Hi again,
we had this error running FreeRadius with TTLS against an LDAP.
Is it due to the way we set up certificates or is it some? can you help us?
I'm attaching the whole log,
thank you very much.
Silvio
> read_config_files: reading dictionary
> read_config_files: reading naslist
> Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading realms
> read_config_files: reading clients
> Using deprecated clients file. Support for this will go away soon.
> read_config_files: reading realms
> Using deprecated realms file. Support for this will go away soon.
> radiusd: entering modules setup
> Module: Library search path is /usr/local/lib
> Module: Loaded expr
> Module: Instantiated expr (expr)
mschap: use_mppe = yes
> Module: Loaded PAP
> pap: encryption_scheme = "clear"
> Module: Instantiated pap (pap)
mschap: passwd = "(null)"
> Module: Loaded CHAP
mschap: authtype = "MS-CHAP"
> Module: Instantiated chap (chap)
> Module: Loaded MS-CHAP
> mschap: use_mppe = yes
> mschap: require_encryption = no
> mschap: require_strong = no
unix: group = "(null)"
> mschap: passwd = "(null)"
> mschap: authtype = "MS-CHAP"
> Module: Instantiated mschap (mschap)
Module: Instantiated unix (unix)
> Module: Loaded System
> unix: cache = no
> unix: passwd = "(null)"
> unix: shadow = "(null)"
> unix: group = "(null)"
> unix: radwtmp = "/usr/local/var/log/radius/radwtmp"
> unix: usegroup = no
> unix: cache_reload = 600
> Module: Instantiated unix (unix)
> Module: Loaded LDAP
> ldap: server = "192.168.100.12"
> ldap: port = 2389
> ldap: net_timeout = 1
ldap: identity = "silvio"
> ldap: timeout = 4
> ldap: timelimit = 3
> ldap: identity = "silvio"
> ldap: start_tls = no
> ldap: password = "Padulo"
> ldap: basedn = "dv=plainusers,o=vds"
> ldap: filter = "(&(objectclass=user)(uid=%{Stripped-User-Name:-%{User-Name}}))"
> ldap: base_filter = "(objectclass=radiusprofile)"
> ldap: default_profile = "(null)"
> ldap: profile_attribute = "(null)"
> ldap: password_header = "(null)"
> ldap: password_attribute = "(null)"
> ldap: access_attr = "(null)"
> ldap: groupname_attribute = "cn"
> ldap: groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
> ldap: groupmembership_attribute = "(null)"
> ldap: dictionary_mapping = "/usr/local/etc/raddb/ldap.attrmap"
> ldap: ldap_debug = 0
> ldap: ldap_connections_number = 5
> ldap: compare_check_items = no
> ldap: access_attr_used_for_allow = yes
> conns: (nil)
> rlm_ldap: reading ldap<->radius mappings from file /usr/local/etc/raddb/ldap.attrmap
> rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
> rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
> rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
> rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
> rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
> rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
> rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
> rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
> rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
> rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
> rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
> rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
> rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
> rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
> rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
> rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
> rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
> rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
> rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
> rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
> rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
> rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
> rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
> rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
> rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
> rlm_ldap: LDAP radiusClass mapped to RADIUS Class
> rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
> rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
> rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
> rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
> rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
> rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
> rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
> rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network
> rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
> rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
> rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
> conns: 0x8104a60
> Module: Instantiated ldap (ldap)
> Module: Loaded eap
> eap: default_eap_type = "tls"
> eap: timer_expire = 60
> eap: ignore_unknown_eap_types = no
> rlm_eap: Loaded and initialized type md5
> rlm_eap: Loaded and initialized type leap
> tls: rsa_key_exchange = no
> tls: dh_key_exchange = yes
