictionaryFile %D/dictionary.ifx
> PidFile %L/radius.pid
> BindAddress %{GlobalVar:RadiusIP}
> AuthPort 1812
> AcctPort 1813
> ### CONFIGURATION ###
>
> #ACCT_RADIUS_CL
> <AuthBy RADIUS>
> Fork
> AcctPort 1646
> NoForwardAuthentication
> Host 216.241.*.*
> Identifier ACCT_RADIUS_CL
> LocalAddress %{GlobalVar:RadiusIP}
> Retries 3
> RetryTimeout 30
> Secret ******
> </AuthBy>
>
> #ACCT_RADIUS_AR
> <AuthBy RADIUS>
> Fork
> AcctPort 1646
> NoForwardAuthentication
> Host 200.61.*.*
> Identifier ACCT_RADIUS_AR
> LocalAddress %{GlobalVar:RadiusIP}
> Retries 3
> RetryTimeout 30
> Secret *****
> </AuthBy>
>
> #DB Clients
> <ClientListSQL>
> DBAuth *******
> DBSource DBI:Oracle:ORACLE.DOMAIN.COM
> DBUsername usersql
> GetClientQuery select NASIDENTIFIER,SECRET from RADCLIENTLIST
> </ClientListSQL>
>
> # VE RAS 200.62.10.25 is a USR TotalControl which sends bad signatures
> ( fg - 9/10/2003)
> <Client 200.62.10.25>
> Secret *******
> IgnoreAcctSignature
> </Client>
>
> #Sesscion RADONLINE
> <SessionDatabase SQL>
> AddQuery insert into RADONLINE (USERNAME, NASIDENTIFIER,
> NASPORT,ACCTSESSIONID, TIMESTAMP, FRAMEDIPADDRESS, NASPORTTYPE,
> SERVICETYPE,CALL
> ERID,CLIENTPORTDNIS,IFX_VISP_ID,IFX_COUNTRY_ID) values ('%u', '%N',
> 0%{NAS-Port},'%{Acct-Session-Id}', to_date('%d %m %Y %H:%M:%S', 'DD MM
> YYYY HH24:MI:SS'), '%{Framed-IP-Address}','%{NAS-Port-Type}',
> '%{Service-Type}','%{Calling-Station-Id}','%{Called-Station-
> Id}','%{Ifx-Vis
> p-Id}','%{Ifx-Country-Id}')
> ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%N'
> CountNasSessionsQuery select ACCTSESSIONID from RADONLINE where
> NASIDENTIFIER='%N'
> CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID from
> RADONLINE where USERNAME='%u
> DBAuth *******
> DBSource DBI:Oracle:ORACLE.DOMAIN.COM
> DBUsername usersql
> DeleteQuery delete from RADONLINE where NASIDENTIFIER='%N' and
> NASPORT=0%{NAS-Port}
> Identifier SESSIONID_0
> </SessionDatabase>
>
> #PROMISCUE
> <AuthBy TEST>
> Identifier PROMISCUO
> </AuthBy>
>
> #AA_SQL_LOCAL
> <AuthBy SQL>
> DBAuth ******
> DBSource DBI:Oracle:ORACLE.DOMAIN.COM
> DBUsername usersql
> AuthSelect select PASSWORD, TO_CHAR(EXPIRATION,'YYYY-MM-DD'),
> CHECKATTR, REPLYATTR from SUBSCRIBERS where USERNAME='%n' and
> ACTIVE=1
> AuthColumnDef 0, User-Password, check
> AuthColumnDef 1, Expiration, check
> AuthColumnDef 2, GENERIC, check
> AuthColumnDef 3, GENERIC, reply
> AccountingTable ACCOUNTING%Y%m
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
> AcctColumnDef NASIDENTIFIER,NAS-IP-Address
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> AcctColumnDef FRAMEDIPNETMASK,Framed-IP-Netmask
> AcctColumnDef ASCENDDATARATE,Ascend-Data-Rate,integer
> AcctColumnDef
> ASCENDDISCONNECTCAUSE,Ascend-Disconnect-Cause,integer
> AcctColumnDef
> ASCENDPRESESSIONTIME,Ascend-PreSession-Time,integer
> AcctColumnDef CALLERID,Calling-Station-Id
> AcctColumnDef CLIENTPORTDNIS,Called-Station-Id
