(RADIATOR) Multiple kerberos realms - segmentation error

Carol Ward cward at mines.edu
Tue Jan 17 11:17:03 CST 2006


Another interesting feature - it doesn't seg fault when it's in foreground.  It
acts like it's starting a second process when it's in background mode and that
process seg faults, but the main process continues on.  This error happens at 
startup time before any authentications take place.  Here is the information
that
you asked for.  Could this have something to do with the accounting?  It doesn't
seem to get started in the foreground session.  I've also attached the same
config
file with the second kerberos session commented out with the same run command
and
no seg fault. 


Carol
===========================================

[root at slag Radiator-3.13]# perl radiusd -foreground -log_stdout -trace 4
-config_file csm.cfg 
Tue Jan 17 10:01:47 2006: DEBUG: Finished reading configuration file 'csm.cfg'
Tue Jan 17 10:01:47 2006: DEBUG: Reading dictionary file './dictionary'
Tue Jan 17 10:01:47 2006: DEBUG: Creating authentication port 0.0.0.0:1645
Tue Jan 17 10:01:47 2006: DEBUG: Creating accounting port 0.0.0.0:1646
Tue Jan 17 10:01:47 2006: NOTICE: Server started: Radiator 3.13 on slag

      [ I killed the process with a CTRL-C ]

[root at slag Radiator-3.13]# perl radiusd  -trace 4 -config_file csm.cfg 
Segmentation fault
[root at slag Radiator-3.13]# cat logfile
Tue Jan 17 10:01:32 2006: DEBUG: Finished reading configuration file 'csm.cfg'
Tue Jan 17 10:01:32 2006: DEBUG: Reading dictionary file './dictionary'
Tue Jan 17 10:01:33 2006: DEBUG: Creating authentication port 0.0.0.0:1645
Tue Jan 17 10:01:44 2006: NOTICE: SIGTERM received: stopping
Tue Jan 17 10:01:47 2006: DEBUG: Finished reading configuration file 'csm.cfg'
Tue Jan 17 10:01:47 2006: DEBUG: Reading dictionary file './dictionary'
Tue Jan 17 10:01:47 2006: DEBUG: Creating authentication port 0.0.0.0:1645
Tue Jan 17 10:01:47 2006: DEBUG: Creating accounting port 0.0.0.0:1646
Tue Jan 17 10:01:47 2006: NOTICE: Server started: Radiator 3.13 on slag
Tue Jan 17 10:02:02 2006: DEBUG: Finished reading configuration file 'csm.cfg'
Tue Jan 17 10:02:02 2006: DEBUG: Reading dictionary file './dictionary'
Tue Jan 17 10:02:02 2006: DEBUG: Creating authentication port 0.0.0.0:1645
Tue Jan 17 10:02:02 2006: DEBUG: Creating accounting port 0.0.0.0:1646
Tue Jan 17 10:02:02 2006: NOTICE: Server started: Radiator 3.13 on slag
[root at slag Radiator-3.13]# ps -ef | grep radius
root      5754     1  1 10:02 ?        00:00:00 perl radiusd -trace 4
-config_file csm.cfg
root      5757  5695  0 10:02 pts/1    00:00:00 grep radius

Hugh Irvine wrote:
> 
> Hello Carol -
> 
> We will need to see a trace 4 debug from Radiator showing what is
> happening.
> 
> It is simplest to run radiusd from the command line like this:
> 
>         cd /your/Radiator/distribution
> 
>         perl radiusd -foreground -log_stdout -trace 4 -config_file .....
> 
> where "....." is the name of your configuration file.
> 
> This way you will see all of the startup messages and any Perl errors
> that occur.
> 
> regards
> 
> Hugh
> 
> On 17 Jan 2006, at 05:59, Carol Ward wrote:
> 
> > Hi folks -
> >
> > We're running radiator 3.13.  When I define multiple realms using
> > kerberos
> > authentication, we get a segmentation error.  Interestingly,
> > radiusd continues
> > to run and authenticates correctly.  Anyone have any idea  what is
> > happening?
> > The config below will cause the problem.  Admittedly,
> > it's silly to have 2 realms with the same authentication, but we
> > we're adding
> > various flags and admission restrictions via a file and a
> > continuewhileaccept
> > clause and these admission restrictions vary by client.  I have
> > kerberos 5 1.3.5
> > libraries and perl module installed.  This happens both under
> > redhat 9 with perl
> > 5.8
> > and  debian 3.1 (sarge) with perl v5.8.4.
> >
> > Thanks for any help/advice.
> >
> > Carol
> >
> > ===========================================================.
> >
> > # See radius.cfg for more complete examples of features and
> > # syntax, and refer to the reference manual for a complete description
> > # of all the features and syntax.
> > #
> > # You should consider this file to be a starting point only
> > # $Id: simple.cfg,v 1.4 2001/04/25 23:47:13 mikem Exp $
> >
> > LogDir                .
> > DbDir         .
> > # User a lower trace level in production systems:
> > Trace                 4
> >
> > # You will probably want to add other Clients to suit your site,
> > # one for each NAS you want to work with
> > <Client DEFAULT>
> >       Secret  mysecret
> >       DupInterval 0
> > </Client>
> >
> > <Realm acn>
> >         <AuthBy KRB5>
> >                 KrbRealm        SAMPLE.EDU
> >         </AuthBy>
> > </Realm>
> >
> > <Realm acn2>
> >         <AuthBy KRB5>
> >                 KrbRealm        SAMPLE.EDU
> >         </AuthBy>
> > </Realm>
> >
> > --
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
> 
> NB:
> 
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/
> radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> 
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
-------------- next part --------------
[root at slag Radiator-3.13]# perl radiusd  -trace 4 -config_file csm2.cfg 
[root at slag Radiator-3.13]# cat csm2.cfg
# simple.cfg
#
# Example Radiator configuration file.
# This very simple file will allow you to get started with 
# a simple system. You can then add and change features.
# We suggest you start simple, prove to yourself that it
# works and then develop a more complicated configuration.
#
# This example will authenticate from a standard users file in
# the current directory and log accounting to a file in the current
# directory.
# It will accept requests from any client and try to handle request
# for any realm.
# And it will print out what its doing in great detail.
#
# See radius.cfg for more complete examples of features and
# syntax, and refer to the reference manual for a complete description
# of all the features and syntax.
#
# You should consider this file to be a starting point only
# $Id: simple.cfg,v 1.4 2001/04/25 23:47:13 mikem Exp $

LogDir		.
DbDir		.
# User a lower trace level in production systems:
Trace 		4

# You will probably want to add other Clients to suit your site,
# one for each NAS you want to work with
<Client DEFAULT>
	Secret	mysecret
	DupInterval 0
</Client>

<Realm acn>
        <AuthBy KRB5>
                KrbRealm        MINES.EDU
        </AuthBy>
</Realm>

#<Realm acn2>
#        <AuthBy KRB5>
#                KrbRealm        MINES.EDU
#        </AuthBy>
#</Realm>



More information about the radiator mailing list