arr2036
commented
9 years ago I guess you're seeing this as the process is exiting?
Closed crawler95 closed 9 years ago
arr2036
commented
9 years ago I guess you're seeing this as the process is exiting?
crawler95
commented
9 years ago Im seeing this as a fatal segmentation fault on next use of sql module after a Closing connection (X), from Y unused connections" message from previous request:
Full log with gdb:
GNU gdb (Gentoo 7.7.1 p1) 7.7.1
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://bugs.gentoo.org/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from radiusd...Reading symbols from /usr/lib64/debug//usr/sbin/radiusd.debug...done.
done.
(gdb) run -X
Starting program: /usr/sbin/radiusd -X
warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
radiusd: FreeRADIUS Version 3.1.0 (git #ff4574f), for host x86_64-pc-linux-gnu, built on Dec 13 2014 at 08:47:31
Copyright (C) 1999-2014 The FreeRADIUS server project and contributors
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License
For more information about these matters, see the file named COPYRIGHT
Starting - reading configuration files ...
including dictionary file /usr/share/freeradius/dictionary
including dictionary file /usr/share/freeradius/dictionary.dhcp
including dictionary file /usr/share/freeradius/dictionary.vqp
including dictionary file /etc/raddb/dictionary
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/mods-enabled/
including configuration file /etc/raddb/mods-enabled/radutmp
including configuration file /etc/raddb/mods-enabled/pap
including configuration file /etc/raddb/mods-enabled/ntlm_auth
including configuration file /etc/raddb/mods-enabled/expiration
including configuration file /etc/raddb/mods-enabled/digest
including configuration file /etc/raddb/mods-enabled/mschap
including configuration file /etc/raddb/mods-enabled/logintime
including configuration file /etc/raddb/mods-enabled/expr
including configuration file /etc/raddb/mods-enabled/linelog
including configuration file /etc/raddb/mods-enabled/echo
including configuration file /etc/raddb/mods-enabled/unpack
including configuration file /etc/raddb/mods-enabled/replicate
including configuration file /etc/raddb/mods-enabled/preprocess
including configuration file /etc/raddb/mods-enabled/unix
including configuration file /etc/raddb/mods-enabled/always
including configuration file /etc/raddb/mods-enabled/passwd
including configuration file /etc/raddb/mods-enabled/perl
including configuration file /etc/raddb/mods-enabled/sql
including configuration file /etc/raddb/mods-config/sql/main/postgresql/queries.conf
including configuration file /etc/raddb/mods-enabled/sradutmp
including configuration file /etc/raddb/mods-enabled/utf8
including configuration file /etc/raddb/mods-enabled/dynamic_clients
including configuration file /etc/raddb/mods-enabled/soh
including configuration file /etc/raddb/mods-enabled/realm
including configuration file /etc/raddb/mods-enabled/eap
including configuration file /etc/raddb/mods-enabled/attr_filter
including configuration file /etc/raddb/mods-enabled/files
including configuration file /etc/raddb/mods-enabled/detail.log
including configuration file /etc/raddb/mods-enabled/exec
including configuration file /etc/raddb/mods-enabled/detail
including configuration file /etc/raddb/mods-enabled/dhcp
including configuration file /etc/raddb/mods-enabled/cache_eap
including configuration file /etc/raddb/mods-enabled/chap
including files in directory /etc/raddb/policy.d/
including configuration file /etc/raddb/policy.d/debug
including configuration file /etc/raddb/policy.d/control
including configuration file /etc/raddb/policy.d/abfab-tr
including configuration file /etc/raddb/policy.d/custom
including configuration file /etc/raddb/policy.d/canonicalization
including configuration file /etc/raddb/policy.d/filter
including configuration file /etc/raddb/policy.d/cui
including configuration file /etc/raddb/policy.d/eap
including configuration file /etc/raddb/policy.d/operator-name
including configuration file /etc/raddb/policy.d/dhcp
including configuration file /etc/raddb/policy.d/accounting
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/default
including configuration file /etc/raddb/sites-enabled/control-socket
including configuration file /etc/raddb/sites-enabled/inner-tunnel
main {
security {
allow_core_dumps = no
}
}
main {
name = "radiusd"
prefix = "/usr"
localstatedir = "/var/lib"
sbindir = "/usr/sbin"
logdir = "/var/log/radius"
run_dir = "/run/radiusd"
libdir = "/usr/lib64"
radacctdir = "/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1536
pidfile = "/run/radiusd/radiusd.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
colourise = yes
msg_denied = "You are already logged in - access denied"
}
security {
max_attributes = 200
reject_delay = 1.000000
status_server = yes
allow_vulnerable_openssl = "no"
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server home1 {
ipaddr = 1.1.1.1
port = 1812
type = "auth"
secret = <<< secret >>>
response_window = 20.000000
response_timeouts = 1
max_outstanding = 65536
zombie_period = 40
status_check = "request"
ping_interval = 30
check_interval = 30
check_timeout = 4
num_answers_to_alive = 3
revive_interval = 120
username = ...
password = ...
coa {
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
limit {
max_connections = 16
max_requests = 0
lifetime = 0
idle_timeout = 0
}
}
home_server home2 {
ipaddr = 2.2.2.2
port = 1812
type = "auth"
secret = <<< secret >>>
response_window = 20.000000
response_timeouts = 1
max_outstanding = 65536
zombie_period = 40
status_check = "request"
ping_interval = 30
check_interval = 30
check_timeout = 4
num_answers_to_alive = 3
revive_interval = 120
username = ...
password = ...
coa {
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
limit {
max_connections = 16
max_requests = 0
lifetime = 0
idle_timeout = 0
}
}
home_server home3 {
ipaddr = 3.3.3.3
port = 1812
type = "auth"
secret = <<< secret >>>
response_window = 20.000000
response_timeouts = 1
max_outstanding = 65536
zombie_period = 40
status_check = "request"
ping_interval = 30
check_interval = 30
check_timeout = 4
num_answers_to_alive = 3
revive_interval = 120
username = ...
password = ...
coa {
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
limit {
max_connections = 16
max_requests = 0
lifetime = 0
idle_timeout = 0
}
}
home_server_pool active_directory {
type = fail-over
home_server = home1
home_server = home2
home_server = home3
}
realm MYREALM {
auth_pool = active_directory
}
realm NULL {
auth_pool = active_directory
}
realm LOCAL {
}
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = <<< secret >>>
nas_type = "other"
proto = "*"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client localhost_ipv6 {
ipv6addr = ::1
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client myclient1 {
ipaddr = x.x.x.x/x
require_message_authenticator = no
secret = <<< secret >>>
shortname = "myclient1"
nas_type = "hp_m200"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client myclient2 {
ipaddr = x.x.x.x/x
require_message_authenticator = no
secret = <<< secret >>>
shortname = "myclient2"
nas_type = "hp_m200"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client myclient3 {
ipaddr = x.x.x.x/x
require_message_authenticator = no
secret = <<< secret >>>
shortname = "myclient3"
nas_type = "hp_m200"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client testing {
ipaddr = x.x.x.x/x
require_message_authenticator = no
secret = <<< secret >>>
shortname = "testing"
nas_type = "other"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
Found debugger attached
radiusd: #### Instantiating modules ####
instantiate {
}
modules {
# Loaded module rlm_radutmp
# Instantiating module "radutmp" from file /etc/raddb/mods-enabled/radutmp
radutmp {
filename = "/var/log/radius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
permissions = 384
caller_id = yes
}
# Loaded module rlm_pap
# Instantiating module "pap" from file /etc/raddb/mods-enabled/pap
pap {
normalise = yes
}
# Loaded module rlm_exec
# Instantiating module "ntlm_auth" from file /etc/raddb/mods-enabled/ntlm_auth
exec ntlm_auth {
wait = yes
program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{Us
r-Password}"
shell_escape = yes
}
# Loaded module rlm_expiration
# Instantiating module "expiration" from file /etc/raddb/mods-enabled/expiration
# Loaded module rlm_digest
# Instantiating module "digest" from file /etc/raddb/mods-enabled/digest
# Loaded module rlm_mschap
# Instantiating module "mschap" from file /etc/raddb/mods-enabled/mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = yes
passchange {
}
allow_retry = yes
}
# Loaded module rlm_logintime
# Instantiating module "logintime" from file /etc/raddb/mods-enabled/logintime
logintime {
minimum_timeout = 60
}
# Loaded module rlm_expr
# Instantiating module "expr" from file /etc/raddb/mods-enabled/expr
expr {
safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôoùûüaÿÄÉ
ÜßÀÂÆÇÈÉÊËÎÏÔOÙÛÜY"
}
# Loaded module rlm_linelog
# Instantiating module "linelog" from file /etc/raddb/mods-enabled/linelog
linelog {
filename = "/var/log/radius/linelog"
permissions = 384
format = "This is a log message for %{User-Name}"
reference = "messages.%{%{Packet-Type}:-default}"
}
# Instantiating module "log_accounting" from file /etc/raddb/mods-enabled/linelog
linelog log_accounting {
filename = "/var/log/radius/linelog-accounting"
permissions = 384
