headers
aland | 1 May 2010 01:33
Favicon
Gravatar

GIT Log for 2010-04-30 23:33 GMT

commit 5037647cd93b53f65645761725bea78d13407286
Author: Alan T. DeKok <aland <at> freeradius.org>
Date:   Fri Apr 30 09:58:13 2010 +0200

    Note Samba bug

Files changed:
 raddb/eap.conf |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

======================================================================
commit b6fd71ae1c01e158c3ea0c14d4f41da8f493162d
Author: Alan T. DeKok <aland <at> freeradius.org>
Date:   Fri Apr 30 07:46:30 2010 +0200

    Use pairadd() properly.

Files changed:
 .../rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c      |    4 ++--
 .../rlm_eap/types/rlm_eap_ttls/rlm_eap_ttls.c      |    4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

======================================================================
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
Permalink | Reply | 0 comments |
headers
John Morrissey | 1 May 2010 15:15
Gravatar

Failed assertion in detail reader on incomplete packet read

We've had a few FreeRADIUS instances run out of space in /var due to
unresponsive remote accounting servers.

When this happens, a short packet can be written to a detail file, causing
this assertion failure:

ASSERT FAILED detail.c[573]: data->state == STATE_QUEUED

when the VP-reading loop hits EOF and falls through to the alloc_packet
label without having read a trailing newline indicating end of packet:

while (fgets(buffer, sizeof(buffer), data->fp)) {
[...]
    /*
     *  We're reading VP's, and got a blank line.
     *  Queue the packet.
     */
    if ((data->state == STATE_READING) &&
        (buffer[0] == '\n')) {
        data->state = STATE_QUEUED;
        break;
    }
[...]
}
[...]
 alloc_packet:
    rad_assert(data->state == STATE_QUEUED);

The writes in rlm_detail's do_detail() are unchecked, so failed writes allow
a successful Accounting-Response to be returned to the NAS even though the
(Continue reading)

Permalink | Reply | 1 comment |
headers
Fred MAISON | 3 May 2010 13:43
Picon

Re: rlm_ldap & TCP KeepAlive

Le vendredi 30 avril 2010 à 14:19 +0200, Fred MAISON a écrit :
> > Message: 4
> > Date: Fri, 30 Apr 2010 11:56:25 +0200
> > From: Alan DeKok <aland at deployingradius.com>
> > Subject: Re: rlm_ldap & TCP KeepAlive
> > To: FreeRadius developers mailing list
> > 	<freeradius-devel at lists.freeradius.org>
> > Message-ID: <4BDAA949.3020100 at deployingradius.com>
> > Content-Type: text/plain; charset=ISO-8859-1
> > 
> > Fred MAISON wrote:
> > > Some stateful equipments like firewall or load-balancers tends to drop
> > > long-time idle tcp session to protect their session tables.
> > > To keep idle tcp session active and avoid this kind of deconnections, I
> > > found it could be useful to be able to configure TCP KeepAlive from
> > > rlm_ldap config file, exposing TCP KeepAlive options available in
> > > Openldap libraries to rlm_ldap config file :
> > > LDAP_OPT_X_KEEPALIVE_IDLE, LDAP_OPT_X_KEEPALIVE_PROBES,
> > > LDAP_OPT_X_KEEPALIVE_INTERVAL
> > 
> >   Yup.
> > 
> > > Unfortunately, as Redhat released his 5.5, I don't have anymore access
> > > to jdennis binary repository, so I am in trouble to recompile 2.1.8 for
> > > CentOS 5.4 on x86_64.
> > > I have tried to recompile freeradius 2.1.8 with this patch from
> > > fedoraproject cvs sources, but I don't know how to integrate this patch
> > > in the source tree.
> > 
> >   Use the "patch" program:
(Continue reading)

Permalink | Reply | 0 comments |
headers
Alan DeKok | 3 May 2010 18:29
Favicon
Gravatar

Re: Failed assertion in detail reader on incomplete packet read

John Morrissey wrote:
> When this happens, a short packet can be written to a detail file, causing
> this assertion failure:
> 
> ASSERT FAILED detail.c[573]: data->state == STATE_QUEUED

  OK.  That should be changed to a conditional check.

> The writes in rlm_detail's do_detail() are unchecked, so failed writes allow
> a successful Accounting-Response to be returned to the NAS even though the
> detail is incomplete and won't be processed by the detail reader.
> 
> It seems the best way around this is for do_detail() to keep track of the
> number of bytes it's written, ftruncate() the detail file on a short write,
> and return RLM_MODULE_FAIL. fprintf() would need to be replaced with
> separate sprintf() and fwrite() in order to keep track of the number of
> bytes written for the current packet.

  That should be fixed, too.

> Does this course of action make sense? I can work on this, but it may be a
> few weeks before I have more time.

