hi,
you seem to use a version of openssl which is too old. you need openssl
0.9.7beta or newer. there seem to have some minor problem disturbing you
since you seem to know what you are doing. i can only say that it
definitely works with FR 0.8.1 and some newer openssl snapshot on
debian. you were just unlucky.
now, simply do the following:
- install the newest openssl development snapshot from their CVS in some
dir (/usr/local/openssl, e.g.)
- run configure script in your FR 0.8.1
- go to src/modules/rlm_eap/types/rlm_eap_tls and make manual changes to
the Makefile:
update the target, the pathes to the openssl libs
(/usr/local/openssl/...) and the LIBS variable. you are right, you have
to add -lcrypto, e.g. like this:
TARGET = rlm_eap_tls
SRCS = rlm_eap_tls.c eap_tls.c cb.c tls.c mppe_keys.c
RLM_CFLAGS = $(INCLTDL) -I../.. -I/usr/local/openssl/include
HEADERS = eap_tls.h
RLM_INSTALL =
RLM_INSTALL=
RLM_LDFLAGS += -L/usr/local/openssl/lib
RLM_LIBS += -lssl -lcrypto
$(STATIC_OBJS): $(HEADERS)
$(DYNAMIC_OBJS): $(HEADERS)
RLM_DIR=../../
include ${RLM_DIR}../rules.mak
now make and make install your freeradius. it should work now. if it
doesn't paste the error here. if it says it can't find some files,
please have a look which file (strace...) or make an ldd on the libs.
you DON'T need any configure options like static etc., at least not at a
standard newer debian machine.
ciao
artur
ps s. below
> modcall: group authorize returns updated
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> modcall: entering group authenticate
> rlm_eap: processing type tls
> /usr/libexec/ld-elf.so.1: /usr/local/lib/rlm_eap_tls-0.8.1.so: Undefined
> symbol "SSL_set_msg_callback_arg"
>
> I searched (with google) for this "symbol" and found two references to
> this list, but couldn't get a working solution from there.
> When I look at the libraries needed by rlm_eap_tls:
> #ldd rlm_eap_tls-0.8.1.so
> rlm_eap_tls-0.8.1.so:
> libcrypto.so.3 => /usr/lib/libcrypto.so.3 (0x2812c000)
> libc.so.4 => /usr/lib/libc.so.4 (0x28069000)
>
> I see that it uses the correct and up-to-date versions of openssl:
>
> #strings /usr/lib/libcrypto.so.3 | grep "0.9." | head -n 1
> OpenSSL 0.9.7 31 Dec 2002
>
> #strings /usr/lib/libssl.so | grep "0.9." | head -n 1
> SSLv2 part of OpenSSL 0.9.7 31 Dec 2002
>
> After some other attempts that failed I tried to install everything on a
> Linux machine (Debian 3.0):
> For building freeradius with EAP/TLS I had to modify the configure
> script in the rlm_eap/types/rlm_eap_tls directory, so
> I had to add "-lcrypto" for the New_SSL check -> LIBS="$LIBS -lssl
> -lcrypto"
> After building (which looked ok) I can't start radiusd at all:
>
> Module: Loaded eap
> eap: default_eap_type = "tls"
> eap: timer_expire = 60
> rlm_eap: Failed to link EAP-Type/tls: file not found
> radiusd.conf[572]: eap: Module instantiation failed.
you can investigate here, this is not a real problem, take a look what's
wrong. which file isn't found???
--
_____________________________________________________________________
Artur Hecker Groupe Acc�s et Mobilit�
hecker[at]enst[dot]fr D�partement Informatique et R�seaux
+33 1 45 81 7507 46, rue Barrault 75634 Paris cedex 13
http://www.infres.enst.fr ENST Paris
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