format = ""
reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
}
# Instantiating module "echo" from file /etc/raddb/mods-enabled/echo
exec echo {
wait = yes
program = "/bin/echo %{User-Name}"
input_pairs = "request"
output_pairs = "reply"
shell_escape = yes
}
# Loaded module rlm_unpack
# Instantiating module "unpack" from file /etc/raddb/mods-enabled/unpack
# Loaded module rlm_replicate
# Instantiating module "replicate" from file /etc/raddb/mods-enabled/replicate
# Loaded module rlm_preprocess
# Instantiating module "preprocess" from file /etc/raddb/mods-enabled/preprocess
preprocess {
huntgroups = "/etc/raddb/mods-config/preprocess/huntgroups"
hints = "/etc/raddb/mods-config/preprocess/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
reading pairlist file /etc/raddb/mods-config/preprocess/huntgroups
reading pairlist file /etc/raddb/mods-config/preprocess/hints
# Loaded module rlm_unix
# Instantiating module "unix" from file /etc/raddb/mods-enabled/unix
unix {
radwtmp = "/var/log/radius/radwtmp"
}
# Loaded module rlm_always
# Instantiating module "reject" from file /etc/raddb/mods-enabled/always
always reject {
rcode = "reject"
simulcount = 0
mpp = no
}
# Instantiating module "fail" from file /etc/raddb/mods-enabled/always
always fail {
rcode = "fail"
simulcount = 0
mpp = no
}
# Instantiating module "ok" from file /etc/raddb/mods-enabled/always
always ok {
rcode = "ok"
simulcount = 0
mpp = no
}
# Instantiating module "handled" from file /etc/raddb/mods-enabled/always
always handled {
rcode = "handled"
simulcount = 0
mpp = no
}
# Instantiating module "invalid" from file /etc/raddb/mods-enabled/always
always invalid {
rcode = "invalid"
simulcount = 0
mpp = no
}
# Instantiating module "userlock" from file /etc/raddb/mods-enabled/always
always userlock {
rcode = "userlock"
simulcount = 0
mpp = no
}
# Instantiating module "notfound" from file /etc/raddb/mods-enabled/always
always notfound {
rcode = "notfound"
simulcount = 0
mpp = no
}
# Instantiating module "noop" from file /etc/raddb/mods-enabled/always
always noop {
rcode = "noop"
simulcount = 0
mpp = no
}
# Instantiating module "updated" from file /etc/raddb/mods-enabled/always
always updated {
rcode = "updated"
simulcount = 0
mpp = no
}
# Loaded module rlm_passwd
# Instantiating module "etc_passwd" from file /etc/raddb/mods-enabled/passwd
passwd etc_passwd {
filename = "/etc/passwd"
format = "*User-Name:Crypt-Password:"
delimiter = ":"
ignore_nislike = no
ignore_empty = yes
allow_multiple_keys = no
hash_size = 100
}
rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
# Loaded module rlm_perl
# Instantiating module "perl" from file /etc/raddb/mods-enabled/perl
perl {
filename = "/etc/raddb/mods-config/perl/radutil.pl"
func_authorize = "authorize"
func_authenticate = "authenticate"
func_post_auth = "post_auth"
func_accounting = "accounting"
func_preacct = "preacct"
func_checksimul = "checksimul"
func_detach = "detach"
func_xlat = "xlat"
func_pre_proxy = "pre_proxy"
func_post_proxy = "post_proxy"
func_recv_coa = "recv_coa"
func_send_coa = "send_coa"
}
# Loaded module rlm_sql
# Instantiating module "sql" from file /etc/raddb/mods-enabled/sql
sql {
driver = "rlm_sql_postgresql"
server = "localhost"
port = ""
login = "radius"
password = <<< secret >>>
radius_db = "radius"
read_groups = yes
read_profiles = yes
read_clients = no
delete_stale_sessions = yes
sql_user_name = "%{%{Stripped-User-Name}:-%{%{User-Name}:-none}}"
default_user_profile = ""
client_query = "SELECT id, nasname, shortname, type, secret, server FROM nas"
authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Na
me}' ORDER BY id"
authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Na
me}' ORDER BY id"
authorize_group_check_query = "SELECT id, groupname, attribute, value, op FROM radgroupcheck WHERE groupname = '
%{Sql-Group}' ORDER BY id"
authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '
%{Sql-Group}' ORDER BY id"
group_membership_query = "SELECT groupname FROM radusergroup WHERE username='%{SQL-User-Name}' ORDER BY priority
"
safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /,"
accounting {
reference = "%{tolower:type.%{%{Acct-Status-Type}:-none}.query}"
type {
accounting-on {
query = "UPDATE radacct SET AcctStopTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), AcctUpdateTime = TO_TIMESTA
MP(%{integer:Event-Timestamp}), AcctSessionTime = (%{integer:Event-Timestamp} - EXTRACT(EPOCH FROM(AcctStartTime))), Acc
tTerminateCause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE AcctStopTime IS NULL AND NASIPAddress= '%{%{NAS-IPv6-Ad
dress}:-%{NAS-IP-Address}}' AND AcctStartTime <= '%S'::timestamp"
}
accounting-off {
query = "UPDATE radacct SET AcctStopTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), AcctUpdateTime = TO_TIMESTA
MP(%{integer:Event-Timestamp}), AcctSessionTime = (%{integer:Event-Timestamp} - EXTRACT(EPOCH FROM(AcctStartTime))), Acc
tTerminateCause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE AcctStopTime IS NULL AND NASIPAddress= '%{%{NAS-IPv6-Ad
dress}:-%{NAS-IP-Address}}' AND AcctStartTime <= '%S'::timestamp"
}
start {
query = "UPDATE radacct SET FramedIPAddress = COALESCE(FramedIPAddress, NULLIF('%{Framed-IP-Address}', '')::inet
), Hostname = COALESCE(Hostname, NULLIF('%{DHCP-Hostname}', '')), ConnectInfo_Start = COALESCE(ConnectInfo_Start, NULLIF
('%{Connect-Info}', '')), AcctStartTime = COALESCE(AcctStartTime, TO_TIMESTAMP(%{integer:Event-Timestamp})), AcctUpdateT
ime = TO_TIMESTAMP(%{integer:Event-Timestamp}), AcctStopTime = NULL, AcctStartInputOctets = (('%{%{Acct-Input-Gigawords}
:-0}'::bigint << 32) + '%{%{Acct-Input-Octets}:-0}'::bigint), AcctStartOutputOctets = (('%{%{Acct-Output-Gigawords}:-0}'
::bigint << 32) + '%{%{Acct-Output-Octets}:-0}'::bigint), AcctStartInputPackets = '%{%{Acct-Input-Packets}:-0}'::integer
, AcctStartOutputPackets = '%{%{Acct-Output-Packets}:-0}'::integer WHERE (AcctUniqueId = '%{Acct-Unique-Session-Id}')"
}
interim-update {
query = "UPDATE radacct SET FramedIPAddress = NULLIF('%{Framed-IP-Address}', '')::inet, HostName = NULLIF('%{DHC
P-Hostname}', ''), AcctSessionTime = %{%{Acct-Session-Time}:-NULL}, AcctInterval = (%{integer:Event-Timestamp} - EXTRACT
(EPOCH FROM (COALESCE(AcctUpdateTime, AcctStartTime)))), AcctUpdateTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), Acct
InputOctets = (('%{%{Acct-Input-Gigawords}:-0}'::bigint << 32) + '%{%{Acct-Input-Octets}:-0}'::bigint) - AcctStartInputO
ctets, AcctOutputOctets = (('%{%{Acct-Output-Gigawords}:-0}'::bigint << 32) + '%{%{Acct-Output-Octets}:-0}'::bigint) - A
cctStartOutputOctets, AcctInputPackets = '%{%{Acct-Input-Packets}:-0}'::integer - AcctStartInputPackets, AcctOutputPacke
ts = '%{%{Acct-Output-Packets}:-0}'::integer - AcctStartOutputPackets WHERE (AcctUniqueId = '%{Acct-Unique-Session-Id}')
AND AcctStopTime IS NULL"
}
stop {
query = "UPDATE radacct SET FramedIPAddress = NULLIF('%{Framed-IP-Address}', '')::inet, Hostname = NULLIF('%{DHC
P-Hostname}', ''), ConnectInfo_Stop = NULLIF('%{Connect-Info}', ''), AcctStopTime = TO_TIMESTAMP(%{integer:Event-Timesta
mp}), AcctUpdateTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), AcctSessionTime = COALESCE(%{%{Acct-Session-Time}:-NULL
}, (%{integer:Event-Timestamp} - EXTRACT(EPOCH FROM(AcctStartTime)))), AcctInputOctets = (('%{%{Acct-Input-Gigawords}:-0
}'::bigint << 32) + '%{%{Acct-Input-Octets}:-0}'::bigint) - AcctStartInputOctets, AcctOutputOctets = (('%{%{Acct-Output-
Gigawords}:-0}'::bigint << 32) + '%{%{Acct-Output-Octets}:-0}'::bigint) - AcctStartOutputOctets, AcctInputPackets = '%{%
{Acct-Input-Packets}:-0}'::integer - AcctStartInputPackets, AcctOutputPackets = '%{%{Acct-Output-Packets}:-0}'::integer
- AcctStartOutputPackets, AcctTerminateCause = '%{Acct-Terminate-Cause}' WHERE (AcctUniqueId = '%{Acct-Unique-Session-Id
}') AND AcctStopTime IS NULL"
}
}
}
post-auth {
reference = ".query"
query = "INSERT INTO radacct (UserName, GroupName, Realm, Reply, NASIPAddress, NASPortId, NASPortType, CallingSt
ationId, CalledStationId, FramedMTU, ServiceType, AuthDate, SSID, Class, FramedProtocol, AcctSessionId, AcctUniqueId) VA
LUES('%{SQL-User-Name}', NULLIF('%{Sql-Group}', ''), NULLIF('%{Realm}', ''), '%{reply:Packet-Type}', '%{%{NAS-IPv6-Addre
ss}:-%{NAS-IP-Address}}', %{%{NAS-Port}:-NULL}, '%{NAS-Port-Type}', '%{Calling-Station-Id}', '%{Called-Station-Id}', NUL
LIF('%{Framed-MTU}', '')::integer, NULLIF('%{Service-Type}', ''), NOW(), '%{X-Wireless-SSID}', '%{string:reply:Class}',
NULLIF('%{Framed-Protocol}', ''), '%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}' )"
}
}
postgresql {
send_application_name = yes
}
rlm_sql (sql): Driver rlm_sql_postgresql (module rlm_sql_postgresql) loaded and linked
rlm_sql (sql): Attempting to connect to database "radius"
rlm_sql (sql): Initialising connection pool
pool {
start = 6
min = 4
max = 32
spare = 3
uses = 0
lifetime = 0
cleanup_interval = 30
idle_timeout = 180
retry_delay = 1
spread = no
}
rlm_sql (sql): Opening additional connection (0)
rlm_sql_postgresql: Connecting using parameters: dbname='radius' host='localhost' user='radius' password='..............
..................' application_name='FreeRADIUS 3.1.0 - radiusd (sql)'
Connected to database 'radius' on 'localhost' server version 90305, protocol version 3, backend PID 12991
rlm_sql (sql): Opening additional connection (1)
rlm_sql_postgresql: Connecting using parameters: dbname='radius' host='localhost' user='radius' password='..............
