Hi,
I tried to install FreeRadius in an attempt to get EAP/TLS working.
At first I tried this on a machine running FreeBSD 4.7-RELEASE.
I installed openssl-0.9.7 (and made symlinks for the lib's in /usr/lib
and to the correct include-files,
since otherwise the compilation would still be based on the old SSL version)
and built FreeRadius 0.8.1 without any problem (I did neither see an
error message in the configure process, nor in the make).
When I configured FreeRadius to use EAP/TLS (as shown on
http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm)
I could start radiusd, saw the incoming Access-Request that was
recognised to use EAP/TLS, but then radiusd stopped with:
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: processing type tls
/usr/libexec/ld-elf.so.1: /usr/local/lib/rlm_eap_tls-0.8.1.so: Undefined
symbol "SSL_set_msg_callback_arg"
I searched (with google) for this "symbol" and found two references to
this list, but couldn't get a working solution from there.
When I look at the libraries needed by rlm_eap_tls:
#ldd rlm_eap_tls-0.8.1.so
rlm_eap_tls-0.8.1.so:
libcrypto.so.3 => /usr/lib/libcrypto.so.3 (0x2812c000)
libc.so.4 => /usr/lib/libc.so.4 (0x28069000)
I see that it uses the correct and up-to-date versions of openssl:
#strings /usr/lib/libcrypto.so.3 | grep "0.9." | head -n 1
OpenSSL 0.9.7 31 Dec 2002
#strings /usr/lib/libssl.so | grep "0.9." | head -n 1
SSLv2 part of OpenSSL 0.9.7 31 Dec 2002
After some other attempts that failed I tried to install everything on a
Linux machine (Debian 3.0):
For building freeradius with EAP/TLS I had to modify the configure
script in the rlm_eap/types/rlm_eap_tls directory, so
I had to add "-lcrypto" for the New_SSL check -> LIBS="$LIBS -lssl
-lcrypto"
After building (which looked ok) I can't start radiusd at all:
Module: Loaded eap
eap: default_eap_type = "tls"
eap: timer_expire = 60
rlm_eap: Failed to link EAP-Type/tls: file not found
radiusd.conf[572]: eap: Module instantiation failed.
I tried after this attempt ./configure --enable-static
and even ./configure --disable-shared
I modified the configure script in
src/modules/rlm_eap/types/rlm_eap_tls, and it gives the output:
configuring in src/modules/rlm_eap/types/rlm_eap_tls
running /bin/sh ./configure --disable-shared --enable-ltdl-install
--enable-ltdl-install --cache-file=../../../../.././config.cache --srcdir=.
loading cache ../../../../.././config.cache
checking for openssl/ssl.h... yes
checking for DH_new in -lcrypto... yes
checking for SSL_new in -lssl... yes
checking how to run the C preprocessor... (cached) gcc -E
checking for openssl/err.h... (cached) no
checking for openssl/engine.h... (cached) no
creating ./config.status
creating Makefile
creating config.h
config.h is unchanged
Before the "checking for SSL_new in -lssl" failed because -lcrypto was
not included, just -lssl - so eap_tls wasn't built at all.
As a final attempt I installed openssl-SNAP-20030203 (verified with
strings /usr/lib/libcrypto.a en /usr/lib/libssl.a (symlinks I made to
/usr/local/ssl/lib) that this is 0.9.8-dev)
and freeradius-snapshot-20030204
configure: warning: FAILURE: rlm_eap_tls requires: libssl.
configure: warning: silently not building rlm_eap_tls.
again I thought I had to add "-lcrypto" at line 1034 -> LIBS="$LIBS
-lssl -lcrypto"
but now this doesn't seem to be working: checking for SSL_new in -lssl... no
This snapshot didn't solve the problem with freeradius 0.8.1,
I now tried the FreeRadius-snapshot on the FreeBSD box again:
with FreeRadius-snapshot I get while building:
In file included from /usr/include/openssl/ssl.h:177,
from eap_tls.h:56,
from rlm_eap_tls.c:27:
/usr/include/openssl/x509.h:120: warning: function declaration isn't a
prototype
/usr/include/openssl/x509.h:121: warning: function declaration isn't a
prototype
After installing it
{~/freeradius-snapshot-20030204}#radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
Config: including file: /usr/local/etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/usr/local/var"
main: logdir = "/usr/local/var/log/radius"
main: libdir = "/usr/lib:/usr/local/lib"
main: radacctdir = "/usr/local/var/log/radius/radacct"
main: datadir = "/usr/local/share"
?[0]: Unknown variable "datadir"
read_config_files: reading dictionary
Segmentation fault (core dumped)
Hmm, so that was no good idea either.
Well, I tried many things, but I must have overlooked something.
Can anyone tell me what's wrong?
Thank you in advance,
Paul
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
