search

FreeRADIUS / mod_auth_radius

The FreeRADIUS Apache module for RADIUS authentication
36 stars 29 forks source link

Centos 7 - Error when ipv6 is enabled #38

Open ribellusmt opened 6 years ago

ribellusmt commented 6 years ago

Hello,

mod_auth_radius is not working when IPv6 is enabled.

PoC Interface

enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.2.15  netmask 255.255.255.0  broadcast 10.0.2.255
        inet6 fe80::a00:27ff:fef0:72b  prefixlen 64  scopeid 0x20<link>
        ether 08:00:27:f0:07:2b  txqueuelen 1000  (Ethernet)
        RX packets 12586  bytes 14295882 (13.6 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4866  bytes 351827 (343.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

A debug was added to the C script 

/* RADIUS utility functions */
static struct in_addr *ip_addr_get(apr_pool_t *p,
                                   const char *hostname)
{
        struct hostent *hp;

         char logmess[MAXLEN];
                snprintf(logmess,MAXLEN-1,"HOSTNAME 001: %s",hostname);

                openlog ("debugPOC", LOG_PID, LOG_LOCAL1);
                syslog (LOG_INFO, logmess);
                closelog ();

        if ((hp = gethostbyname(hostname)) != NULL) {
                struct in_addr *ipaddr = apr_pcalloc(p, sizeof(struct in_addr));
                *ipaddr = *(struct in_addr *)hp->h_addr; /* make a local copy */
                return ipaddr;

        }
        return NULL;
}

When you start the httpd server, a first access is done to the fonction:

Nov 17 16:13:37 debug-Centos7-vm debugPOC[10794]: HOSTNAME 001: 192.168.1.100
Nov 17 16:13:37 debug-Centos7-vm systemd: Started The Apache HTTP Server.

After accessing the webpage, enter user / password and clic Connect, the log is: Nov 17 16:13:53 debug-Centos7-vm debugPOC[10796]: HOSTNAME 001: fe80::a00:27ff:fef0:72b

The remote hostname is not the same that the one in the config file and changed for the IPv6 local of the first interface.

After disabling IPv6, all good:

echo 1 > /proc/sys/net/ipv6/conf/default/disable_ipv6
echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6
Nov 17 16:18:19 main-repo debugPOC[10861]: HOSTNAME 001: 192.168.1.100
Nov 17 16:18:19 main-repo systemd: Started The Apache HTTP Server.
Nov 17 16:18:31 main-repo debugPOC[10863]: HOSTNAME 001: 10.0.2.15

Thanks, Ribellusmt