..................' application_name='FreeRADIUS 3.1.0 - radiusd (sql)'
Connected to database 'radius' on 'localhost' server version 90305, protocol version 3, backend PID 12992
rlm_sql (sql): Opening additional connection (2)
rlm_sql_postgresql: Connecting using parameters: dbname='radius' host='localhost' user='radius' password='..............
..................' application_name='FreeRADIUS 3.1.0 - radiusd (sql)'
Connected to database 'radius' on 'localhost' server version 90305, protocol version 3, backend PID 12993
rlm_sql (sql): Opening additional connection (3)
rlm_sql_postgresql: Connecting using parameters: dbname='radius' host='localhost' user='radius' password='..............
..................' application_name='FreeRADIUS 3.1.0 - radiusd (sql)'
Connected to database 'radius' on 'localhost' server version 90305, protocol version 3, backend PID 12994
rlm_sql (sql): Opening additional connection (4)
rlm_sql_postgresql: Connecting using parameters: dbname='radius' host='localhost' user='radius' password='..............
..................' application_name='FreeRADIUS 3.1.0 - radiusd (sql)'
Connected to database 'radius' on 'localhost' server version 90305, protocol version 3, backend PID 12995
rlm_sql (sql): Opening additional connection (5)
rlm_sql_postgresql: Connecting using parameters: dbname='radius' host='localhost' user='radius' password='..............
..................' application_name='FreeRADIUS 3.1.0 - radiusd (sql)'
Connected to database 'radius' on 'localhost' server version 90305, protocol version 3, backend PID 12996
# Instantiating module "sradutmp" from file /etc/raddb/mods-enabled/sradutmp
radutmp sradutmp {
filename = "/var/log/radius/sradutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
permissions = 420
caller_id = no
}
# Loaded module rlm_utf8
# Instantiating module "utf8" from file /etc/raddb/mods-enabled/utf8
# Loaded module rlm_dynamic_clients
# Instantiating module "dynamic_clients" from file /etc/raddb/mods-enabled/dynamic_clients
# Loaded module rlm_soh
# Instantiating module "soh" from file /etc/raddb/mods-enabled/soh
soh {
dhcp = yes
}
# Loaded module rlm_realm
# Instantiating module "IPASS" from file /etc/raddb/mods-enabled/realm
realm IPASS {
format = "prefix"
delimiter = "/"
ignore_default = no
ignore_null = yes
}
# Instantiating module "suffix" from file /etc/raddb/mods-enabled/realm
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = yes
}
# Instantiating module "realmpercent" from file /etc/raddb/mods-enabled/realm
realm realmpercent {
format = "suffix"
delimiter = "%"
ignore_default = no
ignore_null = yes
}
# Instantiating module "ntdomain" from file /etc/raddb/mods-enabled/realm
realm ntdomain {
format = "prefix"
delimiter = "\\"
ignore_default = no
ignore_null = yes
}
# Loaded module rlm_eap
# Instantiating module "eap" from file /etc/raddb/mods-enabled/eap
eap {
default_eap_type = "peap"
timer_expire = 60
ignore_unknown_eap_types = no
mod_accounting_username_bug = no
max_sessions = 1536
}
# Linked to sub-module rlm_eap_tls
tls {
tls = "tls-common"
}
tls-config tls-common {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
ca_path = "/etc/raddb/certs"
pem_file_type = yes
private_key_file = "/etc/raddb/certs/server.pem"
certificate_file = "/etc/raddb/certs/server.crt"
private_key_password = <<< secret >>>
dh_file = "/etc/raddb/certs/dh"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
ecdh_curve = "prime256v1"
cache {
enable = yes
lifetime = 24
max_entries = 255
}
verify {
}
ocsp {
enable = no
override_cert_url = yes
url = "http://127.0.0.1/ocsp/"
use_nonce = yes
timeout = 0
softfail = no
}
}
# Linked to sub-module rlm_eap_peap
peap {
tls = "tls-common"
default_method = "mschapv2"
copy_request_to_tunnel = yes
use_tunneled_reply = yes
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
soh = no
require_client_cert = no
}
Using cached TLS configuration from previous invocation
# Loaded module rlm_attr_filter
# Instantiating module "attr_filter.post-proxy" from file /etc/raddb/mods-enabled/attr_filter
attr_filter attr_filter.post-proxy {
filename = "/etc/raddb/mods-config/attr_filter/post-proxy"
key = "%{Realm}"
relaxed = no
}
reading pairlist file /etc/raddb/mods-config/attr_filter/post-proxy
# Instantiating module "attr_filter.pre-proxy" from file /etc/raddb/mods-enabled/attr_filter
attr_filter attr_filter.pre-proxy {
filename = "/etc/raddb/mods-config/attr_filter/pre-proxy"
key = "%{Realm}"
relaxed = no
}
reading pairlist file /etc/raddb/mods-config/attr_filter/pre-proxy
# Instantiating module "attr_filter.access_reject" from file /etc/raddb/mods-enabled/attr_filter
attr_filter attr_filter.access_reject {
filename = "/etc/raddb/mods-config/attr_filter/access_reject"
key = "%{User-Name}"
relaxed = no
}
reading pairlist file /etc/raddb/mods-config/attr_filter/access_reject
# Instantiating module "attr_filter.access_challenge" from file /etc/raddb/mods-enabled/attr_filter
attr_filter attr_filter.access_challenge {
filename = "/etc/raddb/mods-config/attr_filter/access_challenge"
key = "%{User-Name}"
relaxed = no
}
reading pairlist file /etc/raddb/mods-config/attr_filter/access_challenge
# Instantiating module "attr_filter.accounting_response" from file /etc/raddb/mods-enabled/attr_filter
attr_filter attr_filter.accounting_response {
filename = "/etc/raddb/mods-config/attr_filter/accounting_response"
key = "%{User-Name}"
relaxed = no
}
reading pairlist file /etc/raddb/mods-config/attr_filter/accounting_response
# Loaded module rlm_files
# Instantiating module "files" from file /etc/raddb/mods-enabled/files
files {
filename = "/etc/raddb/mods-config/files/authorize"
usersfile = "/etc/raddb/mods-config/files/authorize"
acctusersfile = "/etc/raddb/mods-config/files/accounting"
preproxy_usersfile = "/etc/raddb/mods-config/files/pre-proxy"
compat = "cistron"
}
reading pairlist file /etc/raddb/mods-config/files/authorize
[/etc/raddb/mods-config/files/authorize]:221 Cistron compatibility checks for entry DEFAULT ...
[/etc/raddb/mods-config/files/authorize]:224 Cistron compatibility checks for entry DEFAULT ...
[/etc/raddb/mods-config/files/authorize]:227 Cistron compatibility checks for entry public ...
reading pairlist file /etc/raddb/mods-config/files/authorize
[/etc/raddb/mods-config/files/authorize]:221 Cistron compatibility checks for entry DEFAULT ...
[/etc/raddb/mods-config/files/authorize]:224 Cistron compatibility checks for entry DEFAULT ...
[/etc/raddb/mods-config/files/authorize]:227 Cistron compatibility checks for entry public ...
reading pairlist file /etc/raddb/mods-config/files/accounting
reading pairlist file /etc/raddb/mods-config/files/pre-proxy
# Loaded module rlm_detail
# Instantiating module "auth_log" from file /etc/raddb/mods-enabled/detail.log
detail auth_log {
filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output
# Instantiating module "reply_log" from file /etc/raddb/mods-enabled/detail.log
detail reply_log {
filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
# Instantiating module "pre_proxy_log" from file /etc/raddb/mods-enabled/detail.log
detail pre_proxy_log {
filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%
m%d"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
# Instantiating module "post_proxy_log" from file /etc/raddb/mods-enabled/detail.log
detail post_proxy_log {
filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y
%m%d"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
# Instantiating module "exec" from file /etc/raddb/mods-enabled/exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
timeout = 10
}
# Instantiating module "detail" from file /etc/raddb/mods-enabled/detail
detail {
filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
# Loaded module rlm_dhcp
# Instantiating module "dhcp" from file /etc/raddb/mods-enabled/dhcp
# Loaded module rlm_cache
# Instantiating module "cache_eap" from file /etc/raddb/mods-enabled/cache_eap
cache cache_eap {
driver = "rlm_cache_rbtree"
key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
ttl = 15
max_entries = 0
epoch = 0
add_stats = no
}
rlm_cahe (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked
# Loaded module rlm_chap
# Instantiating module "chap" from file /etc/raddb/mods-enabled/chap
} # modules
radiusd: #### Loading Virtual Servers ####
server { # from file /etc/raddb/radiusd.conf
} # server
server default { # from file /etc/raddb/sites-enabled/default
