Re: "relocation error" running FreeRadius with TTLS

Fri, 24 Oct 2003 10:15:57 -0700 

Which version of OpenSSL are you running against, and which version was
the server compiled against?

--Mike


On Fri, 2003-10-24 at 11:46, [EMAIL PROTECTED] wrote:
> Hi again,
> we had this error running FreeRadius with TTLS against an LDAP.
> Is it due to the way we set up certificates or is it some? can you
> help us?
> 
> I'm attaching the whole log,
> thank you very much.
> Silvio
> 
> 
> > read_config_files:  reading dictionary
> > read_config_files:  reading naslist
> > Using deprecated naslist file.  Support for this will go away soon.
> read_config_files:  reading realms
> > read_config_files:  reading clients
> > Using deprecated clients file.  Support for this will go away soon.
> > read_config_files:  reading realms
> > Using deprecated realms file.  Support for this will go away soon.
> > radiusd:  entering modules setup
> > Module: Library search path is /usr/local/lib
> > Module: Loaded expr
> > Module: Instantiated expr (expr)
>  mschap: use_mppe = yes
> > Module: Loaded PAP
> >  pap: encryption_scheme = "clear"
> > Module: Instantiated pap (pap)
>  mschap: passwd = "(null)"
> > Module: Loaded CHAP
>  mschap: authtype = "MS-CHAP"
> > Module: Instantiated chap (chap)
> > Module: Loaded MS-CHAP
> >  mschap: use_mppe = yes
> >  mschap: require_encryption = no
> >  mschap: require_strong = no
>  unix: group = "(null)"
> >  mschap: passwd = "(null)"
> >  mschap: authtype = "MS-CHAP"
> > Module: Instantiated mschap (mschap)
> Module: Instantiated unix (unix)
> > Module: Loaded System
> >  unix: cache = no
> >  unix: passwd = "(null)"
> >  unix: shadow = "(null)"
> >  unix: group = "(null)"
> >  unix: radwtmp = "/usr/local/var/log/radius/radwtmp"
> >  unix: usegroup = no
> >  unix: cache_reload = 600
> > Module: Instantiated unix (unix)
> > Module: Loaded LDAP
> >  ldap: server = "192.168.100.12"
> >  ldap: port = 2389
> >  ldap: net_timeout = 1
>  ldap: identity = "silvio"
> >  ldap: timeout = 4
> >  ldap: timelimit = 3
> >  ldap: identity = "silvio"
> >  ldap: start_tls = no
> >  ldap: password = "Padulo"
> >  ldap: basedn = "dv=plainusers,o=vds"
> >  ldap: filter =
> "(&(objectclass=user)(uid=%{Stripped-User-Name:-%{User-Name}}))"
> >  ldap: base_filter = "(objectclass=radiusprofile)"
> >  ldap: default_profile = "(null)"
> >  ldap: profile_attribute = "(null)"
> >  ldap: password_header = "(null)"
> >  ldap: password_attribute = "(null)"
> >  ldap: access_attr = "(null)"
> >  ldap: groupname_attribute = "cn"
> >  ldap: groupmembership_filter =
> "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
> >  ldap: groupmembership_attribute = "(null)"
> >  ldap: dictionary_mapping = "/usr/local/etc/raddb/ldap.attrmap"
> >  ldap: ldap_debug = 0
> >  ldap: ldap_connections_number = 5
> >  ldap: compare_check_items = no
> >  ldap: access_attr_used_for_allow = yes
> > conns: (nil)
> > rlm_ldap: reading ldap<->radius mappings from file
> /usr/local/etc/raddb/ldap.attrmap
> > rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
> > rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
> > rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
> > rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS
> Simultaneous-Use
> > rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS
> Called-Station-Id
> > rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS
> Calling-Station-Id
> > rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
> > rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
> > rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
> > rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
> > rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
> > rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
> > rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS
> Framed-IP-Address
> > rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS
> Framed-IP-Netmask
> > rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
> > rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
> > rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
> > rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
> > rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS
> Framed-Compression
> > rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
> > rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
> > rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
> > rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
> > rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
> > rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS
> Framed-IPX-Network
> > rlm_ldap: LDAP radiusClass mapped to RADIUS Class
> > rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
> > rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
> > rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS
> Termination-Action
> > rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS
> Login-LAT-Service
> > rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
> > rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
> > rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS
> Framed-AppleTalk-Link
> > rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS
> Framed-AppleTalk-Network
> > rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS
> Framed-AppleTalk-Zone
> > rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
> > rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
> > conns: 0x8104a60
> > Module: Instantiated ldap (ldap)
> > Module: Loaded eap
> >  eap: default_eap_type = "tls"
> >  eap: timer_expire = 60
> >  eap: ignore_unknown_eap_types = no