  I'll see if I can fix the assert for 2.1.9.  It should treat that
condition as an EOF, and delete the file.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
(Continue reading)

Permalink | Reply | 0 comments |
headers
kévin | 4 May 2010 12:07
Picon
Favicon

Freeradius + opensips-1.6.2-tls + mysql


Dear, I'm a french student. I have to build a model with freeradius,
opensips-1.6-tls and mysql
I'm working under Linux:
localhost:/etc/freeradius# uname -a
Linux localhost 2.6.26-2-686 #1 SMP Tue Mar 9 17:35:51 UTC 2010 i686
GNU/Linux

(Opensips, freeradius and mysql are all on the same computer)

I've got some problems:
when I ran /etc/init.d/freeradius, I can't have any logs in
/var/log/freeradius.log or /var/log/freeradius/radacct  radwtmp...

If I ran freeradius in debuging mode (freeradius -X) I have some message,
but when I make a call, I've got the following error:
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Accounting-Request packet from host 127.0.0.1 port 52934, id=186,
length=268
	Acct-Status-Type = Interim-Update
	Service-Type = 0
	Sip-Response-Code = 200
	Sip-Method = ACK
	Event-Timestamp = "May  4 2010 10:35:55 CEST"
	Sip-From-Tag = "4067e8d8-acca-4d3b-8972-9956b34718b2"
	Sip-To-Tag = "4fed310e-df10-489e-9af1-3d54fa2b7423"
	Acct-Session-Id = "97dfa858-9c80-4644-906b-b93c99b9f0b9"
(Continue reading)

Permalink | Reply | 1 comment |
headers
Alan DeKok | 4 May 2010 19:08
Favicon
Gravatar

Re: Freeradius + opensips-1.6.2-tls + mysql

kévin wrote:
> Dear, I'm a french student. I have to build a model with freeradius,
...
> +- entering group preacct
> Segmentation fault
> 
> Any advice?

  Ensure that you've installed only *one* version of the software.

  Usually this means using the version from your OS.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
Permalink | Reply | 0 comments |
headers
aland | 5 May 2010 01:33
Favicon
Gravatar

GIT Log for 2010-05-04 23:33 GMT

commit 908db49448c9560f1b43c1d0b63cd77a47d4fe13
Author: Alan T. DeKok <aland <at> freeradius.org>
Date:   Tue May 4 14:36:42 2010 +0200

    Enable core dumps after suid_down

Files changed:
 src/main/mainconfig.c |  138 ++++++++++++++++++++++++------------------------
 1 files changed, 69 insertions(+), 69 deletions(-)

======================================================================
commit 73fe4311083eb684b3d7f8592d5c1a9cfe68415e
Author: Alan T. DeKok <aland <at> freeradius.org>
Date:   Tue May 4 11:30:50 2010 +0200

    Treat bad records as EOF.

    This helps when the disk is full, and rlm_detail writes a partial record.

Files changed:
 src/modules/frs_detail/frs_detail.c |   11 ++++++++++-
 1 files changed, 10 insertions(+), 1 deletions(-)

======================================================================
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
Permalink | Reply | 0 comments |
headers
Dropbox | 5 May 2010 07:39

Clark Wang has invited you to Dropbox
We're excited to let you know that Clark Wang has invited you to Dropbox!

Clark Wang has been using Dropbox to sync and share files online and across computers, and thought you might want it too.

Visit www.dropbox.com to get started.

- The Dropbox Team
To stop receiving invites from Dropbox, click here © 2010 Dropbox 
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
Permalink | Reply | 0 comments |
headers
John Dennis | 5 May 2010 19:59
Picon
Favicon

2.1.9 Schedule

We would like to get 2.1.9 into RHEL6 as opposed to 2.1.8. The window of 
opportunity is narrowing. Is there a schedule for 2.1.9? The only thing 
I think I recall is "in a few weeks", is there something more specific?

Thanks!
--

-- 
John Dennis <jdennis <at> redhat.com>

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
Permalink | Reply | 1 comment |
headers
Alan DeKok | 5 May 2010 20:33
Favicon
Gravatar

Re: 2.1.9 Schedule

John Dennis wrote:
> We would like to get 2.1.9 into RHEL6 as opposed to 2.1.8. The window of
> opportunity is narrowing. Is there a schedule for 2.1.9? The only thing
> I think I recall is "in a few weeks", is there something more specific?

  Err... real soon now?

  I'll see if I can put up a test "tar" file this week.  Or, people can
try git "v2.1.x" branch.

  If there are no major complaints, 2.1.9 could be out next week.  The
"ChangeLog" is up to date.  The only *major* change is that the
"configure" scripts have been regenerated.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
Permalink | Reply | 0 comments |

Gmane