Hi All:
The solution...
* Clean-up all prior versions of freeRADIUS and
openSSL
* Install the latest BETA version of openssl
(0.9.7-beta4)
* Download latest version of freeRADIUS(0.8)
* Run ./configure under freeRADIUS root directory
* Do necessary changes in the Makefile under
rlm_eap_tls directory
* Run ./make under freeRADIUS root dir
* Type the command:
/usr/local/lib/ldd rlm_eap_tls-0.7-pre.so
* Make sure that the referred "libssl" and "libcrypto"
are the correct ones from the latest openSSL BETA
version -(0.9.7-beta4)
* Run ./make install under freeRADIUS root directory
It should work fine and should perform TLS
handshaking.
Thanks especially to Artur.
I would close this thread of emails now. :-))
--- Nikhil Chauhan <[EMAIL PROTECTED]> wrote:
> Hi Artur:
>
> Thanks for your suggestions. I heartly appreciate
> them.
>
> The problem with SSL_set_msg_callback seems to be
> fixed now. I installed the latest Beta version of
> the
> openssl and /usr/local/lib/ldd
> rlm_eap_tls-0.7-pre.so
> seems to give me libraries from this version of
> openssl. I tried again with FreeRADIUS-0.7 and I get
> a
> segmentation fault when it tries to process the TLS
> request: (NOTE: PLEASE READ BELOW THE FOLLOWING LOG
> AS
> WELL)
>
> ====================================================
> Listening on IP address *, ports 1812/udp and
> 1813/udp, with proxy on 1814/udp.
> Ready to process requests.
> rad_recv: Access-Request packet from host
> 192.168.11.20:1047, id=23, length=122
> User-Name = "adam-ctl"
> NAS-IP-Address = 192.168.11.20
> Called-Station-Id = "004096577e54"
> Calling-Station-Id = "000809000097"
> NAS-Identifier = "AP350"
> NAS-Port = 29
> Framed-MTU = 1400
> NAS-Port-Type = Wireless-802.11
> EAP-Message = "\002\035\000\r\001adam-ctl"
> Message-Authenticator =
> 0x09cf6a42badba94b8978e30247cdd626
> modcall: entering group authorize
> modcall[authorize]: module "preprocess" returns ok
> modcall[authorize]: module "eap" returns updated
> rlm_realm: Looking up realm NULL for User-Name =
> "adam-ctl"
> rlm_realm: No such realm NULL
> modcall[authorize]: module "suffix" returns noop
> users: Matched adam-ctl at 97
> modcall[authorize]: module "files" returns ok
> modcall: group authorize returns updated
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> modcall: entering group authenticate
> rlm_eap: processing type tls
> Segmentation fault
>
======================================================
>
> I understand that there are a lot of bug-fixes
> within
> FreeRadius 0.8 release and I should UPGRADE to the
> same level. I tried to install freeradius-0.8 and it
> gives me a parse error in unistd.h
> ===================================================
> gmake[6]: Entering directory
> `/tmp/freeradius-0.8/src/modules/rlm_unix'
> /tmp/freeradius-0.8/libtool --mode=link
> ld \
> -module -static -g -O2 -D_REENTRANT
> -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -g
> -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align
> -Wwrite-strings -Wstrict-prototypes
> -Wmissing-prototypes -Wmissing-declarations
> -Wnested-externs -I../../include rlm_unix.o cache.o
> compat.o -o rlm_unix.a
> ar cru rlm_unix.a rlm_unix.o cache.o compat.o
> ranlib rlm_unix.a
> gmake[6]: Leaving directory
>
`/tmp/freeradius-snapshot-20021122/src/modules/rlm_unix'
> Making static dynamic in rlm_x99_token...
