Issues configuring SASL on Ubuntu 14 LTS
Carter Bullard
carter at qosient.com
Tue May 27 20:51:32 EDT 2014
Hey Jesse,
That path should be coming from ./configure. What does your ./configure say regarding SASL ?
./configure —with-sasl | fgrep -i sasl
Carter
On May 27, 2014, at 8:34 PM, Jesse Bowling <jessebowling at gmail.com> wrote:
> Things seem slightly better if I create /usr/lib64/sasl2 and place my conf file in that directory; similar results for 3.0.6.rc2 and 3.0.7.29 (which is the output below). That “SASL path C” seems wrong, but otherwise I’m at a loss...
>
> # cat /usr/lib64/sasl2/argus.conf
> pwcheck_method: auxprop
> mech_list: DIGEST-MD5
> auxprop_plugin: sasldb
>
> # /usr/local/sbin/argus -F /etc/argus.conf
> argus[49443.40e72e16bc7f0000]: 27 May 14 20:30:21.198487 ArgusParseResourceFile: ArgusMinSsf "40"
> argus[49443.40e72e16bc7f0000]: 27 May 14 20:30:21.199502 ArgusParseResourceFile: ArgusMaxSsf "128"
> argus[49443.40e72e16bc7f0000]: 27 May 14 20:30:21.200390 ArgusParseResourceFile (/etc/argus.conf) returning
> argus[49443.40e72e16bc7f0000]: 27 May 14 20:30:21.201356 setArgusInterfaceStatus(0x7fbc14d89010, 1)
> argus[49443.40e72e16bc7f0000]: 27 May 14 20:30:21.204437 ArgusEstablishListen(561, 0x7fff077ac260) binding: any:561 family: 2
> argus[49443.40e72e16bc7f0000]: 27 May 14 20:30:21.205060 ArgusEstablishListen(0x21a4010, 0x7fff077ac260) returning 3
> argus[49443.40e72e16bc7f0000]: 27 May 14 20:30:21.205673 SASL path C
> argus[49443.40e72e16bc7f0000]: 27 May 14 20:30:21.206251 ArgusInitOutput() done
> ArgusWarning: 27 May 14 20:30:21.206687 started
> argus[49443.40e72e16bc7f0000]: 27 May 14 20:30:21.207081 ArgusCloneSource(0x7fbc14d89010) returning 0x7fbc13f71010
> argus[49443.40e72e16bc7f0000]: 27 May 14 20:30:21.207490 clearArgusDevice(0x7fbc13f71010) returning
> argus[49443.00c7b714bc7f0000]: 27 May 14 20:30:21.211288 ArgusOutputProcess(0x21a4010) starting
> argus[49443.40e72e16bc7f0000]: 27 May 14 20:30:21.218983 ArgusOpenInterface() pcap_open_live(eth0) returned 0x21b2980
> argus[49443.40e72e16bc7f0000]: 27 May 14 20:30:21.219938 Arguslookup_pcap_callback(1) returning 0x40ed85
> argus[49443.40e72e16bc7f0000]: 27 May 14 20:30:21.220665 ArgusOpenInterface(0x7fbc13f71010, 'eth0') returning 1
> argus[49443.40e72e16bc7f0000]: 27 May 14 20:30:21.222724 ArgusInitModeler(0x7fbc1615b010) done
> argus[49443.40e72e16bc7f0000]: 27 May 14 20:30:21.223162 ArgusInitSource(0x7fbc13f71010) returning 1
> argus[49443.00f7ce13bc7f0000]: 27 May 14 20:30:21.223990 ArgusGetPackets (0x7fbc13f71010) starting
> argus[49443.00f7ce13bc7f0000]: 27 May 14 20:30:21.224771 setArgusInterfaceStatus(0x7fbc13f71010, 1)
> ArgusWarning: 27 May 14 20:30:21.225711 ArgusGetInterfaceStatus: interface eth0 is up
> argus[49443.00f7ce13bc7f0000]: 27 May 14 20:30:21.226600 ArgusGetPackets: interface eth0 is selectable
> argus[49443.00f7ce13bc7f0000]: 27 May 14 20:30:21.227073 setArgusInterfaceStatus(0x7fbc13f71010, 1)
> argus[49443.00c7b714bc7f0000]: 27 May 14 20:30:36.725849 ArgusCheckClientStatus() new client
> argus[49443.00c7b714bc7f0000]: 27 May 14 20:30:36.725928 ArgusNewSocket (6) returning 0x7fbc1611a010
