(RADIATOR) Multiple kerberos realms - segmentation error

Mike McCauley mikem at open.com.au
Tue Jan 17 18:02:06 CST 2006


Hello Carol,

Thanks for reporting this.
What was happening was when Radiator was run as a daemon, the parent process 
would crash while exiting after spawning the persistent child process. This 
was due to a bug in AuthKRB5.pm

We have now fixed this problem, and the fix is now in the latest Radiator 
patch set.

Thanks again for reporting this.
We apologise for any inconvenience.

Cheers.


On Wednesday 18 January 2006 03:17, Carol Ward wrote:
> Another interesting feature - it doesn't seg fault when it's in foreground.
>  It acts like it's starting a second process when it's in background mode
> and that process seg faults, but the main process continues on.  This error
> happens at startup time before any authentications take place.  Here is the
> information that
> you asked for.  Could this have something to do with the accounting?  It
> doesn't seem to get started in the foreground session.  I've also attached
> the same config
> file with the second kerberos session commented out with the same run
> command and
> no seg fault.
>
>
> Carol
> ===========================================
>
> [root at slag Radiator-3.13]# perl radiusd -foreground -log_stdout -trace 4
> -config_file csm.cfg
> Tue Jan 17 10:01:47 2006: DEBUG: Finished reading configuration file
> 'csm.cfg' Tue Jan 17 10:01:47 2006: DEBUG: Reading dictionary file
> './dictionary' Tue Jan 17 10:01:47 2006: DEBUG: Creating authentication
> port 0.0.0.0:1645 Tue Jan 17 10:01:47 2006: DEBUG: Creating accounting port
> 0.0.0.0:1646 Tue Jan 17 10:01:47 2006: NOTICE: Server started: Radiator
> 3.13 on slag
>
>       [ I killed the process with a CTRL-C ]
>
> [root at slag Radiator-3.13]# perl radiusd  -trace 4 -config_file csm.cfg
> Segmentation fault
> [root at slag Radiator-3.13]# cat logfile
> Tue Jan 17 10:01:32 2006: DEBUG: Finished reading configuration file
> 'csm.cfg' Tue Jan 17 10:01:32 2006: DEBUG: Reading dictionary file
> './dictionary' Tue Jan 17 10:01:33 2006: DEBUG: Creating authentication
> port 0.0.0.0:1645 Tue Jan 17 10:01:44 2006: NOTICE: SIGTERM received:
> stopping
> Tue Jan 17 10:01:47 2006: DEBUG: Finished reading configuration file
> 'csm.cfg' Tue Jan 17 10:01:47 2006: DEBUG: Reading dictionary file
> './dictionary' Tue Jan 17 10:01:47 2006: DEBUG: Creating authentication
> port 0.0.0.0:1645 Tue Jan 17 10:01:47 2006: DEBUG: Creating accounting port
> 0.0.0.0:1646 Tue Jan 17 10:01:47 2006: NOTICE: Server started: Radiator
> 3.13 on slag Tue Jan 17 10:02:02 2006: DEBUG: Finished reading
> configuration file 'csm.cfg' Tue Jan 17 10:02:02 2006: DEBUG: Reading
> dictionary file './dictionary' Tue Jan 17 10:02:02 2006: DEBUG: Creating
> authentication port 0.0.0.0:1645 Tue Jan 17 10:02:02 2006: DEBUG: Creating
> accounting port 0.0.0.0:1646 Tue Jan 17 10:02:02 2006: NOTICE: Server
> started: Radiator 3.13 on slag [root at slag Radiator-3.13]# ps -ef | grep
> radius
> root      5754     1  1 10:02 ?        00:00:00 perl radiusd -trace 4
> -config_file csm.cfg
> root      5757  5695  0 10:02 pts/1    00:00:00 grep radius
>
> Hugh Irvine wrote:
> > Hello Carol -
> >
> > We will need to see a trace 4 debug from Radiator showing what is
> > happening.
> >
> > It is simplest to run radiusd from the command line like this:
> >
> >         cd /your/Radiator/distribution
> >
> >         perl radiusd -foreground -log_stdout -trace 4 -config_file .....
> >
> > where "....." is the name of your configuration file.
> >
> > This way you will see all of the startup messages and any Perl errors
> > that occur.
> >
> > regards
> >
> > Hugh
> >
> > On 17 Jan 2006, at 05:59, Carol Ward wrote:
> > > Hi folks -
> > >
> > > We're running radiator 3.13.  When I define multiple realms using
> > > kerberos
> > > authentication, we get a segmentation error.  Interestingly,
> > > radiusd continues
> > > to run and authenticates correctly.  Anyone have any idea  what is
> > > happening?
> > > The config below will cause the problem.  Admittedly,
> > > it's silly to have 2 realms with the same authentication, but we
> > > we're adding
> > > various flags and admission restrictions via a file and a
> > > continuewhileaccept
> > > clause and these admission restrictions vary by client.  I have
> > > kerberos 5 1.3.5
> > > libraries and perl module installed.  This happens both under
> > > redhat 9 with perl
> > > 5.8
> > > and  debian 3.1 (sarge) with perl v5.8.4.
> > >
> > > Thanks for any help/advice.
> > >
> > > Carol
> > >
> > > ===========================================================.
> > >
> > > # See radius.cfg for more complete examples of features and
> > > # syntax, and refer to the reference manual for a complete description
> > > # of all the features and syntax.
> > > #
> > > # You should consider this file to be a starting point only
> > > # $Id: simple.cfg,v 1.4 2001/04/25 23:47:13 mikem Exp $
> > >
> > > LogDir                .
> > > DbDir         .
> > > # User a lower trace level in production systems:
> > > Trace                 4
> > >
> > > # You will probably want to add other Clients to suit your site,
> > > # one for each NAS you want to work with
> > > <Client DEFAULT>
> > >       Secret  mysecret
> > >       DupInterval 0
> > > </Client>
> > >
> > > <Realm acn>
> > >         <AuthBy KRB5>
> > >                 KrbRealm        SAMPLE.EDU
> > >         </AuthBy>
> > > </Realm>
> > >
> > > <Realm acn2>
> > >         <AuthBy KRB5>
> > >                 KrbRealm        SAMPLE.EDU
> > >         </AuthBy>
> > > </Realm>
> > >
> > > --
> > > Archive at http://www.open.com.au/archives/radiator/
> > > Announcements on radiator-announce at open.com.au
> > > To unsubscribe, email 'majordomo at open.com.au' with
> > > 'unsubscribe radiator' in the body of the message.
> >
> > NB:
> >
> > Have you read the reference manual ("doc/ref.html")?
> > Have you searched the mailing list archive (www.open.com.au/archives/
> > radiator)?
> > Have you had a quick look on Google (www.google.com)?
> > Have you included a copy of your configuration file (no secrets),
> > together with a trace 4 debug showing what is happening?
> >
> > --
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> > -
> > Nets: internetwork inventory and management - graphical, extensible,
> > flexible with hardware, software, platform and database independence.
> > -
> > CATool: Private Certificate Authority for Unix and Unix-like systems.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list