# Loading authenticate {...}
# Loading authorize {...}
# Loading preacct {...}
# Loading accounting {...}
# Loading post-proxy {...}
# Loading post-auth {...}
} # server default
server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel
# Loading authorize {...}
} # server inner-tunnel
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "control"
listen {
socket = "/run/radiusd/radiusd.sock"
mode = "rw"
}
}
listen {
type = "auth"
ipaddr = *
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
type = "acct"
ipaddr = *
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
type = "auth"
ipv6addr = ::
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
type = "acct"
ipv6addr = ::
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
type = "auth"
ipaddr = 127.0.0.1
port = 18120
}
Listening on command file /run/radiusd/radiusd.sock
Listening on auth address * port 1812 as server default
Listening on acct address * port 1813 as server default
Listening on auth address :: port 1812 as server default
Listening on acct address :: port 1813 as server default
Listening on auth address 127.0.0.1 port 18120 as server inner-tunnel
Opening new proxy socket 'proxy address * port 1814'
Listening on proxy address * port 1814
Ready to process requests
(0) Received Accounting-Request Id 46 from x.x.x.x:32768 to x.x.x.x:1813 length 352
(0) Acct-Multi-Session-Id = 'A0-A1-A2-A3-A4-A5-B0-B1-B2-B3-B4-B5-54-8C-5F-CE-00-06-8F-B6'
(0) Acct-Session-Id = '467a0d79-00000108'
(0) NAS-Port = 239
(0) NAS-Port-Type = Wireless-802.11
(0) NAS-Identifier = 'XXXX'
(0) NAS-IP-Address = x.x.x.x
(0) Framed-MTU = 1496
(0) Framed-IP-Address = x.x.x.x
(0) User-Name = 'MYREALM\myuser'
(0) Calling-Station-Id = 'A0-A1-A2-A3-A4-A5'
(0) Called-Station-Id = 'B0-B1-B2-B3-B4-B5'
(0) Class = 0x766c616e7469
(0) Acct-Status-Type = Interim-Update
(0) Acct-Session-Time = 60
(0) Acct-Input-Packets = 25
(0) Acct-Output-Packets = 94
(0) Acct-Input-Octets = 3689
(0) Acct-Output-Octets = 11448
(0) Acct-Delay-Time = 0
(0) Colubris-AVPair = 'ssid=XXXXX'
(0) Colubris-AVPair = 'incoming-vlan-id=10'
(0) Colubris-AVPair = 'vsc-unique-id=1'
(0) Colubris-AVPair = 'phytype=IEEE802dot11 '
(0) Attr-26.8744.250 = 0x00000000
(0) Attr-26.8744.249 = 0x00000000
(0) # Executing section preacct from file /etc/raddb/sites-enabled/default
(0) preacct {
(0) [preprocess] = ok
(0) policy rewrite_calling_station_id {
(0) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2
})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
(0) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2
})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) -> TRUE
(0) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2
})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
(0) update request {
(0) EXPAND %{toupper:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}}
(0) --> A0-A1-A2-A3-A4-A5
(0) &Calling-Station-Id := "A0-A1-A2-A3-A4-A5"
(0) } # update request = noop
(0) [updated] = updated
(0) } # if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-
f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) = updated
(0) ... skipping else for request 0: Preceding "if" was taken
(0) } # policy rewrite_calling_station_id = updated
(0) policy rewrite_called_station_id {
(0) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})
[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i)) {
(0) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})
[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i)) -> TRUE
(0) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})
[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i)) {
(0) update request {
(0) EXPAND %{toupper:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}}
(0) --> B0-B1-B2-B3-B4-B5
(0) &Called-Station-Id := "B0-B1-B2-B3-B4-B5"
(0) } # update request = noop
(0) if ("%{8}") {
(0) EXPAND %{8}
(0) -->
(0) if ("%{8}") -> FALSE
(0) [updated] = updated
(0) } # if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]
{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i)) = updated
(0) ... skipping else for request 0: Preceding "if" was taken
(0) } # policy rewrite_called_station_id = updated
(0) policy extract_ssid {
(0) if (&Colubris-AVPair) {
(0) if (&Colubris-AVPair) -> TRUE
(0) if (&Colubris-AVPair) {
(0) update request {
(0) Len is 6 , out is XXXXX freespace is 2048
(0) EXPAND %{perl:avpair_get ssid %{Colubris-AVPair[*]}}
(0) --> XXXXX
(0) X-Wireless-SSID := "XXXXX"
(0) } # update request = noop
(0) } # if (&Colubris-AVPair) = noop
(0) ... skipping elsif for request 0: Preceding "if" was taken
(0) } # policy extract_ssid = noop
(0) IPASS: Checking for prefix before "/"
(0) IPASS: No '/' in User-Name = "MYREALM\myuser", skipping NULL due to config.
(0) [IPASS] = noop
(0) suffix: Checking for suffix after "@"
(0) suffix: No '@' in User-Name = "MYREALM\myuser", skipping NULL due to config.
(0) [suffix] = noop
(0) realmpercent: Checking for suffix after "%"
(0) realmpercent: No '%' in User-Name = "MYREALM\myuser", skipping NULL due to config.
(0) [realmpercent] = noop
(0) ntdomain: Checking for prefix before "\"
(0) ntdomain: Looking up realm "MYREALM" for User-Name = "MYREALM\myuser"
(0) ntdomain: Found realm "MYREALM"
(0) ntdomain: Adding Stripped-User-Name = "myuser"
(0) ntdomain: Adding Realm = "MYREALM"
(0) ntdomain: Accounting realm is LOCAL
(0) [ntdomain] = ok
(0) policy acct_unique {
(0) if ("%{string:Class}" =~ /ai:([0-9a-f]{32})/i) { [281/1938]
(0) EXPAND %{string:Class}
(0) --> vlanti
(0) if ("%{string:Class}" =~ /ai:([0-9a-f]{32})/i) -> FALSE
(0) else {
(0) update request {
(0) EXPAND %{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%
{NAS-Port-ID},%{NAS-Port}}
(0) --> d6bb1922da4f3c87a3a3d1be59abffa1
(0) &Acct-Unique-Session-Id := "d6bb1922da4f3c87a3a3d1be59abffa1"
(0) } # update request = noop
(0) } # else = noop
(0) } # policy acct_unique = noop
(0) } # preacct = updated
(0) # Executing section accounting from file /etc/raddb/sites-enabled/default
(0) accounting {
(0) perl: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'MYREALM\myuser'
(0) perl: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> 'x.x.x.x'
(0) perl: $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '239'
(0) perl: $RAD_REQUEST{'Framed-IP-Address'} = &request:Framed-IP-Address -> 'x.x.x.x'
(0) perl: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1496'
(0) perl: $RAD_REQUEST{'Class'} = &request:Class -> 0x766c616e7469
(0) perl: $RAD_REQUEST{'Called-Station-Id'} = &request:Called-Station-Id -> 'B0-B1-B2-B3-B4-B5'
(0) perl: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> 'A0-A1-A2-A3-A4-A5'
(0) perl: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> 'XXXX'
(0) perl: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Wireless-802.11'
(0) perl: $RAD_REQUEST{'Acct-Status-Type'} = &request:Acct-Status-Type -> 'Interim-Update'
(0) perl: $RAD_REQUEST{'Acct-Delay-Time'} = &request:Acct-Delay-Time -> '0'
(0) perl: $RAD_REQUEST{'Acct-Input-Octets'} = &request:Acct-Input-Octets -> '3689'
(0) perl: $RAD_REQUEST{'Acct-Output-Octets'} = &request:Acct-Output-Octets -> '11448'
(0) perl: $RAD_REQUEST{'Acct-Session-Id'} = &request:Acct-Session-Id -> '467a0d79-00000108'
(0) perl: $RAD_REQUEST{'Acct-Session-Time'} = &request:Acct-Session-Time -> '60'
(0) perl: $RAD_REQUEST{'Acct-Input-Packets'} = &request:Acct-Input-Packets -> '25'
(0) perl: $RAD_REQUEST{'Acct-Output-Packets'} = &request:Acct-Output-Packets -> '94'
(0) perl: $RAD_REQUEST{'Acct-Multi-Session-Id'} = &request:Acct-Multi-Session-Id -> 'A0-A1-A2-A3-A4-A5-B0-B1-B2-B3-B4
B5-54-8C-5F-CE-00-06-8F-B6'
(0) perl: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'dic 13 2014 08:49:31 MST'
(0) perl: $RAD_REQUEST{'Colubris-AVPair'}[0] = &request:Colubris-AVPair -> 'ssid=XXXXX'
(0) perl: $RAD_REQUEST{'Colubris-AVPair'}[1] = &request:Colubris-AVPair -> 'incoming-vlan-id=10'
(0) perl: $RAD_REQUEST{'Colubris-AVPair'}[2] = &request:Colubris-AVPair -> 'vsc-unique-id=1'
(0) perl: $RAD_REQUEST{'Colubris-AVPair'}[3] = &request:Colubris-AVPair -> 'phytype=IEEE802dot11 '
(0) perl: $RAD_REQUEST{'Stripped-User-Name'} = &request:Stripped-User-Name -> 'myuser'
(0) perl: $RAD_REQUEST{'Realm'} = &request:Realm -> 'MYREALM'
(0) perl: $RAD_REQUEST{'Acct-Unique-Session-Id'} = &request:Acct-Unique-Session-Id -> 'd6bb1922da4f3c87a3a3d1be59abffa
1'
(0) perl: $RAD_REQUEST{'X-Wireless-SSID'} = &request:X-Wireless-SSID -> 'XXXXX'
(0) perl: $RAD_REQUEST{'Attr-26.8744.250'} = &request:Attr-26.8744.250 -> 0x00000000
(0) perl: $RAD_REQUEST{'Attr-26.8744.249'} = &request:Attr-26.8744.249 -> 0x00000000
.............