> AcctColumnDef IFX_VISP_ID,Ifx-Visp-Id
> AcctColumnDef IFX_CONN_STAT,Ifx-Conn-Stat,integer
> AcctColumnDef IFX_TEST,Ifx-Test,integer
> AcctColumnDef IFX_COUNTRY_ID,Ifx-Country-Id
> AcctColumnDef TIMESTAMP,Timestamp,formatted-date,to_date('%e %m
> %Y %H:%M:%S', 'DD MM YYYY HH24:MI:SS')
> AcctColumnDef CLASS,Class
> AccountingStopsOnly
> NoDefault
> IgnoreAuthentication
> Identifier AA_SQL_LOCAL
> AcctFailedLogFileName %L/FailedSqlAccounting.log
> AddToReplyIfNotExist \
> Service-Type = Framed-User, \
> Framed-Protocol = PPP, \
> Framed-IP-Address = 255.255.255.254, \
> Framed-IP-Netmask = 255.255.255.255, \
> Idle-Timeout = 900, \
> Session-Timeout = 82800, \
> Framed-MTU = 1500, \
> Port-Limit = 1
> </AuthBy>
>
> #AUTH_SQL_LOCAL
> <AuthBy SQL>
> DBAuth ******
> DBSource DBI:Oracle:ORACLE.DOMAIN.COM
> DBUsername usersql
> AuthSelect select PASSWORD, TO_CHAR(EXPIRATION,'YYYY-MM-DD'),
> CHECKATTR, REPLYATTR from SUBSCRIBERS where USERNAME='%n' and
> ACTIVE=1
> AuthColumnDef 0, User-Password, check
> AuthColumnDef 1, Expiration, check
> AuthColumnDef 1, Expiration, check
> AuthColumnDef 2, GENERIC, check
> AuthColumnDef 3, GENERIC, reply
> AccountingTable ACCOUNTING%Y%m
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
> AcctColumnDef NASIDENTIFIER,NAS-IP-Address
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> AcctColumnDef FRAMEDIPNETMASK,Framed-IP-Netmask
> AcctColumnDef ASCENDDATARATE,Ascend-Data-Rate,integer
> AcctColumnDef
> ASCENDDISCONNECTCAUSE,Ascend-Disconnect-Cause,integer
> AcctColumnDef
> ASCENDPRESESSIONTIME,Ascend-PreSession-Time,integer
> AcctColumnDef CALLERID,Calling-Station-Id
> AcctColumnDef CLIENTPORTDNIS,Called-Station-Id
> AcctColumnDef IFX_VISP_ID,Ifx-Visp-Id
> AcctColumnDef IFX_CONN_STAT,Ifx-Conn-Stat,integer
> AcctColumnDef IFX_TEST,Ifx-Test,integer
> AcctColumnDef IFX_COUNTRY_ID,Ifx-Country-Id
> AcctColumnDef TIMESTAMP,Timestamp,formatted-date,to_date('%e %m
> %Y %H:%M:%S', 'DD MM YYYY HH24:MI:SS')
> AcctColumnDef CLASS,Class
> AccountingStopsOnly
> NoDefault
> Identifier AUTH_SQL_LOCAL
> AcctFailedLogFileName %L/FailedSqlAccounting.log
> AddToReplyIfNotExist \
> Service-Type = Framed-User, \
> Framed-Protocol = PPP, \
> Framed-IP-Address = 255.255.255.254, \
> Framed-IP-Netmask = 255.255.255.255, \
> Idle-Timeout = 900, \
> Session-Timeout = 82800, \
> Framed-MTU = 1500, \
> Port-Limit = 1
> </AuthBy>
>
> <AuthBy FILE>
> Filename %D/rad_users.txt
> Identifier USERSFILE
> </AuthBy>
>
> ##Propel
> <AuthBy SQL>
> DBSource DBI:Oracle:ORACLE.DOMAIN.COM
> DBUsername usersql
> DBAuth *******
> AuthSelect select FRAMEDIPADDRESS from RADONLINE where
> (FRAMEDIPADDRESS='%{Propel-Client-IP-Address}' and IFX_VISP_ID in
> ('TUTOPIA','TU
> TOPIAPL','TUTOPIAEXP') and IFX_COUNTRY_ID='PA') or
> (FRAMEDIPADDRESS='%{Propel-Client-IP-Address}' and IFX_VISP_ID in
> ('TUTOPIAEXTREM','TUT
> OPIAPL','TUTOPIA') and IFX_COUNTRY_ID='CL')