> argus[49443.00c7b714bc7f0000]: 27 May 14 20:30:36.725950 ArgusCheckClientStatus: SASL enabled
> argus[49443.00c7b714bc7f0000]: 27 May 14 20:30:36.726419 ArgusCheckClientStatus: wrote 128 bytes to client
> argus[49443.00c7b714bc7f0000]: 27 May 14 20:30:36.726517 ArgusSendSaslString(0x40029a0, 0x4002740, 2) {}
> argus[49443.00c7b714bc7f0000]: 27 May 14 20:30:36.734609 ArgusGetSaslString(0x4002760, 0x14b79470, 512) N:
>
> argus[49443.00c7b714bc7f0000]: 27 May 14 20:30:36.734654 ArgusAuthenticateClient: Error ArgusGetSaslString returned -1
> argus[49443.00c7b714bc7f0000]: 27 May 14 20:30:36.734671 ArgusCheckClientStatus() returning
> argus[49443.00c7b714bc7f0000]: 27 May 14 20:30:42.144883 ArgusDeleteSocket (0x7fbc1611a010) returning
> ArgusWarning: 27 May 14 20:30:42.145921 ArgusCheckClientMessage: client noname never started: timed out
> On May 27, 2014, at 8:23 PM, Jesse Bowling <jessebowling at gmail.com> wrote:
>
>> Much different results using 3.0.6.rc2:
>>
>> # /usr/local/sbin/argus -F /etc/argus.conf
>> argus[49290]: looking for plugins in '/usr/lib64/sasl2', failed to open directory, error: No such file or directory
>> argus[49290]: 27 May 14 20:13:44.194462 started
>> argus[49290]: 27 May 14 20:13:44.199882 ArgusGetInterfaceStatus: interface eth0 is up
>> argus[49290]: 27 May 14 20:13:48.003224 ArgusAuthenticateClient: Error generating mechanism list
>>
>> Oddly, the libsasl2-2 package does not seem to include ‘/usr/lib64/sasl2’...I’m scouring the nets for instructions on generic SASL configuration on Ubuntu 14, but coming up short...Is this an issue on the Ubuntu/SASL side, or the argus side?
>>
>> # dpkg -L libsasl2-2
>> /.
>> /usr
>> /usr/lib
>> /usr/lib/sasl2
>> /usr/lib/x86_64-linux-gnu
>> /usr/lib/x86_64-linux-gnu/libsasl2.so.2.0.25
>> /usr/share
>> /usr/share/doc
>> /usr/share/doc/libsasl2-2
>> /usr/share/doc/libsasl2-2/README.configure-options
>> /usr/share/doc/libsasl2-2/README.Debian
>> /usr/share/doc/libsasl2-2/copyright
>> /usr/lib/x86_64-linux-gnu/libsasl2.so.2
>> /usr/share/doc/libsasl2-2/NEWS.Debian.gz
>> /usr/share/doc/libsasl2-2/changelog.Debian.gz
>>
>> # ldd /usr/local/sbin/argus
>> linux-vdso.so.1 => (0x00007fff4a9fa000)
>> libpcap.so.0.8 => /usr/lib/x86_64-linux-gnu/libpcap.so.0.8 (0x00007f19af385000)
>> libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f19af167000)
>> libsasl2.so.2 => /usr/lib/x86_64-linux-gnu/libsasl2.so.2 (0x00007f19aef4b000)
>> libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f19aec45000)
>> libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f19aea2c000)
>> libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f19ae665000)
>> /lib64/ld-linux-x86-64.so.2 (0x00007f19af5cd000)
>> libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f19ae461000)
>>
>> Cheers,
>>
>> Jesse
>>
>> On May 27, 2014, at 12:12 PM, Carter Bullard <carter at qosient.com> wrote:
>>
>>> Hey Jesse,
>>> Well, seems that SASL isn’t happy at all.
>>> Does an earlier version of argus run, such as 3.0.6.rc2 or rc3 ??
>>> (just to get a grounding on whether its your SASL installation or argus).
>>>
>>> Carter
>>>
>>> On May 27, 2014, at 11:42 AM, Jesse Bowling <jessebowling at gmail.com> wrote:
>>>
>>>> Sure thing; Wall of text below...