> > rlm_eap: Loaded and initialized type md5
> > rlm_eap: Loaded and initialized type leap
> >  tls: rsa_key_exchange = no
> >  tls: dh_key_exchange = yes
> >  tls: rsa_key_length = 512
> >  tls: dh_key_length = 512
> >  tls: verify_depth = 0
> >  tls: CA_path = "(null)"
> >  tls: pem_file_type = yes
> >  tls: private_key_file = "/usr/local/cert/server.pvk"
> >  tls: certificate_file = "/usr/local/cert/server.cer"
> >  tls: CA_file = "/usr/local/cert/ca.cer"
> >  tls: private_key_password = "acsi"
> >  tls: dh_file = "/usr/local/cert/dh"
> >  tls: random_file = "/usr/local/cert/random"
>  tls: include_length = yes
> >  tls: fragment_size = 1024
> >  tls: include_length = yes
> >  tls: check_crl = no
> > rlm_eap: Loaded and initialized type tls
> >  ttls: default_eap_type = "md5"
> >  ttls: copy_request_to_tunnel = no
> >  ttls: use_tunneled_reply = no
> Module: Loaded preprocess
> > rlm_eap: Loaded and initialized type ttls
> > rlm_eap: Loaded and initialized type mschapv2
> > Module: Instantiated eap (eap)
>  preprocess: ascend_channels_per_line = 23
> > Module: Loaded preprocess
> >  preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
> >  preprocess: hints = "/usr/local/etc/raddb/hints"
> >  preprocess: with_ascend_hack = no
> >  preprocess: ascend_channels_per_line = 23
> >  preprocess: with_ntdomain_hack = no
> >  preprocess: with_specialix_jetstream_hack = no
> >  preprocess: with_cisco_vsa_hack = no
> > Module: Instantiated preprocess (preprocess)
> > Module: Loaded detail
> >  detail: detailfile =
> "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"
> >  detail: detailperm = 384
> >  detail: dirperm = 493
> >  detail: locking = no
> > Module: Instantiated detail (auth_log)
> > Module: Loaded realm
> >  realm: format = "suffix"
> >  realm: delimiter = "@"
> Module: Instantiated realm (suffix)
> > Module: Instantiated realm (suffix)
> > Module: Loaded files
>  files: acctusersfile = "/usr/local/etc/raddb/acct_users"
> >  files: usersfile = "/usr/local/etc/raddb/users"
> >  files: acctusersfile = "/usr/local/etc/raddb/acct_users"
> >  files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
> >  files: compat = "no"
> > Module: Instantiated files (files)
> > Module: Loaded Acct-Unique-Session-Id
> >  acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
> Client-IP-Address, NAS-Port-Id"
> > Module: Instantiated acct_unique (acct_unique)
> >  detail: detailfile =
> "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
> >  detail: detailperm = 384
> >  detail: dirperm = 493
> >  detail: locking = no
> > Module: Instantiated detail (detail)
> > Module: Loaded radutmp
> >  radutmp: filename = "/usr/local/var/log/radius/radutmp"
> >  radutmp: username = "%{User-Name}"
> >  radutmp: case_sensitive = yes
> >  radutmp: check_with_nas = yes
> >  radutmp: perm = 384
> >  radutmp: callerid = yes
> > Module: Instantiated radutmp (radutmp)
> > Listening on IP address *, ports 1645/udp and 1646/udp, with proxy
> on 1647/udp.
> > Ready to process requests.
> > rad_recv: Access-Request packet from host 192.168.100.12:4197,
> id=19, length=130
> >         NAS-IP-Address = 12.12.12.8
> >         NAS-Port-Type = Async
> >         User-Name = "tilsaduser"
> >         Service-Type = Framed-User
> >         Framed-MTU = 1500
> >         Calling-Station-Id = "00-08-02-94-3b-e8"
> >         EAP-Message =
> 0x0200001a0174696c736164757365724066726565726164697573
>         Message-Authenticator = 0xee4a8219409c33104673d5b577f28ccd
> >         Message-Authenticator = 0xee4a8219409c33104673d5b577f28ccd
> >         Proxy-State = 0x434953434f3a31
> radius_xlat:
> '/usr/local/var/log/radius/radacct/192.168.100.12/auth-detail-20031024'
> > modcall: entering group authorize for request 0
> >   modcall[authorize]: module "preprocess" returns ok for request 0
> > radius_xlat:
> '/usr/local/var/log/radius/radacct/192.168.100.12/auth-detail-20031024'
> > rlm_detail:
> /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to 
> /usr/local/var/log/radius/radacct/192.168.100.12/auth-detail-20031024
>   rad_check_password:  Found Auth-Type EAP
> >   modcall[authorize]: module "auth_log" returns ok for request 0
> >   modcall[authorize]: module "chap" returns noop for request 0
> ./radiusd: relocation error: /usr/local/lib/rlm_eap_tls-1.0.0-pre0.so:
> undefined symbol: SSL_set_msg_callback
> >   rlm_eap: EAP packet type response id 0 length 26
> >   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> modcall[authorize]: module "eap" returns updated for request 0
>   rlm_realm: No '@' in User-Name = "tilsaduser", looking up realm NULL
>   rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for request 0
>   users: Matched DEFAULT at 152
>   users: Matched DEFAULT at 171
> modcall[authorize]: module "files" returns ok for request 0
> modcall[authorize]: module "mschap" returns noop for request 0
> modcall: group authorize returns updated for request 0
> rad_check_password:  Found Auth-Type EAP
> rad_check_password:: command not found
> auth: type "EAP"
> auth:: command not found
> modcall: entering group authenticate for request 0
> rlm_eap: EAP Identity
> rlm_eap: processing type tls
> ./radiusd: relocation error: /usr/local/lib/rlm_eap_tls-1.0.0-pre0.so:
> undefined symbol: SSL_set_msg_callback
-- 
                                                                             --Mike
                                                                                
--------------------------------
Michael Griego
Wireless Network Administrator
University of Texas at Dallas



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to