[Bug 478973] [NEW] expiration functionality of FreeRADIUS 2.1.0 is broken

Mon Nov 9 08:23:23 UTC 2009

Public bug reported:

Binary package hint: freeradius

Ubuntu 9.04 and 9.10 currently use FreeRADIUS 2.1.0.  That version of
FreeRADIUS has broken "expiration" functionality.  The latest version
2.1.7 is not broken.  An example is below.  I discovered this in Ubuntu
9.10 Server Edition using package "freeradius 2.1.0+dfsg-0ubuntu7".
Then, on a different computer, I found it also in Ubuntu 9.04 Server
Edition.  Then, on a third computer, I built 2.1.0 and 2.1.7 from the
original upstream sources and found that 2.1.0 has the bug but not
2.1.7.  I am trying to setup a production FreeRADIUS server on Ubuntu
9.10 Server Edition and I need the "expiration" functionality.  I
request that the freeradius package be upgraded to a working version.

Example:

Add an entry like this to the "users" file:
jane Cleartext-Password := "enaj", Expiration := "4 May 2013"

2.1.0 does not work:

$ radiusd -X
FreeRADIUS Version 2.1.0, for host i686-pc-linux-gnu, built on Nov  8 2009 at 23:00:17
......
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 47402, id=152, length=56
	User-Name = "jane"
	User-Password = "enaj"
	NAS-IP-Address = 127.0.1.1
	NAS-Port = 0
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "jane", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] users: Matched entry jane at line 205
++[files] returns ok
[expiration] Checking Expiration time: '4 May 2013'
[expiration] Account has expired
	expand: Password Has Expired   -> Password Has Expired  
++[expiration] returns userlock
Using Post-Auth-Type Reject
+- entering group REJECT {...}
	expand: %{User-Name} -> jane
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 152 to 127.0.0.1 port 47402
	Reply-Message += "Password Has Expired\r\n"
Waking up in 4.9 seconds.
Cleaning up request 0 ID 152 with timestamp +4
Ready to process requests.

2.1.7 does work:

$ radiusd -X
FreeRADIUS Version 2.1.7, for host i686-pc-linux-gnu, built on Nov  8 2009 at 23:13:32
......
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 32833, id=40, length=56
	User-Name = "jane"
	User-Password = "enaj"
	NAS-IP-Address = 127.0.1.1
	NAS-Port = 0
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "jane", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] users: Matched entry jane at line 205
++[files] returns ok
[expiration] Checking Expiration time: '4 May 2013'
++[expiration] returns ok
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "enaj"
[pap] Using clear text password "enaj"
[pap] User authenticated successfully
++[pap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 40 to 127.0.0.1 port 32833
	Session-Timeout = 109896354
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 40 with timestamp +3
Ready to process requests.

$ date
Mon Nov  9 00:17:11 PST 2009

** Affects: freeradius (Ubuntu)
     Importance: Undecided
         Status: New

-- 
expiration functionality of FreeRADIUS 2.1.0 is broken
https://bugs.launchpad.net/bugs/478973
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs