[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-gnu-radius] [GNU Radius 1.5] testsuite: 1 23 failed
|
From: |
ger87410 |
|
Subject: |
Re: [Bug-gnu-radius] [GNU Radius 1.5] testsuite: 1 23 failed |
|
Date: |
Wed, 3 Oct 2007 10:35:25 -0700 (PDT) |
>It shows that radiusd failed to start. Please take a look at
>radius-1.5/tests/radius.log to see why.
I didn't even think of looking for a radius.log file. Here's what she says:
Oct 03 03:03:12 Main.info: Starting
Oct 03 03:03:12 Main.info: Terminating the subprocesses
Oct 03 03:03:12 Main.info: Loading configuration files.
Oct 03 03:03:12 Main.info: reading
/home/avctech/extra/radius-1.5/tests/raddb/config
Oct 03 03:03:12 [3229]: Main.error:
/home/avctech/extra/radius-1.5/tests/raddb/config:108: unknown block
statement
Oct 03 03:03:12 [3229]: Main.error:
/home/avctech/extra/radius-1.5/tests/raddb/config:115: unknown block
statement
Oct 03 03:03:12 [3229]: Main.warning:
/home/avctech/extra/radius-1.5/tests/../examples/filter.rw:28: missing
return statement
config:108 has:
guile {
debug yes;
load-path "/home/avctech/extra/radius-1.5/tests/raddb";
load "auth.scm";
load "acct.scm";
};
config:115 has:
snmp {
port 1647;
storage {
file
"/home/avctech/extra/radius-1.5/tests/raddb/log/radius.stat";
perms 0600;
};
};
filter.rw has:
string
filter_rw()
{
if (*%[Acct-Status-Type]) {
return "ACCT" +
(string) *%[Acct-Status-Type] + " "
+%[User-Name];
} else {
return "AUTH " + %[User-Name] + " " + %[User-Password];
}
}
I'm testing gnu radius 1.5 on 2 different systems. The first one is a fresh
Fedora 7 install without modifying any of the files. The second is setup
like our current webserver and uses the AVC modified files listed below.
The only difference between the 2 systems 'make check' tests/radius.log
files are that the fresh installed system spits out all the errors you see
above while the modified code spit out all but the 'config:108' guile error.
I'm not bothering to install and test after installing on the fresh Fedora 7
system since we don't have any authentication setup for the way radius
'normally' authenticates. I'm just using the fresh Fedora 7 system to see
if the 'make check' problems are unique to a modified code/system or if it
happens with a fresh install, and it does. So, I don't think the
modifications that I made to radius' code are what's causing the problem.
>> Here's my configuration:
>OK. And what do you see in radius log when you try to authenticate (with
>version 1.5, that is)?
The notes for our server say dictionary.h, avc.c, & auth.c are modified
"files [that] add a new local authentication type ("AVC") so that CHAP can
be performed by fetching the clear-text password from the AVC database (via
avcrad):"
I configured, built and installed 1.5 using the modified code without any
problems. 'radctl start' ran without any problems. 'radauth' is where it
fails.
/var/log/radius.log just says every time I try to authenticate:
Oct 03 10:39:57 [2268]: Main.notice: child 2270 terminated on signal 11
/var/log/radius.debug is empty.
/var/log/radacct/local/detail.auth shows:
Wed Oct 3 10:39:57 2007
User-Name = address@hidden
NAS-IP-Address = 127.0.0.1
Timestamp = 1191429597
Request-Authenticator = None
The modifications to 1.5 are as follows:
auth.c:589
++ case DV_PASSWORD_LOCATION_AVC:
++ ;
++ grad_avp_t *namepair =
++ grad_avl_find(radreq->request,
DA_USER_NAME);
++ if (grad_avp_null_string_p(namepair)) return
auth_nouser;
++ real_password =
AvcPassword(namepair->avp_strvalue);
++ if (!real_password) return auth_nouser;
++ real_password = grad_estrdup(real_password);
++ break;
include/radius/radutmp.h:51
++ char called_id[RUT_PNSIZE]; /* called station ID */
include/radius/dictionary.h:129
++ #define DV_PASSWORD_LOCATION_AVC 2
radlast/radlast.c:82
++ int tsv_fmt = 0;
radlast/radlast.c:189
++ case 'v':
++ tsv_fmt = 1;
++ break;
radlast/radlast.c:436
++ if(!tsv_fmt){
radlast/radlast.c:440
++ }