> tls: rsa_key_length = 512
> tls: dh_key_length = 512
> tls: verify_depth = 0
> tls: CA_path = "(null)"
> tls: pem_file_type = yes
> tls: private_key_file = "/usr/local/cert/server.pvk"
> tls: certificate_file = "/usr/local/cert/server.cer"
> tls: CA_file = "/usr/local/cert/ca.cer"
> tls: private_key_password = "acsi"
> tls: dh_file = "/usr/local/cert/dh"
> tls: random_file = "/usr/local/cert/random"
tls: include_length = yes
> tls: fragment_size = 1024
> tls: include_length = yes
> tls: check_crl = no
> rlm_eap: Loaded and initialized type tls
> ttls: default_eap_type = "md5"
> ttls: copy_request_to_tunnel = no
> ttls: use_tunneled_reply = no
Module: Loaded preprocess
> rlm_eap: Loaded and initialized type ttls
> rlm_eap: Loaded and initialized type mschapv2
> Module: Instantiated eap (eap)
preprocess: ascend_channels_per_line = 23
> Module: Loaded preprocess
> preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
> preprocess: hints = "/usr/local/etc/raddb/hints"
> preprocess: with_ascend_hack = no
> preprocess: ascend_channels_per_line = 23
> preprocess: with_ntdomain_hack = no
> preprocess: with_specialix_jetstream_hack = no
> preprocess: with_cisco_vsa_hack = no
> Module: Instantiated preprocess (preprocess)
> Module: Loaded detail
> detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"
> detail: detailperm = 384
> detail: dirperm = 493
> detail: locking = no
> Module: Instantiated detail (auth_log)
> Module: Loaded realm
> realm: format = "suffix"
> realm: delimiter = "@"
Module: Instantiated realm (suffix)
> Module: Instantiated realm (suffix)
> Module: Loaded files
files: acctusersfile = "/usr/local/etc/raddb/acct_users"
> files: usersfile = "/usr/local/etc/raddb/users"
> files: acctusersfile = "/usr/local/etc/raddb/acct_users"
> files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
> files: compat = "no"
> Module: Instantiated files (files)
> Module: Loaded Acct-Unique-Session-Id
> acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port-Id"
> Module: Instantiated acct_unique (acct_unique)
> detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
> detail: detailperm = 384
> detail: dirperm = 493
> detail: locking = no
> Module: Instantiated detail (detail)
> Module: Loaded radutmp
> radutmp: filename = "/usr/local/var/log/radius/radutmp"
> radutmp: username = "%{User-Name}"
> radutmp: case_sensitive = yes
> radutmp: check_with_nas = yes
> radutmp: perm = 384
> radutmp: callerid = yes
> Module: Instantiated radutmp (radutmp)
> Listening on IP address *, ports 1645/udp and 1646/udp, with proxy on 1647/udp.
> Ready to process requests.
> rad_recv: Access-Request packet from host 192.168.100.12:4197, id=19, length=130
> NAS-IP-Address = 12.12.12.8
> NAS-Port-Type = Async
> User-Name = "tilsaduser"
> Service-Type = Framed-User
> Framed-MTU = 1500
> Calling-Station-Id = "00-08-02-94-3b-e8"
> EAP-Message = 0x0200001a0174696c736164757365724066726565726164697573
Message-Authenticator = 0xee4a8219409c33104673d5b577f28ccd
> Message-Authenticator = 0xee4a8219409c33104673d5b577f28ccd
> Proxy-State = 0x434953434f3a31
radius_xlat: '/usr/local/var/log/radius/radacct/192.168.100.12/auth-detail-20031024'
> modcall: entering group authorize for request 0
> modcall[authorize]: module "preprocess" returns ok for request 0
> radius_xlat: '/usr/local/var/log/radius/radacct/192.168.100.12/auth-detail-20031024'
> rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/192.168.100.12/auth-detail-20031024
rad_check_password: Found Auth-Type EAP
> modcall[authorize]: module "auth_log" returns ok for request 0
> modcall[authorize]: module "chap" returns noop for request 0
./radiusd: relocation error: /usr/local/lib/rlm_eap_tls-1.0.0-pre0.so: undefined symbol: SSL_set_msg_callback
> rlm_eap: EAP packet type response id 0 length 26
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
rlm_realm: No '@' in User-Name = "tilsaduser", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
users: Matched DEFAULT at 152
users: Matched DEFAULT at 171
modcall[authorize]: module "files" returns ok for request 0
modcall[authorize]: module "mschap" returns noop for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
rad_check_password:: command not found
auth: type "EAP"
auth:: command not found
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
./radiusd: relocation error: /usr/local/lib/rlm_eap_tls-1.0.0-pre0.so: undefined symbol: SSL_set_msg_callback
- Re: "relocation error" running FreeRadius wit... silvio . arcangeli
- Re: "relocation error" running FreeRadiu... Michael Griego
- Re: "relocation error" running FreeRadiu... silvio . arcangeli
- Re: "relocation error" running FreeR... Alan DeKok
- Re: "relocation error" running FreeRadiu... silvio . arcangeli
- Re: "relocation error" running FreeR... Alan DeKok
- Re: "relocation error" running FreeRadiu... silvio . arcangeli
- Re: "relocation error" running FreeR... Alan DeKok