> AuthColumnDef 0, Propel-Client-IP-Address, check
> Identifier PROPEL
> </AuthBy>
>
> #Aniblock
> <AuthBy SQLANI>
> DBSource DBI:Oracle:ORACLE.DOMAIN.COM
> DBUsername usersql
> DBAuth ******
> AuthSelect select CALLINGSTATIONID from ANIBLOCK where
> CALLINGSTATIONID='%{Calling-Station-Id}' and
> IFX_VISP_ID='%{Ifx-Visp-Id}' and IF
> X_COUNTRY_ID='%{Ifx-Country-Id}'
> AuthRejectQuery insert into ANIBLOCKREJECT VALUES
> ('%{Ifx-Visp-Id}','%{Ifx-Country-Id}','%{Called-Station-
> Id}','%{Calling-Station-Id}',
> sysdate,'%u','%{NAS-IP-Address}')
> Identifier AniBlock
> </AuthBy>
>
> #Aniblock - Venezuela
> <AuthBy SQLANI>
> DBSource DBI:Oracle:ORACLE.DOMAIN.COM
> DBUsername usersql
> DBAuth ******
> AuthSelect select CALLINGSTATIONID from ANIBLOCK where
> CALLINGSTATIONID='%{Calling-Station-Id}' and (IFX_VISP_ID='TUTOPIAEXP'
> or IFX_VI
> SP_ID='TUTOPIADULT') and IFX_COUNTRY_ID='%{Ifx-Country-Id}'
> AuthRejectQuery insert into ANIBLOCKREJECT VALUES
> ('%{Ifx-Visp-Id}','%{Ifx-Country-Id}','%{Called-Station-
> Id}','%{Calling-Station-Id}',
> sysdate,'%u','%{NAS-IP-Address}')
> Identifier AniBlockVE
> </AuthBy>
>
> #IFXLog - moved to the DB
> <AuthLog FILE>
> Identifier IFXLogFile
> Filename
> /disk/store0/authlog/%{GlobalVar:RadiusIP}/%m-%d-%Y.log
> SuccessFormat
> %l:%N:%{Calling-Station-Id}:%{Called-Station-Id}:%u:%P:SUCCESS
> FailureFormat
> %l:%N:%{Calling-Station-Id}:%{Called-Station-Id}:%u:%P:%1:FAILURE
> LogSuccess 1
> LogFailure 1
> </AuthLog>
>
> #IFXLogCatch - moved to the DB
> <AuthLog FILE>
> Identifier IFXLogCatchFile
> Filename
> /disk/store0/authlog/%{GlobalVar:RadiusIP}/%m-%d-%Y.clog
> SuccessFormat
> %l:%N:%{Calling-Station-Id}:%{Called-Station-Id}:%u:%P:SUCCESS
> FailureFormat
> %l:%N:%{Calling-Station-Id}:%{Called-Station-Id}:%u:%P:%1:FAILURE
> LogSuccess 1
> LogFailure 1
> </AuthLog>
>
> #IFXLog
> <AuthLog SQL>
> Identifier IFXLog
> DBAuth *******
> DBSource DBI:Oracle:ORACLE.DOMAIN.COM
> DBUsername usersql
> # SuccessQuery insert into AUTHLOG (TIMESTAMP, NASIPADDRESS,
> CALLEDSTATIONID, CALLINGSTATIONID, USERNAME, PASSWORD, IFX_COUNTRY_ID,
> IFX_VISP_ID, ORIGIN, REASON, RADIUSIP,STATE) values (to_date('%d %m %Y
> %H:%M:%S', 'DD MM YYYY HH24:MI:SS'), '%N', '%{Called-Station-Id}',
> '%{Calling-Station-Id}','%u','%P','%{Ifx-Country-Id}','%{Ifx-Visp-
> Id}',0,%1,'%{GlobalVar:RadiusIP}',0)
> FailureQuery insert into AUTHLOG (TIMESTAMP, NASIPADDRESS,
> CALLEDSTATIONID, CALLINGSTATIONID, USERNAME, PASSWORD, IFX_COUNTRY_ID,
> IFX_VISP_ID, ORIGIN, REASON, RADIUSIP,STATE) values (to_date('%d %m %Y
> %H:%M:%S', 'DD MM YYYY HH24:MI:SS'), '%N', '%{Called-Station-Id}',
> '%{Calling-Station-Id}','%u','%P','%{Ifx-Country-Id}','%{Ifx-Visp-
> Id}',0,%1,'%{GlobalVar:RadiusIP}',1)
> # LogSuccess 1
> LogFailure 1
> </AuthLog>
>
> #IFXLogCatch
> <AuthLog SQL>
> Identifier IFXLogCatch
> DBAuth ******
> DBSource DBI:Oracle:ORACLE.DOMAIN.COM
> DBUsername usersql
