(RADIATOR) Re: bug between 1.620 and 1.675 patchset for inner TTLS auth?

Thu Apr 20 09:24:05 CDT 2006

Hi,

Hmm, it was my intention to send this to radius-support at open.com.au :-S
(Stupid MUA-autocomplete feature (and empty coffee mug).)

Paul

Paul Dekkers wrote:
> Hi there,
>
> I just noticed "ERR: Could not handle an EAP request: Can't call method
> "delete_attr" on an undefined value at
> /usr/local/lib/perl5/site_perl/5.8.7/Radius/Configurable.pm line 517."
> when patch 1.675 (from the top of my head) is applied:
>
> Thu Apr 20 16:07:31 2006: DEBUG: Handling request with Handler
> 'Realm=/guest.showcase.surfnet.nl/i'
> Thu Apr 20 16:07:31 2006: DEBUG:  Deleting session for
> Paul.Dekkers at guest.showcase.surfnet.nl, 10.0.1.1, 255
> Thu Apr 20 16:07:31 2006: DEBUG: Handling with Radius::AuthFILE: SC-GUEST-ID
> Thu Apr 20 16:07:31 2006: DEBUG: Handling with EAP: code 2, 10, 148
> Thu Apr 20 16:07:31 2006: DEBUG: Response type 21
> Thu Apr 20 16:07:31 2006: DEBUG: EAP TTLS data, 3, 10, 9
> Thu Apr 20 16:07:31 2006: DEBUG: EAP TTLS inner authentication request
> for Paul.Dekkers at guest.showcase.surfnet.nl
> Thu Apr 20 16:07:31 2006: DEBUG: TTLS Tunnelled Diameter Packet dump:
> Code:       Access-Request
> Identifier: UNDEF
> Authentic:  <232>B<165><249>lW<233><12><129>]<4>"<245>D<252><244>
> Attributes:
>         User-Name = "Paul.Dekkers at guest.showcase.surfnet.nl"
>         User-Password = ...
>
> Thu Apr 20 16:07:31 2006: DEBUG: Handling request with Handler
> 'TunnelledByTTLS=1, Realm=/guest.showcase.surfnet.nl/i'
> Thu Apr 20 16:07:31 2006: DEBUG:  Deleting session for
> Paul.Dekkers at guest.showcase.surfnet.nl, 10.0.1.1,
> Thu Apr 20 16:07:31 2006: DEBUG: Handling with Radius::AuthFILE: SC-GUEST-ID
> Thu Apr 20 16:07:31 2006: DEBUG: Reading users file
> /etc/radiator/db/showcase-guest-users
> Thu Apr 20 16:07:31 2006: DEBUG: Radius::AuthFILE looks for match with
> Paul.Dekkers at guest.showcase.surfnet.nl
> [Paul.Dekkers at guest.showcase.surfnet.nl]
> Thu Apr 20 16:07:31 2006: DEBUG: Radius::AuthFILE ACCEPT: :
> Paul.Dekkers at guest.showcase.surfnet.nl
> [Paul.Dekkers at guest.showcase.surfnet.nl]
> Thu Apr 20 16:07:31 2006: DEBUG: AuthBy FILE result: ACCEPT,
> Thu Apr 20 16:07:31 2006: DEBUG: Access accepted for
> Paul.Dekkers at guest.showcase.surfnet.nl
> Thu Apr 20 16:07:31 2006: ERR: Could not handle an EAP request: Can't
> call method "delete_attr" on an undefined value at
> /usr/local/lib/perl5/site_perl/5.8.7/Radius/Configurable.pm line 517.
>
> Thu Apr 20 16:07:31 2006: DEBUG: AuthBy FILE result: REJECT, Could not
> handle an EAP request
> Thu Apr 20 16:07:31 2006: INFO: Access rejected for
> Paul.Dekkers at guest.showcase.surfnet.nl: Could not handle an EAP request
> Thu Apr 20 16:07:31 2006: DEBUG: Packet dump:
> *** Sending to 145.99.219.146 port 1025 ....
> Code:       Access-Reject
> Identifier: 162
> Authentic:  cz<24><142><225>.<196>E<198>w<252><162>@<18><24><27>
> Attributes:
>         Reply-Message = "Request Denied"
>
> As you can see this machine runs perl v5.8.7 on FreeBSD, and the
> following perl modules are installed:
>
> radius# ls /var/db/pkg | grep p5
> p5-Authen-SASL-2.09
> p5-Convert-ASN1-0.19
> p5-DBD-mysql-3.0002
> p5-DBI-1.50
> p5-Digest-1.14
> p5-Digest-HMAC-1.01
> p5-Digest-MD4-1.5
> p5-Digest-MD5-2.36
> p5-Digest-SHA1-2.11
> p5-IO-Socket-SSL-0.97
> p5-MIME-Base64-3.07
> p5-Mail-Sendmail-0.79
> p5-Net-SSLeay-1.30_1
> p5-Socket6-0.19
> p5-Storable-2.15
> p5-URI-1.35
> p5-XML-NamespaceSupport-1.09_1
> p5-XML-SAX-0.13
> p5-perl-ldap-0.33
>
> This does not happen if I install Radiator without patches, and if I
> remember correctly it was running fine with 1.620 as well...
>
> This is the related config, I think:
>
> <AuthBy FILE>
>         Identifier SC-GUEST-ID
>         Filename %D/db/showcase-guest-users
>         Nocache
>         EAPType TTLS, TLS
>                 EAPTLS_CAFile /etc/radiator/cert/surfnet-ca-chain-2017.pem
>                 EAPTLS_CertificateFile
> /etc/radiator/cert/sn-radius-server-cert.pem
>                 EAPTLS_CertificateType PEM
>                 EAPTLS_PrivateKeyFile
> /etc/radiator/cert/sn-radius-server-key.pem
>                 EAPTLS_PrivateKeyPassword ...
>         EAPTLS_MaxFragmentSize 512
>         EAPTLS_SessionResumption 0
> #       EAPAnonymous anonymous at guest.showcase.surfnet.nl
>         AutoMPPEKeys
>         StripFromReply
> Tunnel-Type,Tunnel-Medium-Type,Tunnel-Private-Group-ID,User-Name
>         AddToReply
> Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:163,User-Name=%u
> </AuthBy>
>
> <Handler TunnelledByTTLS=1, Realm=/guest.showcase.surfnet.nl/i>
> #       RewriteUsername s/^([^@]+).*/$1/
>         AuthBy SC-GUEST-ID
> #       StripFromReply
> Tunnel-Type,Tunnel-Medium-Type,Tunnel-Private-Group-ID
> #       AddToReply
> Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:163,User-Name=%u
> </Handler>
>
> <Handler Realm=/guest.showcase.surfnet.nl/i>
>         #RewriteUsername s/^([^@]+).*/$1/
>         AuthBy SC-GUEST-ID
> </Handler>
>
> ... it doesn't seem to like the stripfromreply or something in the inner
> handler?
>
> Regards,
> Paul
>
>
>   

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.