>>>>
>>>> Cheers,
>>>>
>>>> Jesse
>>>>
>>>> May 27 11:15:04 thog argus[44295]: 27 May 14 11:15:04.900563 started
>>>> May 27 11:15:04 thog argus[44295]: argus[44295.40977f1ef97f0000]: 27 May 14 11:15:04.904404 ArgusEstablishListen(561, 0x7fff04b85170) binding: any:561 family: 2
>>>> May 27 11:15:04 thog argus[44295]: argus[44295.40977f1ef97f0000]: 27 May 14 11:15:04.904621 ArgusEstablishListen(0x1f61010, 0x7fff04b85170) returning 3
>>>> May 27 11:15:04 thog argus[44295]: argus[44295.40977f1ef97f0000]: 27 May 14 11:15:04.904917 SASL path ??C
>>>> May 27 11:15:04 thog argus[44295]: argus[44295.40977f1ef97f0000]: 27 May 14 11:15:04.907087 ArgusInitOutput() done
>>>> May 27 11:15:04 thog argus[44295]: 27 May 14 11:15:04.907295 started
>>>> May 27 11:15:04 thog argus[44295]: argus[44295.40977f1ef97f0000]: 27 May 14 11:15:04.907486 ArgusCloneSource(0x7ff91d294010) returning 0x7ff91c47c010
>>>> May 27 11:15:04 thog argus[44295]: argus[44295.40977f1ef97f0000]: 27 May 14 11:15:04.907810 clearArgusDevice(0x7ff91c47c010) returning
>>>> May 27 11:15:04 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:04.916181 ArgusOutputProcess(0x1f61010) starting
>>>> May 27 11:15:04 thog argus[44295]: argus[44295.40977f1ef97f0000]: 27 May 14 11:15:04.917023 ArgusOpenInterface() pcap_open_live(eth0) returned 0x1f70070
>>>> May 27 11:15:04 thog argus[44295]: argus[44295.40977f1ef97f0000]: 27 May 14 11:15:04.917146 Arguslookup_pcap_callback(1) returning 0x40ed85
>>>> May 27 11:15:04 thog argus[44295]: argus[44295.40977f1ef97f0000]: 27 May 14 11:15:04.917169 ArgusOpenInterface(0x7ff91c47c010, 'eth0') returning 1
>>>> May 27 11:15:04 thog argus[44295]: argus[44295.40977f1ef97f0000]: 27 May 14 11:15:04.918258 ArgusInitModeler(0x7ff91e666010) done
>>>> May 27 11:15:04 thog argus[44295]: argus[44295.40977f1ef97f0000]: 27 May 14 11:15:04.918311 ArgusInitSource(0x7ff91c47c010) returning 1
>>>> May 27 11:15:04 thog argus[44295]: argus[44295.00f7ff17f97f0000]: 27 May 14 11:15:04.919130 ArgusGetPackets (0x7ff91c47c010) starting
>>>> May 27 11:15:04 thog argus[44295]: argus[44295.00f7ff17f97f0000]: 27 May 14 11:15:04.919370 setArgusInterfaceStatus(0x7ff91c47c010, 1)
>>>> May 27 11:15:04 thog argus[44295]: 27 May 14 11:15:04.919544 ArgusGetInterfaceStatus: interface eth0 is up
>>>> May 27 11:15:04 thog argus[44295]: argus[44295.00f7ff17f97f0000]: 27 May 14 11:15:04.919966 ArgusGetPackets: interface eth0 is selectable
>>>> May 27 11:15:04 thog argus[44295]: argus[44295.00f7ff17f97f0000]: 27 May 14 11:15:04.920103 setArgusInterfaceStatus(0x7ff91c47c010, 1)
>>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.125120 ArgusCheckClientStatus() new client
>>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.125297 ArgusNewSocket (7) returning 0x7ff91e625010
>>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.125349 ArgusCheckClientStatus: SASL enabled
>>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.125664 ArgusCheckClientStatus: wrote 128 bytes to client
>>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.127701 ArgusSaslLog Other: Internal Error -4 in ../../lib/server.c near line 1753
>>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.127776 ArgusSaslLog Other: Internal Error -4 in ../../lib/server.c near line 1753
>>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.127824 ArgusSaslLog Other: Internal Error -4 in ../../lib/server.c near line 1753
>>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.127866 ArgusAuthenticateClient: Error generating mechanism list
>>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.128168 ArgusShutDown(1)
>>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.128223 argus() [0x40527a]
>>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.128264 argus() [0x426f22]
>>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.128304 argus() [0x42078f]
>>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.128343 argus() [0x41adda]
>>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.128382 argus() [0x41b27c]
>>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.128420 /lib/x86_64-linux-gnu/libpthread.so.0(+0x8182) [0x7ff91e192182]
>>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.128460 /lib/x86_64-linux-gnu/libc.so.6(clone+0x6d) [0x7ff91d99e30d]
>>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.128515 ArgusShutDown(SIGHUP)#012
>>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.128596 ArgusCloseSource(0x7ff91d294010) starting
>>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.128643 ArgusCloseSource(0x7ff91c47c010) starting
>>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.128779 ArgusShutDown(0)
>>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.128842 argus() [0x40527a]
>>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.128884 argus() [0x40da63]