> # SuccessQuery insert into AUTHLOG (TIMESTAMP, NASIPADDRESS,
> CALLEDSTATIONID, CALLINGSTATIONID, USERNAME, PASSWORD, IFX_COUNTRY_ID,
> IFX_VISP_ID, ORIGIN, REASON, RADIUSIP,STATE) values (to_date('%d %m %Y
> %H:%M:%S', 'DD MM YYYY HH24:MI:SS'), '%N', '%{Called-Station-Id}',
> '%{Calling-Station-Id}','%u','%P','%{Ifx-Country-Id}','%{Ifx-Visp-
> Id}',1,%1,'%{GlobalVar:RadiusIP}',0)
> FailureQuery insert into AUTHLOG (TIMESTAMP, NASIPADDRESS,
> CALLEDSTATIONID, CALLINGSTATIONID, USERNAME, PASSWORD, IFX_COUNTRY_ID,
> IFX_VISP_ID, ORIGIN, REASON, RADIUSIP,STATE) values (to_date('%d %m %Y
> %H:%M:%S', 'DD MM YYYY HH24:MI:SS'), '%N', '%{Called-Station-Id}',
> '%{Calling-Station-Id}','%u','%P','%{Ifx-Country-Id}','%{Ifx-Visp-
> Id}',1,%1,'%{GlobalVar:RadiusIP}',1)
> # LogSuccess 1
> LogFailure 1
> </AuthLog>
>
> #Handler to Foundry healty
> <Handler Realm=testdomain.com>
> <AuthBy TEST>
> </AuthBy>
> </Handler>
>
> #####[ HANDLER TO DENY Profiles from MAX TNT ]#####
> <Handler Service-Type=Dialout-Framed-User>
> </Handler>
>
> include %D/auth.cfg
>
> #Defaul response
> <Handler>
> RejectHasReason
> <AuthBy INTERNAL>
> DefaultResult REJECT
> AcctResult ACCEPT
> </AuthBy>
> PostAuthHook sub{${$_[1]}->add_attr('Reply-Message','Sorry
> There is no Handler for this request');}
> AuthLog IFXLogCatch
> </Handler>
>
> I will appreciate much your aid.
>
> Sincerely,
> JC.
>
> On Fri, 2003-10-31 at 19:10, Hugh Irvine wrote:
>> Hello Julio -
>>
>> I will need to see a trace 4 debug from Radiator together with a copy
>> of your configuration file (no secrets).
>>
>> It would also be useful to see the error output from Perl, which you
>> can do easily by running from the command line:
>>
>> perl radiusd -foreground -log_stdout -trace 4 -config_file
>> /your/configuration/file
>>
>> The usual reason for this is Perl modules that have not been
>> installed.
>>
>> regards
>>
>> Hugh
>>
>>
>> On 01/11/2003, at 6:34 AM, Julio Cesar Pinto wrote:
>>
>>> Hi Everyone,
>>>
>>> We have a problem with version 3.7.1, the situation is the following
>>> one.
>>>
>>> Software installed:
>>> Red Hat Linux release 7.3 (Valhalla)
>>> Perl v5.6.1
>>> DBI v 1.3.8
>>> Oracle Client Version 8.1
>>> DBI::Oracle v 1.14
>>> Digest-MD5 v 2.27
>>> Radiator 3.7.1
>>>
>>> Problem:
>>> After to startup to the daemon the packages enters without problems,
>>> after approximately 5-10 minutes when we began to receive much
>>> packages,
>>> the daemon dead, return us in the standard output. Segmentation
>>> Faul.
>>>
>>> We thank for any information on the matter
>>>
>>> --
>>> Julio Cesar Pinto <jc at ifx.com.co>
>>> IFX NETWORKS
>>>
>>> ===
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>>
>>>
>>
>> NB: have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
> --
> Julio Cesar Pinto <jc at ifx.com.co>
> IFX NETWORKS
> <radiator.log><file.txt>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list