radlast/radlast.c:738
++ } else if (tsv_fmt) {
++ if (pp) {
++ delta = pp->ut.time - bp->time;
++ strftime(ct, sizeof(ct), "%Y/%m/%d %H:%M:%S", tm);
++ printf("%s\t%s\t%ld\t%s\t%s\t%s\t%s\t%s\t%d\t%s\t%s",
++ bp->login,
++ ct, delta,
++ proto_str(bp->proto),
++ bp->caller_id[0] == 0 ? "1" : bp->caller_id,
++ bp->called_id[0] == 0 ? "1" : bp->called_id,
++ ip_str,
++ grad_nas_ip_to_name(ntohl(bp->nas_address), buf, sizeof
buf),
++ bp->nas_port,
++ port_type_str(bp->porttype),
++ bp->session_id
++ );
++ }
radlast/radlast.c:774
-- } else {
++ } else if(!tsv_fmt){
radiusd/acct.c:259
++ store_session_id(ut.called_id,
++ sizeof(ut.called_id),
++ vp->avp_strvalue,
++ vp->avp_strlength);
++ break;
radiusd/avc.c:
//-------------------------------------------------------------------------
// radiusd/avc.c: RADIUS authentication via AVC servers
// we could use select to implement guard timers on sendto/recv but
// don't bother because GNU RADIUS has time-to-live on children
//-------------------------------------------------------------------------
#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/uio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <fcntl.h>
#include <netdb.h>
#include <netinet/in.h>
//-------------------------------------------------------------------------
static int Bind () {
char buf[32] = "";
gethostname(buf, sizeof(buf));
struct hostent* host = gethostbyname(buf);
if (!host) {
perror("can't get host by name");
return 0;
}
int sock = socket(AF_INET, SOCK_DGRAM, 0);
if (sock < 0) {
perror("can't create socket");
return 0;
}
struct sockaddr_in sad;
memset(&sad, 0, sizeof(sad));
sad.sin_family = AF_INET;
sad.sin_port = htons(0); // 0 gets next available
memcpy(&sad.sin_addr, *host->h_addr_list, host->h_length);
if (bind(sock, (struct sockaddr*)&sad, sizeof(sad)) < 0) {
perror("can't bind sock");
return 0;
}
return sock;
}
//-------------------------------------------------------------------------
static int Send (int sock, char* buf, int n) {
struct hostent* host = gethostbyname("bbb");
if (!host) return 0;
struct sockaddr_in sad;
memset(&sad, 0, sizeof(sad));
sad.sin_family = AF_INET;
sad.sin_port = htons(8767);
memcpy(&sad.sin_addr, *host->h_addr_list, host->h_length);
socklen_t len = sizeof(sad);
struct sockaddr* pa = (struct sockaddr*)&sad;
return sendto(sock, buf, n, 0, pa, len);
}
//-------------------------------------------------------------------------
char* AvcPassword (char* user) {
if (!user || !*user) return NULL;
static char pwd[40] = "";
int sock = Bind();
if (sock < 0) return NULL;
int n = Send(sock, user, strlen(user)+1);
if (strlen(user)+1 == n) {
n = recv(sock, pwd, sizeof(pwd), 0);
} else {
n = 0;
}
close(sock);
return (n > 0) ? pwd : NULL;
}
I'm not even sure how to setup 1.5 to use a 'normal' means of
authenticating. Do I need to set that up and then test it on the fresh
install before we can rule out the modifications I made to the gnu radius
source?
Thanx!
G
--
View this message in context:
http://www.nabble.com/-GNU-Radius-1.5--testsuite%3A-1-23-failed-tf4511805.html#a13023834
Sent from the Gnu - Radius - Bugs mailing list archive at Nabble.com.
- Re: [Bug-gnu-radius] [GNU Radius 1.5] testsuite: 1 23 failed, ger87410, 2007/10/03
- Re: [Bug-gnu-radius] [GNU Radius 1.5] testsuite: 1 23 failed, Sergey Poznyakoff, 2007/10/03
- Re: [Bug-gnu-radius] [GNU Radius 1.5] testsuite: 1 23 failed, ger87410, 2007/10/03
- Re: [Bug-gnu-radius] [GNU Radius 1.5] testsuite: 1 23 failed, Sergey Poznyakoff, 2007/10/03
- Re: [Bug-gnu-radius] [GNU Radius 1.5] testsuite: 1 23 failed,
ger87410 <=
- Re: [Bug-gnu-radius] [GNU Radius 1.5] testsuite: 1 23 failed, Sergey Poznyakoff, 2007/10/03
- Re: [Bug-gnu-radius] [GNU Radius 1.5] testsuite: 1 23 failed, ger87410, 2007/10/04
- Re: [Bug-gnu-radius] [GNU Radius 1.5] testsuite: 1 23 failed, ger87410, 2007/10/04
- Re: [Bug-gnu-radius] [GNU Radius 1.5] testsuite: 1 23 failed, Sergey Poznyakoff, 2007/10/04