(0) perl: &request:Attr-26.8744.250 = $RAD_REQUEST{'Attr-26.8744.250'} -> ''
(0) perl: &request:Realm = $RAD_REQUEST{'Realm'} -> 'MYREALM'
(0) perl: &request:Acct-Input-Octets = $RAD_REQUEST{'Acct-Input-Octets'} -> '3689'
(0) perl: &request:Framed-IP-Address = $RAD_REQUEST{'Framed-IP-Address'} -> 'x.x.x.x'
(0) perl: &request:Stripped-User-Name = $RAD_REQUEST{'Stripped-User-Name'} -> 'myuser'
(0) perl: &request:Acct-Output-Octets = $RAD_REQUEST{'Acct-Output-Octets'} -> '11448'
(0) perl: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> 'A0-A1-A2-A3-A4-A5'
ERROR: (0) perl: Failed to create pair request:Event-Timestamp = dic 13 2014 08:49:31 MST
(0) perl: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'MYREALM\myuser'
(0) perl: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '239'
(0) perl: &request:X-Wireless-SSID = $RAD_REQUEST{'X-Wireless-SSID'} -> 'XXXXX'
(0) perl: &request:Acct-Multi-Session-Id = $RAD_REQUEST{'Acct-Multi-Session-Id'} -> 'A0-A1-A2-A3-A4-A5-B0-B1-B2-B3-B4-B5
-54-8C-5F-CE-00-06-8F-B6'
(0) perl: &request:Acct-Session-Time = $RAD_REQUEST{'Acct-Session-Time'} -> '60'
(0) perl: &request:Class = $RAD_REQUEST{'Class'} -> 'vlanti'
(0) perl: &request:Acct-Unique-Session-Id = $RAD_REQUEST{'Acct-Unique-Session-Id'} -> 'd6bb1922da4f3c87a3a3d1be59abffa1'
(0) perl: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> 'XXXX'
(0) perl: &request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'} -> 'B0-B1-B2-B3-B4-B5'
(0) perl: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Wireless-802.11'
(0) perl: &request:Acct-Input-Packets = $RAD_REQUEST{'Acct-Input-Packets'} -> '25'
(0) perl: &request:Acct-Output-Packets = $RAD_REQUEST{'Acct-Output-Packets'} -> '94'
(0) perl: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1496'
(0) perl: &request:Acct-Status-Type = $RAD_REQUEST{'Acct-Status-Type'} -> 'Interim-Update'
(0) perl: &request:Attr-26.8744.249 = $RAD_REQUEST{'Attr-26.8744.249'} -> ''
(0) perl: &request:Acct-Session-Id = $RAD_REQUEST{'Acct-Session-Id'} -> '467a0d79-00000108'
(0) perl: &request:Colubris-AVPair += $RAD_REQUEST{'Colubris-AVPair'} -> 'ssid=XXXXX'
(0) perl: &request:Colubris-AVPair += $RAD_REQUEST{'Colubris-AVPair'} -> 'incoming-vlan-id=10'
(0) perl: &request:Colubris-AVPair += $RAD_REQUEST{'Colubris-AVPair'} -> 'vsc-unique-id=1'
(0) perl: &request:Colubris-AVPair += $RAD_REQUEST{'Colubris-AVPair'} -> 'phytype=IEEE802dot11 '
(0) perl: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> 'x.x.x.x'
(0) perl: &request:Acct-Delay-Time = $RAD_REQUEST{'Acct-Delay-Time'} -> '0'
(0) [perl] = ok
(0) sql: EXPAND %{tolower:type.%{%{Acct-Status-Type}:-none}.query}
(0) sql: --> type.interim-update.query
(0) sql: Using query template 'query'
rlm_sql (sql): Reserved connection (0)
(0) sql: EXPAND %{%{Stripped-User-Name}:-%{%{User-Name}:-none}}
(0) sql: --> myuser
(0) sql: SQL-User-Name set to 'myuser'
(0) sql: EXPAND UPDATE radacct SET FramedIPAddress = NULLIF('%{Framed-IP-Address}', '')::inet, HostName = NULLIF('%{DHCP
-Hostname}', ''), AcctSessionTime = %{%{Acct-Session-Time}:-NULL}, AcctInterval = (%{integer:Event-Timestamp} - EXTRACT(
EPOCH FROM (COALESCE(AcctUpdateTime, AcctStartTime)))), AcctUpdateTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), AcctI
nputOctets = (('%{%{Acct-Input-Gigawords}:-0}'::bigint << 32) + '%{%{Acct-Input-Octets}:-0}'::bigint) - AcctStartInputOc
tets, AcctOutputOctets = (('%{%{Acct-Output-Gigawords}:-0}'::bigint << 32) + '%{%{Acct-Output-Octets}:-0}'::bigint) - Ac
ctStartOutputOctets, AcctInputPackets = '%{%{Acct-Input-Packets}:-0}'::integer - AcctStartInputPackets, AcctOutputPacket
s = '%{%{Acct-Output-Packets}:-0}'::integer - AcctStartOutputPackets WHERE (AcctUniqueId = '%{Acct-Unique-Session-Id}')
AND AcctStopTime IS NULL
(0) sql: --> UPDATE radacct SET FramedIPAddress = NULLIF('x.x.x.x', '')::inet, HostName = NULLIF('', ''), AcctSes
sionTime = 60, AcctInterval = (1418485771 - EXTRACT(EPOCH FROM (COALESCE(AcctUpdateTime, AcctStartTime)))), AcctUpdateTi
me = TO_TIMESTAMP(1418485771), AcctInputOctets = (('0'::bigint << 32) + '3689'::bigint) - AcctStartInputOctets, AcctOutp
utOctets = (('0'::bigint << 32) + '11448'::bigint) - AcctStartOutputOctets, AcctInputPackets = '25'::integer - AcctStart
InputPackets, AcctOutputPackets = '94'::integer - AcctStartOutputPackets WHERE (AcctUniqueId = 'd6bb1922da4f3c87a3a3d1be
59abffa1') AND AcctStopTime IS NULL
rlm_sql (sql): Executing query: 'UPDATE radacct SET FramedIPAddress = NULLIF('x.x.x.x', '')::inet, HostName = NULLIF
('', ''), AcctSessionTime = 60, AcctInterval = (1418485771 - EXTRACT(EPOCH FROM (COALESCE(AcctUpdateTime, AcctStartTime)
))), AcctUpdateTime = TO_TIMESTAMP(1418485771), AcctInputOctets = (('0'::bigint << 32) + '3689'::bigint) - AcctStartInpu
tOctets, AcctOutputOctets = (('0'::bigint << 32) + '11448'::bigint) - AcctStartOutputOctets, AcctInputPackets = '25'::in
teger - AcctStartInputPackets, AcctOutputPackets = '94'::integer - AcctStartOutputPackets WHERE (AcctUniqueId = 'd6bb192
2da4f3c87a3a3d1be59abffa1') AND AcctStopTime IS NULL'
rlm_sql_postgresql: Status: PGRES_COMMAND_OK
rlm_sql_postgresql: query affected rows = 1
rlm_sql (sql): Released connection (0)
rlm_sql (sql): Closing connection (1), from 2 unused connections
rlm_sql_postgresql: Socket destructor called, closing socket
(0) [sql] = ok
(0) } # accounting = ok
(0) Sent Accounting-Response Id 46 from x.x.x.x:1813 to x.x.x.x:32768 length 20
(0) Finished request
Waking up in 0.2 seconds.
(0) <done>: Cleaning up request packet ID 46 with timestamp +42
Ready to process requests
(1) Received Accounting-Request Id 10 from x.x.x.x:32768 to x.x.x.x:1813 length 352
(1) Acct-Multi-Session-Id = 'A0-A1-A2-A3-A4-A5-B0-B1-B2-B3-B4-B5-54-8C-5F-CE-00-06-8F-B6'
(1) Acct-Session-Id = '467a0d79-00000108'
(1) NAS-Port = 239
(1) NAS-Port-Type = Wireless-802.11
(1) NAS-Identifier = 'XXXX'
(1) NAS-IP-Address = x.x.x.x
(1) Framed-MTU = 1496
(1) Framed-IP-Address = x.x.x.x
(1) User-Name = 'MYREALM\myuser'
(1) Calling-Station-Id = 'A0-A1-A2-A3-A4-A5'
(1) Called-Station-Id = 'B0-B1-B2-B3-B4-B5'
(1) Class = 0x766c616e7469
(1) Acct-Status-Type = Interim-Update
(1) Acct-Session-Time = 120
(1) Acct-Input-Packets = 25
(1) Acct-Output-Packets = 101
(1) Acct-Input-Octets = 3689
(1) Acct-Output-Octets = 12042
(1) Acct-Delay-Time = 0
(1) Colubris-AVPair = 'ssid=XXXXX'
(1) Colubris-AVPair = 'incoming-vlan-id=10'
(1) Colubris-AVPair = 'vsc-unique-id=1'
(1) Colubris-AVPair = 'phytype=IEEE802dot11 '
(1) Attr-26.8744.250 = 0x00000000
(1) Attr-26.8744.249 = 0x00000000
(1) # Executing section preacct from file /etc/raddb/sites-enabled/default
(1) preacct {
(1) [preprocess] = ok
(1) policy rewrite_calling_station_id {
(1) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2
})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
(1) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2
})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) -> TRUE
(1) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2
})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
(1) update request {
(1) EXPAND %{toupper:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}}
(1) --> A0-A1-A2-A3-A4-A5
(1) &Calling-Station-Id := "A0-A1-A2-A3-A4-A5"
(1) } # update request = noop
(1) [updated] = updated
(1) } # if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-
f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) = updated
(1) ... skipping else for request 1: Preceding "if" was taken
(1) } # policy rewrite_calling_station_id = updated
(1) policy rewrite_called_station_id {
(1) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})
[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i)) {
(1) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})
[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i)) -> TRUE
(1) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})
[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i)) {
(1) update request {
(1) EXPAND %{toupper:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}}
(1) --> B0-B1-B2-B3-B4-B5
(1) &Called-Station-Id := "B0-B1-B2-B3-B4-B5"
(1) } # update request = noop
(1) if ("%{8}") {
(1) EXPAND %{8}
(1) -->
(1) if ("%{8}") -> FALSE
(1) [updated] = updated
(1) } # if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]
{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i)) = updated
(1) ... skipping else for request 1: Preceding "if" was taken
(1) } # policy rewrite_called_station_id = updated
(1) policy extract_ssid {
(1) if (&Colubris-AVPair) {
(1) if (&Colubris-AVPair) -> TRUE
(1) if (&Colubris-AVPair) {
(1) update request {
(1) Len is 6 , out is XXXXX freespace is 2048
(1) EXPAND %{perl:avpair_get ssid %{Colubris-AVPair[*]}}
(1) --> XXXXX
(1) X-Wireless-SSID := "XXXXX"
(1) } # update request = noop
(1) } # if (&Colubris-AVPair) = noop
(1) ... skipping elsif for request 1: Preceding "if" was taken
(1) } # policy extract_ssid = noop
(1) IPASS: Checking for prefix before "/"
(1) IPASS: No '/' in User-Name = "MYREALM\myuser", skipping NULL due to config.
(1) [IPASS] = noop
(1) suffix: Checking for suffix after "@"
(1) suffix: No '@' in User-Name = "MYREALM\myuser", skipping NULL due to config.
(1) [suffix] = noop
(1) realmpercent: Checking for suffix after "%"
(1) realmpercent: No '%' in User-Name = "MYREALM\myuser", skipping NULL due to config.