> gmake[6]: Entering directory
>
`/tmp/freeradius-snapshot-20021122/src/modules/rlm_x99_token'
> gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS
> -Wall -D_GNU_SOURCE -g -Wshadow -Wpointer-arith
> -Wcast-qual -Wcast-align -Wwrite-strings
> -Wstrict-prototypes -Wmissing-prototypes
> -Wmissing-declarations -Wnested-externs
> -I../../include -DX99_MODULE_NAME=\"rlm_x99_token\"
> -DFREERADIUS -c x99_site.c -o x99_site.o
> In file included from ../../include/radiusd.h:19,
> from x99_rad.h:25,
> from x99.h:201,
> from x99_site.c:37:
> /usr/include/unistd.h:945: parse error before `('
> /usr/include/unistd.h:945: parse error before
> `__const'
> gmake[6]: *** [x99_site.o] Error 1
> gmake[6]: Leaving directory
> `/tmp/freeradius-0.8/src/modules/rlm_x99_token'
> gmake[5]: *** [common] Error 1
> gmake[5]: Leaving directory
> `/tmp/freeradius-0.8/src/modules'
> gmake[4]: *** [all] Error 2
> gmake[4]: Leaving directory
> `/tmp/freeradius-0.8/src/modules'
> gmake[3]: *** [common] Error 1
> gmake[3]: Leaving directory
> `/tmp/freeradius-0.8/src'
> gmake[2]: *** [all] Error 2
> gmake[2]: Leaving directory
> `/tmp/freeradius-0.8/src'
> gmake[1]: *** [common] Error 1
> gmake[1]: Leaving directory
> `/tmp/freeradius-0.8'
> make: *** [all] Error 2
> =================================================
>
> --- Artur Hecker <[EMAIL PROTECTED]> wrote:
> > nikhil:
> >
> >
> > as i already said to you:
> > - upgrade to the newest version, why do you still
> > use the 0.7.1?
> > - assure that the "old" openssl is not involved
> into
> > the compilation
> >
> > your problem is evidently that the rlm_eap_tls
> used
> > by freeradius is
> > compiled to use the old openssl OR it uses this
> for
> > unclear reasons.
> > resolve it, don't wait for _the_ solution, simply
> > try, play with your
> > settings (after having upgraded), with your gcc
> > config, your system
> > config, etc.
> >
> > the old lib doesn't have this function, only the
> new
> > beta versions have
> > (for as far as i know). yours evidently don't.
> > upgrade & recompile it.
> >
> > i'm sorry but it's a little bit hard to see what
> the
> > exact problem is
> > and to give you the sequence of commands which
> will
> > result in correct
> > behaviour, be administrator. you could write small
> > test programs in C
> > and compile those (simply a SSL_init() and then a
> > call to this
> > SSL_set_msg_callback() function). once your C test
> > compiles correctly
> > and executes without linker complaining (although
> > the program can
> > segfault completely, you don't care) you will
> > probably know what's wrong
> > now.
> >
> >
> > ciao
> > artur
> >
> >
> > Nikhil Chauhan wrote:
> > > Hi:
> > >
> > > Any more pointers on the same subject(please
> look
> > at
> > > the email thread) would be highly appreciated.
> My
> > > radius log looks like this:
> > >
> > > root@tstpc11:/usr/sbin > run_radius -X -A >
> > radius_log
> > > + LD_LIBRARY_PATH=/usr/local/openssl/lib
> > > + LD_PRELOAD=/usr/local/openssl/lib/libcrypto.so
> > > + export LD_LIBRARY_PATH LD_PRELOAD
> > > + /usr/local/sbin/radiusd -X -A
> >
> > ...
> >
> > > /usr/local/sbin/radiusd: error while loading
> > shared
> > > libraries: /usr/local/lib/rlm_eap_tls-0.7.1.so:
> > > undefined symbol: SSL_set_msg_callback
> >
> >
> > --
> > Artur Hecker Groupe Acc�s et Mobilit�
> > hecker[at]enst[dot]fr D�partement Informatique
> et
> > R�seaux
> > +33 1 45 81 7507 46, rue Barrault 75634 Paris
> cedex
> > 13
> > http://www.infres.enst.fr ENST Paris
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
>
=== message truncated ===
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