>>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.128933 argus() [0x40f041]
>>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.128974 /usr/lib/x86_64-linux-gnu/libpcap.so.0.8(+0x59ba) [0x7ff91e3ad9ba]
>>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.129015 /usr/lib/x86_64-linux-gnu/libpcap.so.0.8(+0x9dce) [0x7ff91e3b1dce]
>>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.129054 argus() [0x413c91]
>>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.129092 /lib/x86_64-linux-gnu/libpthread.so.0(+0x8182) [0x7ff91e192182]
>>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.129130 /lib/x86_64-linux-gnu/libc.so.6(clone+0x6d) [0x7ff91d99e30d]
>>>> May 27 11:15:13 thog argus[44295]: argus[44295.00f7ff17f97f0000]: 27 May 14 11:15:13.129169 ArgusShutDown(Normal Shutdown)#012
>>>> May 27 11:15:13 thog argus[44295]: argus[44295.00f7ff17f97f0000]: 27 May 14 11:15:13.129210 ArgusShutDown() returning
>>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.131104 ArgusProcessQueue (0x7ff910003d80, 96) Shuting Down with 2 records
>>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.132305 ArgusProcessQueue (0x7ff9100035d0, 96) Shuting Down with 33 records
>>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.132371 ArgusProcessQueue (0x7ff910000f60, 96) Shuting Down with 180 records
>>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.132457 ArgusModelerCleanUp (0x7ff91e666010) returning
>>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.132538 ArgusCloseModeler(0x7ff91e666010) Total Sends 229
>>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.132584 ArgusCloseSource(0x7ff91c47c010) done
>>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.132626 ArgusModelerCleanUp (0x7ff91e778010) returning
>>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.132687 ArgusCloseModeler(0x7ff91e778010) Total Sends 0
>>>> May 27 11:15:13 thog argus[44295]: argus[44295.40977f1ef97f0000]: 27 May 14 11:15:13.132742 ArgusSourceProcess: ArgusGetPackets[0] done
>>>> May 27 11:15:13 thog argus[44295]: argus[44295.40977f1ef97f0000]: 27 May 14 11:15:13.132790 main() ArgusSourceProcess returned: shuting down
>>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.132865 ArgusShutDown(0)
>>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.132908 argus() [0x40527a]
>>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.132949 argus() [0x407bae]
>>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.132988 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x7ff91d8c4ec5]
>>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.133029 argus() [0x4043b9]
>>>> May 27 11:15:13 thog argus[44295]: argus[44295.40977f1ef97f0000]: 27 May 14 11:15:13.133068 ArgusShutDown(Normal Shutdown)#012
>>>> May 27 11:15:13 thog argus[44295]: argus[44295.40977f1ef97f0000]: 27 May 14 11:15:13.133109 ArgusShutDown() returning
>>>> On May 27, 2014, at 11:39 AM, Carter Bullard <carter at qosient.com> wrote:
>>>>
>>>>> Hey Jesse,
>>>>> You are the 2nd site to report this in the last week.
>>>>> This is a SASL error, not an argus error, but argus maybe
>>>>> causing it, so need to investigate further.
>>>>>
>>>>> When you run with -D3, do you get a lot of SASL messages ??
>>>>> Can you send those to the list ??
>>>>>
>>>>> Carter
>>>>>
>>>>> On May 27, 2014, at 11:28 AM, Jesse Bowling <jessebowling at gmail.com> wrote:
>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> Today I’m attempting to set up an argus instance using SASL on Ubuntu 14 LTS, and I encounter the following issue when trying to connect to the argus instance:
>>>>>>
>>>>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.125349 ArgusCheckClientStatus: SASL enabled
>>>>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.125664 ArgusCheckClientStatus: wrote 128 bytes to client
>>>>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.127701 ArgusSaslLog Other: Internal Error -4 in ../../lib/server.c near line 1753
>>>>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.127776 ArgusSaslLog Other: Internal Error -4 in ../../lib/server.c near line 1753
>>>>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.127824 ArgusSaslLog Other: Internal Error -4 in ../../lib/server.c near line 1753
>>>>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.127866 ArgusAuthenticateClient: Error generating mechanism list
>>>>>>
>>>>>> Both argus and client configured --with-sasl. I’ve not configured SASL on Ubuntu before, so it could certainly be an issue with that, but the 'Internal Error -4’ is unnerving...
>>>>>>
>>>>>> What does "Internal Error -4” indicate in argus? Anyone else set up SASL auth with Ubuntu that could share their steps?
>>>>>>
>>>>>> Cheers,
>>>>>>
>>>>>> Jesse
>>>>>
>>>>
>>>
>>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20140527/633bcee6/attachment.sig>
More information about the argus
mailing list