(1) [realmpercent] = noop
(1) ntdomain: Checking for prefix before "\"
(1) ntdomain: Looking up realm "MYREALM" for User-Name = "MYREALM\myuser"
(1) ntdomain: Found realm "MYREALM"
(1) ntdomain: Adding Stripped-User-Name = "myuser"
(1) ntdomain: Adding Realm = "MYREALM"
(1) ntdomain: Accounting realm is LOCAL
(1) [ntdomain] = ok
(1) policy acct_unique {
(1) if ("%{string:Class}" =~ /ai:([0-9a-f]{32})/i) {
(1) EXPAND %{string:Class}
(1) --> vlanti
(1) if ("%{string:Class}" =~ /ai:([0-9a-f]{32})/i) -> FALSE
(1) else {
(1) update request {
(1) EXPAND %{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%
{NAS-Port-ID},%{NAS-Port}}
(1) --> d6bb1922da4f3c87a3a3d1be59abffa1
(1) &Acct-Unique-Session-Id := "d6bb1922da4f3c87a3a3d1be59abffa1"
(1) } # update request = noop
(1) } # else = noop
(1) } # policy acct_unique = noop
(1) } # preacct = updated
(1) # Executing section accounting from file /etc/raddb/sites-enabled/default
(1) accounting {
(1) perl: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'MYREALM\myuser'
(1) perl: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> 'x.x.x.x'
(1) perl: $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '239'
(1) perl: $RAD_REQUEST{'Framed-IP-Address'} = &request:Framed-IP-Address -> 'x.x.x.x'
(1) perl: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1496'
(1) perl: $RAD_REQUEST{'Class'} = &request:Class -> 0x766c616e7469
(1) perl: $RAD_REQUEST{'Called-Station-Id'} = &request:Called-Station-Id -> 'B0-B1-B2-B3-B4-B5'
(1) perl: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> 'A0-A1-A2-A3-A4-A5'
(1) perl: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> 'XXXX'
(1) perl: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Wireless-802.11'
(1) perl: $RAD_REQUEST{'Acct-Status-Type'} = &request:Acct-Status-Type -> 'Interim-Update'
(1) perl: $RAD_REQUEST{'Acct-Delay-Time'} = &request:Acct-Delay-Time -> '0'
(1) perl: $RAD_REQUEST{'Acct-Input-Octets'} = &request:Acct-Input-Octets -> '3689'
(1) perl: $RAD_REQUEST{'Acct-Output-Octets'} = &request:Acct-Output-Octets -> '12042'
(1) perl: $RAD_REQUEST{'Acct-Session-Id'} = &request:Acct-Session-Id -> '467a0d79-00000108'
(1) perl: $RAD_REQUEST{'Acct-Session-Time'} = &request:Acct-Session-Time -> '120'
(1) perl: $RAD_REQUEST{'Acct-Input-Packets'} = &request:Acct-Input-Packets -> '25'
(1) perl: $RAD_REQUEST{'Acct-Output-Packets'} = &request:Acct-Output-Packets -> '101'
(1) perl: $RAD_REQUEST{'Acct-Multi-Session-Id'} = &request:Acct-Multi-Session-Id -> 'A0-A1-A2-A3-A4-A5-B0-B1-B2-B3-B4-
B5-54-8C-5F-CE-00-06-8F-B6'
(1) perl: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'dic 13 2014 08:50:31 MST'
(1) perl: $RAD_REQUEST{'Colubris-AVPair'}[0] = &request:Colubris-AVPair -> 'ssid=XXXXX'
(1) perl: $RAD_REQUEST{'Colubris-AVPair'}[1] = &request:Colubris-AVPair -> 'incoming-vlan-id=10'
(1) perl: $RAD_REQUEST{'Colubris-AVPair'}[2] = &request:Colubris-AVPair -> 'vsc-unique-id=1'
(1) perl: $RAD_REQUEST{'Colubris-AVPair'}[3] = &request:Colubris-AVPair -> 'phytype=IEEE802dot11 '
(1) perl: $RAD_REQUEST{'Stripped-User-Name'} = &request:Stripped-User-Name -> 'myuser'
(1) perl: $RAD_REQUEST{'Realm'} = &request:Realm -> 'MYREALM'
(1) perl: $RAD_REQUEST{'Acct-Unique-Session-Id'} = &request:Acct-Unique-Session-Id -> 'd6bb1922da4f3c87a3a3d1be59abffa
1'
(1) perl: $RAD_REQUEST{'X-Wireless-SSID'} = &request:X-Wireless-SSID -> 'XXXXX'
(1) perl: $RAD_REQUEST{'Attr-26.8744.249'} = &request:Attr-26.8744.249 -> 0x00000000
(1) perl: $RAD_REQUEST{'Attr-26.8744.250'} = &request:Attr-26.8744.250 -> 0x00000000
.............
(1) perl: &request:Attr-26.8744.250 = $RAD_REQUEST{'Attr-26.8744.250'} -> ''
(1) perl: &request:Realm = $RAD_REQUEST{'Realm'} -> 'MYREALM'
(1) perl: &request:Acct-Input-Octets = $RAD_REQUEST{'Acct-Input-Octets'} -> '3689'
(1) perl: &request:Framed-IP-Address = $RAD_REQUEST{'Framed-IP-Address'} -> 'x.x.x.x'
(1) perl: &request:Stripped-User-Name = $RAD_REQUEST{'Stripped-User-Name'} -> 'myuser'
(1) perl: &request:Acct-Output-Octets = $RAD_REQUEST{'Acct-Output-Octets'} -> '12042'
(1) perl: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> 'A0-A1-A2-A3-A4-A5'
ERROR: (1) perl: Failed to create pair request:Event-Timestamp = dic 13 2014 08:50:31 MST
(1) perl: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'MYREALM\myuser'
(1) perl: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '239'
(1) perl: &request:X-Wireless-SSID = $RAD_REQUEST{'X-Wireless-SSID'} -> 'XXXXX'
(1) perl: &request:Acct-Multi-Session-Id = $RAD_REQUEST{'Acct-Multi-Session-Id'} -> 'A0-A1-A2-A3-A4-A5-B0-B1-B2-B3-B4-B5
-54-8C-5F-CE-00-06-8F-B6'
(1) perl: &request:Acct-Session-Time = $RAD_REQUEST{'Acct-Session-Time'} -> '120'
(1) perl: &request:Class = $RAD_REQUEST{'Class'} -> 'vlanti'
(1) perl: &request:Acct-Unique-Session-Id = $RAD_REQUEST{'Acct-Unique-Session-Id'} -> 'd6bb1922da4f3c87a3a3d1be59abffa1'
(1) perl: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> 'XXXX'
(1) perl: &request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'} -> 'B0-B1-B2-B3-B4-'
(1) perl: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Wireless-802.11'
(1) perl: &request:Acct-Input-Packets = $RAD_REQUEST{'Acct-Input-Packets'} -> '25'
(1) perl: &request:Acct-Output-Packets = $RAD_REQUEST{'Acct-Output-Packets'} -> '101'
(1) perl: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1496'
(1) perl: &request:Acct-Status-Type = $RAD_REQUEST{'Acct-Status-Type'} -> 'Interim-Update'
(1) perl: &request:Attr-26.8744.249 = $RAD_REQUEST{'Attr-26.8744.249'} -> ''
(1) perl: &request:Acct-Session-Id = $RAD_REQUEST{'Acct-Session-Id'} -> '467a0d79-00000108'
(1) perl: &request:Colubris-AVPair += $RAD_REQUEST{'Colubris-AVPair'} -> 'ssid=XXXXX'
(1) perl: &request:Colubris-AVPair += $RAD_REQUEST{'Colubris-AVPair'} -> 'incoming-vlan-id=10'
(1) perl: &request:Colubris-AVPair += $RAD_REQUEST{'Colubris-AVPair'} -> 'vsc-unique-id=1'
(1) perl: &request:Colubris-AVPair += $RAD_REQUEST{'Colubris-AVPair'} -> 'phytype=IEEE802dot11 '
(1) perl: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> 'x.x.x.x'
(1) perl: &request:Acct-Delay-Time = $RAD_REQUEST{'Acct-Delay-Time'} -> '0'
(1) [perl] = ok
(1) sql: EXPAND %{tolower:type.%{%{Acct-Status-Type}:-none}.query}
(1) sql: --> type.interim-update.query
(1) sql: Using query template 'query'
rlm_sql (sql): Reserved connection (0)
(1) sql: EXPAND %{%{Stripped-User-Name}:-%{%{User-Name}:-none}}
(1) sql: --> myuser
(1) sql: SQL-User-Name set to 'myuser'
(1) sql: EXPAND UPDATE radacct SET FramedIPAddress = NULLIF('%{Framed-IP-Address}', '')::inet, HostName = NULLIF('%{DHCP
-Hostname}', ''), AcctSessionTime = %{%{Acct-Session-Time}:-NULL}, AcctInterval = (%{integer:Event-Timestamp} - EXTRACT(
EPOCH FROM (COALESCE(AcctUpdateTime, AcctStartTime)))), AcctUpdateTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), AcctI
nputOctets = (('%{%{Acct-Input-Gigawords}:-0}'::bigint << 32) + '%{%{Acct-Input-Octets}:-0}'::bigint) - AcctStartInputOc
tets, AcctOutputOctets = (('%{%{Acct-Output-Gigawords}:-0}'::bigint << 32) + '%{%{Acct-Output-Octets}:-0}'::bigint) - Ac
ctStartOutputOctets, AcctInputPackets = '%{%{Acct-Input-Packets}:-0}'::integer - AcctStartInputPackets, AcctOutputPacket
s = '%{%{Acct-Output-Packets}:-0}'::integer - AcctStartOutputPackets WHERE (AcctUniqueId = '%{Acct-Unique-Session-Id}')
AND AcctStopTime IS NULL
(1) sql: --> UPDATE radacct SET FramedIPAddress = NULLIF('x.x.x.x', '')::inet, HostName = NULLIF('', ''), AcctSes
sionTime = 120, AcctInterval = (1418485831 - EXTRACT(EPOCH FROM (COALESCE(AcctUpdateTime, AcctStartTime)))), AcctUpdateT
ime = TO_TIMESTAMP(1418485831), AcctInputOctets = (('0'::bigint << 32) + '3689'::bigint) - AcctStartInputOctets, AcctOut
putOctets = (('0'::bigint << 32) + '12042'::bigint) - AcctStartOutputOctets, AcctInputPackets = '25'::integer - AcctStar
tInputPackets, AcctOutputPackets = '101'::integer - AcctStartOutputPackets WHERE (AcctUniqueId = 'd6bb1922da4f3c87a3a3d1
be59abffa1') AND AcctStopTime IS NULL
rlm_sql (sql): Executing query: 'UPDATE radacct SET FramedIPAddress = NULLIF('x.x.x.x', '')::inet, HostName = NULLIF
('', ''), AcctSessionTime = 120, AcctInterval = (1418485831 - EXTRACT(EPOCH FROM (COALESCE(AcctUpdateTime, AcctStartTime
)))), AcctUpdateTime = TO_TIMESTAMP(1418485831), AcctInputOctets = (('0'::bigint << 32) + '3689'::bigint) - AcctStartInp
utOctets, AcctOutputOctets = (('0'::bigint << 32) + '12042'::bigint) - AcctStartOutputOctets, AcctInputPackets = '25'::i
nteger - AcctStartInputPackets, AcctOutputPackets = '101'::integer - AcctStartOutputPackets WHERE (AcctUniqueId = 'd6bb1
922da4f3c87a3a3d1be59abffa1') AND AcctStopTime IS NULL'
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff0d88d30 in sql_query (handle=0x3b, config=0x9311e0,
query=0x11b87c0 "UPDATE radacct SET FramedIPAddress = NULLIF('x.x.x.x', '')::inet, HostName = NULLIF('', ''), Ac
ctSessionTime = 300, AcctInterval = (1418490416 - EXTRACT(EPOCH FROM (COALESCE(AcctUpdateTime, AcctSt"...)
at src/modules/rlm_sql/drivers/rlm_sql_postgresql/rlm_sql_postgresql.c:271
warning: Source file is more recent than executable.
