[RADIATOR] 4.29 EAP issue - failed socket

Cassidy B. Larson alandaluz at gmail.com
Thu Jul 18 03:13:12 UTC 2024


For future reference, FreeBSD 14.0 and 14.1 are failing. FreeBSD 13.3 works
like it should.   Will have to dig in more to see what the issue is on 14.x
line.

On Tue, Jul 16, 2024 at 5:50 PM Hugh Irvine <hugh at radiatorsoftware.com>
wrote:

>
> Like you say - must be something to do with OS or Perl.
>
> Hugh
>
>
> On 17/7/2024 09:27, Cassidy B. Larson wrote:
>
> tarball source compiled.
>
> Radiator is running as root at this time.
>
> Thanks!
>
> On Tue, Jul 16, 2024 at 5:24 PM Hugh Irvine <hugh at radiatorsoftware.com>
> wrote:
>
>>
>> Hi again -
>>
>> How did you install Radiator this time?
>>
>> Package or tarball?
>>
>> And what user is Radiator running as?
>>
>> thanks
>>
>> Hugh
>>
>>
>> On 17/7/2024 09:08, Cassidy B. Larson wrote:
>>
>> Hi Hugh,
>>
>> I did try downgrading to 4.25.. it seems to be related to the OS update
>> or perl itself since it is persisting on 4.25 as it did on 4.29.. really
>> odd.
>>
>> It does seem like it’s receiving on the same port it’s sending back out
>> to.. but not able.   So strange!
>>
>> Tue Jul 16 16:17:10 2024: DEBUG: ServerConfig: registering childinit fn
>> from Radius::Configurable
>>
>> Tue Jul 16 16:17:10 2024: DEBUG: Radius::JSON backend is JSON::PP version
>> 4.07
>>
>> Tue Jul 16 16:17:10 2024: DEBUG: SCTP socket API extensions not available
>>
>> Tue Jul 16 16:17:10 2024: DEBUG: Finished reading configuration file
>> '/usr/local/etc/radiator/radius-eap-authentication.cfg'
>>
>> Tue Jul 16 16:17:10 2024: DEBUG: Reading dictionary file
>> '/data/radiator/raddb/dictionary'
>>
>> Tue Jul 16 16:17:10 2024: INFO: Using Net::SSLeay 1.94 with SSL/TLS
>> library version 0x300000d0 (OpenSSL 3.0.13 30 Jan 2024)
>>
>> Tue Jul 16 16:17:10 2024: DEBUG: SSL/TLS library and Net::SSLeay support
>> set_default_passwd_cb and related functions
>>
>> Tue Jul 16 16:17:10 2024: DEBUG: This system is IPv6 capable. IPv6
>> capability provided by: core
>>
>> Tue Jul 16 16:17:10 2024: DEBUG: Creating authentication socket <my_ip>
>> port 1842
>>
>> Tue Jul 16 16:17:10 2024: NOTICE: Server started: Radiator 4.25 on
>> <hostname>
>>
>> Tue Jul 16 16:17:31 2024: DEBUG: Packet dump:
>>
>> *** Received from <ip> port 40333 ....
>>
>>>>
>>>>
>> Tue Jul 16 16:17:31 2024: DEBUG: Packet dump:
>>
>> *** Sending to <ip> port 40333 ....
>>
>>
>> Packet length = 46
>>
>> 0b 35 00 2e 30 e5 a1 5f 38 ea b4 b1 0c 02 04 0e
>>
>> af 49 74 be 4f 08 01 2e 00 06 19 20 50 12 23 26
>>
>> 54 69 64 09 ed 26 4a ad f1 33 90 82 7f 21
>>
>> Code:       Access-Challenge
>>
>> Identifier: 53
>>
>> Authentic:  0<229><161>_8<234><180><177><12><2><4><14><175>It<190>
>>
>> Attributes:
>>
>>         EAP-Message = <1>.<0><6><25>
>>
>>         Message-Authenticator = #&Tid<9><237>&J<173><241>3<144><130><127>!
>>
>>
>> Tue Jul 16 16:17:31 2024: ERR: sendTo: send to  <ip> port 40333 failed:
>> Socket operation on non-socket
>>
>>
>> On Jul 16, 2024, at 4:48 PM, Hugh Irvine via radiator
>> <radiator at lists.open.com.au> <radiator at lists.open.com.au> wrote:
>>
>>
>> Hello Cassidy -
>>
>> This is very odd - it looks like the socket has not been created properly.
>>
>> I don't understand how you could receive a packet on a socket and not be
>> able to send?
>>
>> What do the startup messages from Radiator look like?
>>
>> And what is shown before the log below when the request is received - is
>> it the same socket number?
>>
>> thanks
>>
>> Hugh
>>
>>
>> On 17/7/2024 07:37, Cassidy B. Larson via radiator wrote:
>>
>> Seeing this after upgrading from a few releases to 4.29 and trying EAP
>> with my same hosts/clients on my in-office wifi:
>>
>> Tue Jul 16 15:31:05 2024: ERR: sendTo: send to 10.40.176.98 port 60389
>> failed: Socket operation on non-socket
>>
>> We're now running FreeBSD 14.1-RELEASE on this.
>>
>> Here's the last bit of a Trace 5 output..
>>
>> Tue Jul 16 15:31:05 2024: DEBUG: Handling with Radius::AuthFILE:
>> Tue Jul 16 15:31:05 2024: DEBUG: AuthFILE Handling EAP type 1 (Identity),
>> code: 2 (Response), identifier: 22, length: 24
>> Tue Jul 16 15:31:05 2024: DEBUG: Initialised SSL library: Net::SSLeay
>> 1.94, OpenSSL 3.0.13 30 Jan 2024
>> Tue Jul 16 15:31:05 2024: DEBUG: TLS: Using 0x8 (8) for Net::SSLeay
>> constant SSL2_MT_CLIENT_CERTIFICATE
>> Tue Jul 16 15:31:05 2024: DEBUG: TLS: Using 0x3 (3) for Net::SSLeay
>> constant SSL2_MT_CLIENT_FINISHED
>> Tue Jul 16 15:31:05 2024: DEBUG: TLS: Using 0x2 (2) for Net::SSLeay
>> constant SSL2_MT_CLIENT_MASTER_KEY
>> Tue Jul 16 15:31:05 2024: DEBUG: TLS: Using 0x0 (0) for Net::SSLeay
>> constant SSL2_MT_ERROR
>> Tue Jul 16 15:31:05 2024: DEBUG: TLS: Using 0x6 (6) for Net::SSLeay
>> constant SSL2_MT_REQUEST_CERTIFICATE
>> Tue Jul 16 15:31:05 2024: DEBUG: TLS: Using 0x6 (6) for Net::SSLeay
>> constant SSL2_MT_SERVER_FINISHED
>> Tue Jul 16 15:31:05 2024: DEBUG: TLS: Using 0x4 (4) for Net::SSLeay
>> constant SSL2_MT_SERVER_HELLO
>> Tue Jul 16 15:31:05 2024: DEBUG: TLS: Using 0x5 (5) for Net::SSLeay
>> constant SSL2_MT_SERVER_VERIFY
>> Tue Jul 16 15:31:05 2024: DEBUG: TLS: Using 0x2 (2) for Net::SSLeay
>> constant TLSEXT_ERR_ALERT_FATAL
>> Tue Jul 16 15:31:05 2024: DEBUG: TLS: Using 0x1 (1) for Net::SSLeay
>> constant TLSEXT_ERR_ALERT_WARNING
>> Tue Jul 16 15:31:05 2024: DEBUG: TLS: Using 0x3 (3) for Net::SSLeay
>> constant TLSEXT_ERR_NOACK
>> Tue Jul 16 15:31:05 2024: DEBUG: TLS: Using 0x0 (0) for Net::SSLeay
>> constant TLSEXT_ERR_OK
>> Tue Jul 16 15:31:05 2024: DEBUG: AuthFILE setting EAPTLS_Ciphers to:
>> DEFAULT:!EXPORT:!LOW
>> Tue Jul 16 15:31:05 2024: DEBUG: EAP result: 3, PEAP Challenge
>> Tue Jul 16 15:31:05 2024: DEBUG: AuthBy FILE result: CHALLENGE, PEAP
>> Challenge
>> Tue Jul 16 15:31:05 2024: DEBUG: Access challenged for user at host.com:
>> PEAP Challenge
>> Tue Jul 16 15:31:05 2024: DEBUG: Packet dump:
>> *** Sending to 10.40.176.98 port 60389 ....
>>
>> Packet length = 46
>> 0b 1c 00 2e 67 6a 89 68 86 97 9f 2f c9 ca 99 68
>> c5 3f 5f 1f 50 12 40 12 4b 21 a4 80 19 29 dc 8e
>> c9 bc e2 a2 d3 6e 4f 08 01 17 00 06 19 20
>> Code:       Access-Challenge
>> Identifier: 28
>> Authentic:  gj<137>h<134><151><159>/<201><202><153>h<197>?_<31>
>> Attributes:
>> Message-Authenticator =
>> @<18>K!<164><128><25>)<220><142><201><188><226><162><211>n
>> EAP-Message = <1><23><0><6><25>
>>
>> Tue Jul 16 15:31:05 2024: ERR: sendTo: send to 10.40.176.98 port 60389
>> failed: Socket operation on non-socket
>>
>>
>>
>> Going to try downgrading to a few previous releases to figure out where
>> the problem started.. but just wondering if anybody had any quick clues
>> while I found time to do that.
>>
>> Thanks!
>>
>> -c
>>
>>
>> _______________________________________________
>> radiator mailing listradiator at lists.open.com.auhttps://lists.open.com.au/mailman/listinfo/radiator
>>
>> _______________________________________________
>> radiator mailing list
>> radiator at lists.open.com.au
>> https://lists.open.com.au/mailman/listinfo/radiator
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.open.com.au/pipermail/radiator/attachments/20240717/9ccfb1a2/attachment-0001.html>


More information about the radiator mailing list