271 rlm_sql_postgres_conn_t *conn = handle->conn;
(gdb) p *handle
Cannot access memory at address 0x3b
(gdb) bt
#0 0x00007ffff0d88d30 in sql_query (handle=0x3b, config=0x9311e0,
query=0x11b87c0 "UPDATE radacct SET FramedIPAddress = NULLIF('x.x.x.x', '')::inet, HostName = NULLIF('', ''), Ac
ctSessionTime = 300, AcctInterval = (1418490416 - EXTRACT(EPOCH FROM (COALESCE(AcctUpdateTime, AcctSt"...)
at src/modules/rlm_sql/drivers/rlm_sql_postgresql/rlm_sql_postgresql.c:271
#1 0x00007ffff0f94d67 in rlm_sql_query (handle=0x7fffffffd1a8, inst=0x9311e0,
query=0x11b87c0 "UPDATE radacct SET FramedIPAddress = NULLIF('x.x.x.x', '')::inet, HostName = NULLIF('', ''), Ac
ctSessionTime = 300, AcctInterval = (1418490416 - EXTRACT(EPOCH FROM (COALESCE(AcctUpdateTime, AcctSt"...)
at src/modules/rlm_sql/sql.c:339
#2 0x00007ffff0f93895 in acct_redundant (inst=0x9311e0, request=0x108a9a0, section=0x9312c8)
at src/modules/rlm_sql/rlm_sql.c:1367
#3 0x00007ffff0f93b2b in mod_accounting (instance=0x9311e0, request=0x108a9a0) at src/modules/rlm_sql/rlm_sql.c:1428
#4 0x0000000000426c9e in call_modsingle (component=RLM_COMPONENT_ACCT, sp=0xfed550, request=0x108a9a0)
at src/main/modcall.c:311
#5 0x000000000042733b in modcall_recurse (request=0x108a9a0, component=RLM_COMPONENT_ACCT, depth=1,
entry=0x7fffffffd958) at src/main/modcall.c:588
#6 0x0000000000426e59 in modcall_child (request=0x108a9a0, component=RLM_COMPONENT_ACCT, depth=1,
entry=0x7fffffffd940, c=0xfed490, result=0x7fffffffd6b8) at src/main/modcall.c:414
#7 0x0000000000427bb2 in modcall_recurse (request=0x108a9a0, component=RLM_COMPONENT_ACCT, depth=0,
entry=0x7fffffffd940) at src/main/modcall.c:793
#8 0x00000000004287ca in modcall (component=RLM_COMPONENT_ACCT, c=0xfed390, request=0x108a9a0)
at src/main/modcall.c:1134
#9 0x000000000042449f in indexed_modcall (comp=RLM_COMPONENT_ACCT, idx=0, request=0x108a9a0) at src/main/modules.c:895
#10 0x000000000042664f in process_accounting (acct_type=0, request=0x108a9a0) at src/main/modules.c:1951
#11 0x000000000040e134 in rad_accounting (request=0x108a9a0) at src/main/acct.c:93
#12 0x000000000043a017 in request_running (request=0x108a9a0, action=1) at src/main/process.c:1582
#13 0x0000000000439156 in request_queue_or_run (request=0x108a9a0, process=0x439f33 <request_running>)
at src/main/process.c:1085
#14 0x000000000043a7a3 in request_receive (listener=0x1015780, packet=0x108ae40, client=0x8e0b90,
fun=0x40e04b <rad_accounting>) at src/main/process.c:1807
#15 0x0000000000417383 in acct_socket_recv (listener=0x1015780) at src/main/listen.c:1595
#16 0x0000000000440655 in event_socket_handler (xel=0x8e5cc0, fd=15, ctx=0x1015780) at src/main/process.c:4270
#17 0x00007ffff79950ee in fr_event_loop (el=0x8e5cc0) at src/lib/event.c:618
#18 0x0000000000441fd0 in radius_event_process () at src/main/process.c:5180
#19 0x000000000042e506 in main (argc=2, argv=0x7fffffffe238) at src/main/radiusd.c:574
(gdb) up
#1 0x00007ffff0f94d67 in rlm_sql_query (handle=0x7fffffffd1a8, inst=0x9311e0,
query=0x11b87c0 "UPDATE radacct SET FramedIPAddress = NULLIF('x.x.x.x', '')::inet, HostName = NULLIF('', ''), Ac
ctSessionTime = 300, AcctInterval = (1418490416 - EXTRACT(EPOCH FROM (COALESCE(AcctUpdateTime, AcctSt"...)
at src/modules/rlm_sql/sql.c:339
warning: Source file is more recent than executable.
339 ret = (inst->module->sql_query)(*handle, inst->config, query);
(gdb) up
#2 0x00007ffff0f93895 in acct_redundant (inst=0x9311e0, request=0x108a9a0, section=0x9312c8)
at src/modules/rlm_sql/rlm_sql.c:1367
warning: Source file is more recent than executable.
1367 sql_ret = rlm_sql_query(&handle, inst, expanded);
(gdb) p handle
$1 = (rlm_sql_handle_t *) 0x3b
(gdb)Execution with breakpoint set on next request before call to fr_connection_get_internal() after rlm_sql (sql): Closing connection (1), from 2 unused connections message. Note the invalid pointers in heap element
GNU gdb (Gentoo 7.7.1 p1) 7.7.1
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://bugs.gentoo.org/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from radiusd...Reading symbols from /usr/lib64/debug//usr/sbin/radiusd.debug...done.
done.
(gdb) run -X
Starting program: /usr/sbin/radiusd -X
warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
radiusd: FreeRADIUS Version 3.1.0 (git #ff4574f), for host x86_64-pc-linux-gnu, built on Dec 13 2014 at 08:47:31
Copyright (C) 1999-2014 The FreeRADIUS server project and contributors
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License
For more information about these matters, see the file named COPYRIGHT
Starting - reading configuration files ...
including dictionary file /usr/share/freeradius/dictionary
including dictionary file /usr/share/freeradius/dictionary.dhcp
including dictionary file /usr/share/freeradius/dictionary.vqp
including dictionary file /etc/raddb/dictionary
....
Listening on command file /run/radiusd/radiusd.sock
Listening on auth address * port 1812 as server default
Listening on acct address * port 1813 as server default
Listening on auth address :: port 1812 as server default
Listening on acct address :: port 1813 as server default
Listening on auth address 127.0.0.1 port 18120 as server inner-tunnel
Opening new proxy socket 'proxy address * port 1814'
Listening on proxy address * port 1814
Ready to process requests
(0) Received Accounting-Request Id 21 from x.x.x.x:32768 to x.x.x.x:1813 length 352
(0) Acct-Multi-Session-Id = 'A0-A1-A2-A3-A4-A5-B0-B1-B2-B3-B4-B5-54-8C-7C-9D-00-01-64-CD'
(0) Acct-Session-Id = '467a0d79-0000010f'
(0) NAS-Port = 246
(0) NAS-Port-Type = Wireless-802.11
(0) NAS-Identifier = 'XXXX'
(0) NAS-IP-Address = x.x.x.x
....
nteger - AcctStartInputPackets, AcctOutputPackets = '109'::integer - AcctStartOutputPackets WHERE (AcctUniqueId = '00cf3
8f9be44e6eead27ffbbdf45db74') AND AcctStopTime IS NULL'
rlm_sql_postgresql: Status: PGRES_COMMAND_OK
rlm_sql_postgresql: query affected rows = 1
rlm_sql (sql): Released connection (0)
rlm_sql (sql): Closing connection (1), from 2 unused connections
rlm_sql_postgresql: Socket destructor called, closing socket
(0) [sql] = ok
(0) } # accounting = ok
(0) Sent Accounting-Response Id 21 from x.x.x.x:1813 to x.x.x.x:32768 length 20
(0) Finished request
Waking up in 0.2 seconds.
(0) <done>: Cleaning up request packet ID 21 with timestamp +41
Ready to process requests
^C
Program received signal SIGINT, Interrupt.
0x00007ffff65a9353 in select () from /lib64/libc.so.6
(gdb) break fr_connection_get_internal
Breakpoint 1 at 0x433e5f: file src/main/connection.c, line 1122.
(gdb) c
Continuing.
(1) Received Accounting-Request Id 61 from x.x.x.x:32768 to x.x.x.x:1813 length 352
(1) Acct-Multi-Session-Id = 'A0-A1-A2-A3-A4-A5-B0-B1-B2-B3-B4-B5-54-8C-7C-9D-00-01-64-CD'
(1) Acct-Session-Id = '467a0d79-0000010f'
(1) NAS-Port = 246
(1) NAS-Port-Type = Wireless-802.11
(1) NAS-Identifier = 'XXXX'
(1) NAS-IP-Address = x.x.x.x
....
(1) perl: &request:Framed-IP-Address = $RAD_REQUEST{'Framed-IP-Address'} -> 'x.x.x.x'
(1) perl: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> 'x.x.x.x'
(1) perl: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '246'
(1) perl: &request:Attr-26.8744.250 = $RAD_REQUEST{'Attr-26.8744.250'} -> ''
(1) [perl] = ok
(1) sql: EXPAND %{tolower:type.%{%{Acct-Status-Type}:-none}.query}
(1) sql: --> type.interim-update.query
(1) sql: Using query template 'query'
Breakpoint 1, fr_connection_get_internal (pool=0x934650, spawn=1) at src/main/connection.c:1122
warning: Source file is more recent than executable.
1122 if (!pool) return NULL;
(gdb) n
1124 pthread_mutex_lock(&pool->mutex);
(gdb)
1126 now = time(NULL);
(gdb)
1134 this = fr_heap_peek(pool->heap);
(gdb)
1135 if (!this) break;
(gdb) p this
$1 = (fr_connection_t *) 0xf962b0
(gdb) p *this
$2 = {prev = 0x6a49f0, next = 0x10a0dd0, created = 12, last_reserved = {tv_sec = 0, tv_usec = 3}, last_released = {
tv_sec = 16877776, tv_usec = 0}, num_uses = 0, number = 0, connection = 0x3b, in_use = 192, heap = 0}
(gdb) p *pool->heap
$3 = {size = 2048, num_elements = 6, offset = 84, cmp = 0x433309 <last_reserved_cmp>, p = 0xf7f840}
(gdb) p *(fr_connection_t*)pool->heap->p[0]
$4 = {prev = 0x6a49f0, next = 0x10a0dd0, created = 12, last_reserved = {tv_sec = 0, tv_usec = 3}, last_released = {
tv_sec = 16877776, tv_usec = 0}, num_uses = 0, number = 0, connection = 0x3b, in_use = 192, heap = 0}
(gdb) p *(fr_connection_t*)pool->heap->p[1]
$5 = {prev = 0xfb1450, next = 0xf9f440, created = 1418493224, last_reserved = {tv_sec = 1418493224, tv_usec = 991653},
last_released = {tv_sec = 1418493224, tv_usec = 991653}, num_uses = 0, number = 3, connection = 0xf9fa20,
in_use = false, heap = 1}
(gdb) p *(fr_connection_t*)pool->heap->p[2]
$6 = {prev = 0xfa8420, next = 0xf8d340, created = 1418493224, last_reserved = {tv_sec = 1418493224, tv_usec = 990241},
last_released = {tv_sec = 1418493224, tv_usec = 990241}, num_uses = 0, number = 2, connection = 0xf96a40,
in_use = false, heap = 2}
(gdb) p *(fr_connection_t*)pool->heap->p[3]
$7 = {prev = 0x0, next = 0xfb1450, created = 1418493224, last_reserved = {tv_sec = 1418493224, tv_usec = 994691},
last_released = {tv_sec = 1418493224, tv_usec = 994691}, num_uses = 0, number = 5, connection = 0xfb1a50,
in_use = false, heap = 3}
(gdb) p *(fr_connection_t*)pool->heap->p[4]
$8 = {prev = 0xfba450, next = 0xfa8420, created = 1418493224, last_reserved = {tv_sec = 1418493224, tv_usec = 993224},
last_released = {tv_sec = 1418493224, tv_usec = 993224}, num_uses = 0, number = 4, connection = 0xfa8a50,
in_use = false, heap = 4}
(gdb) p *(fr_connection_t*)pool->heap->p[5]
$9 = {prev = 0xf9f440, next = 0x0, created = 1418493224, last_reserved = {tv_sec = 1418493266, tv_usec = 253806},
last_released = {tv_sec = 1418493266, tv_usec = 269853}, num_uses = 1, number = 0, connection = 0xf83c50,
in_use = false, heap = 5}
(gdb) c
Continuing.
rlm_sql (sql): Reserved connection (0)
(1) sql: EXPAND %{%{Stripped-User-Name}:-%{%{User-Name}:-none}}
(1) sql: --> myuser
(1) sql: SQL-User-Name set to 'myuser'
(1) sql: EXPAND UPDATE radacct SET FramedIPAddress = NULLIF('%{Framed-IP-Address}', '')::inet, HostName = NULLIF('%{DHCP
-Hostname}', ''), AcctSessionTime = %{%{Acct-Session-Time}:-NULL}, AcctInterval = (%{integer:Event-Timestamp} - EXTRACT(
EPOCH FROM (COALESCE(AcctUpdateTime, AcctStartTime)))), AcctUpdateTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), AcctI
nputOctets = (('%{%{Acct-Input-Gigawords}:-0}'::bigint << 32) + '%{%{Acct-Input-Octets}:-0}'::bigint) - AcctStartInputOc
tets, AcctOutputOctets = (('%{%{Acct-Output-Gigawords}:-0}'::bigint << 32) + '%{%{Acct-Output-Octets}:-0}'::bigint) - Ac
ctStartOutputOctets, AcctInputPackets = '%{%{Acct-Input-Packets}:-0}'::integer - AcctStartInputPackets, AcctOutputPacket
s = '%{%{Acct-Output-Packets}:-0}'::integer - AcctStartOutputPackets WHERE (AcctUniqueId = '%{Acct-Unique-Session-Id}')
AND AcctStopTime IS NULL
(1) sql: --> UPDATE radacct SET FramedIPAddress = NULLIF('x.x.x.x', '')::inet, HostName = NULLIF('', ''), AcctSes
sionTime = 240, AcctInterval = (1418493326 - EXTRACT(EPOCH FROM (COALESCE(AcctUpdateTime, AcctStartTime)))), AcctUpdateT
ime = TO_TIMESTAMP(1418493326), AcctInputOctets = (('0'::bigint << 32) + '6518'::bigint) - AcctStartInputOctets, AcctOut
putOctets = (('0'::bigint << 32) + '13411'::bigint) - AcctStartOutputOctets, AcctInputPackets = '26'::integer - AcctStar
tInputPackets, AcctOutputPackets = '116'::integer - AcctStartOutputPackets WHERE (AcctUniqueId = '00cf38f9be44e6eead27ff
bbdf45db74') AND AcctStopTime IS NULL
rlm_sql (sql): Executing query: 'UPDATE radacct SET FramedIPAddress = NULLIF('x.x.x.x', '')::inet, HostName = NULLIF
('', ''), AcctSessionTime = 240, AcctInterval = (1418493326 - EXTRACT(EPOCH FROM (COALESCE(AcctUpdateTime, AcctStartTime
)))), AcctUpdateTime = TO_TIMESTAMP(1418493326), AcctInputOctets = (('0'::bigint << 32) + '6518'::bigint) - AcctStartInp
utOctets, AcctOutputOctets = (('0'::bigint << 32) + '13411'::bigint) - AcctStartOutputOctets, AcctInputPackets = '26'::i
nteger - AcctStartInputPackets, AcctOutputPackets = '116'::integer - AcctStartOutputPackets WHERE (AcctUniqueId = '00cf3
8f9be44e6eead27ffbbdf45db74') AND AcctStopTime IS NULL'
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff0d88d30 in sql_query (handle=0x3b, config=0x9311e0,
query=0x10752e0 "UPDATE radacct SET FramedIPAddress = NULLIF('x.x.x.x', '')::inet, HostName = NULLIF('', ''), Ac
ctSessionTime = 240, AcctInterval = (1418493326 - EXTRACT(EPOCH FROM (COALESCE(AcctUpdateTime, AcctSt"...)
at src/modules/rlm_sql/drivers/rlm_sql_postgresql/rlm_sql_postgresql.c:271
warning: Source file is more recent than executable.
271 rlm_sql_postgres_conn_t *conn = handle->conn;
(gdb)The problem is that rlm_sql reserves the previously freed connection kept in the heap on the last call to fr_connection_close() just after rlm_sql (sql): Closing connection (1), from 2 unused connections message (src/main/connection.c:1085) because fr_heap_extract is called only if the connection have its in_use flag true (src/main/connection.c:438), if not the connection is freed but the heap element with freed pointer is kept intact:
static void fr_connection_close(fr_connection_pool_t *pool,
fr_connection_t *this)
{
/*
* If it's in use, release it.
*/
if (this->in_use) {
#ifdef PTHREAD_DEBUG
pthread_t pthread_id = pthread_self();
rad_assert(pthread_equal(this->pthread_id, pthread_id) != 0);
#endif
fr_heap_extract(pool->heap, this);
this->in_use = false;
rad_assert(pool->active != 0);
pool->active--;
}
fr_connection_exec_trigger(pool, "close");
fr_connection_unlink(pool, this);
rad_assert(pool->num > 0);
pool->num--;
talloc_free(this);
}Yeah of course, pruning connections would be the other time it's not in use. Alright patch looks good.
crawler95
commented
9 years ago There is a problem with commit a0d36a8e7a408f3183d6b068160420a4fec33735
static void fr_connection_close(fr_connection_pool_t *pool,
fr_connection_t *this)
{
/*
* If it's in use, release it.
*/
if (this->in_use) {
#ifdef PTHREAD_DEBUG
pthread_t pthread_id = pthread_self();
rad_assert(pthread_equal(this->pthread_id, pthread_id) != 0);
#endif
this->in_use = false;
rad_assert(pool->active != 0);
pool->active--;
} else {
/*
* Connection isn't used, remove it from the heap.
*/
fr_heap_extract(pool->heap, this);
}
fr_connection_exec_trigger(pool, "close");
fr_connection_unlink(pool, this);
rad_assert(pool->num > 0);
pool->num--;
talloc_free(this);
}If the connection is in use it will be talloc_free()'d and kept with an invalid pointer in the heap (no fr_heap_extract())
alandekok
commented
9 years ago Connections which are in_use aren't in the heap. See the rest of the code.
Connections released by fr_connection_close() are kept in the heap if are not in use at the moment of release, so causes a SIGSEGV when another request try to use it when the next call to fr_connection_get_internal() gets an invalid pointer from fr_heap_peek()
src/main/connection.c (master branch)
When a new request grab a connection from the pool, it may get the freed one:
The fix that apparently worked for me was to call fr_heap_extract() even if the connection is not in use: