Re: Compiling with rlm_krb Possible BUG?
Steve, Did moving the the com_err from RLM_LIBS line to the HEADERS line correct the problem compiling?? ( you know what they say: "Just because it compiled does not mean it compiled!")... If that corrected the compile problem and it works for you I suspect the changes would be of interest to others wanting to use Kerboros as well... Gary N. McKinney - Original Message - From: Steve OBrien To: [EMAIL PROTECTED] Sent: Tuesday, April 06, 2004 6:33 PM Subject: Re: Compiling with rlm_krb Possible BUG? I edited the makefile and moved -lcom_err from the RLM_LIBS line to the HEADERS line and make seemed to work. Not sure if that is a bug... Steve ---Outgoing mail is certified Virus Free.Checked by AVG anti-virus system (http://www.grisoft.com).Version: 6.0.654 / Virus Database: 419 - Release Date: 4/6/2004
Re: Compiling with rlm_krb Possible BUG?
Steve, Don't do that. com_err is a standard lib shipped with Kerberos because some vendors don't supply one. If you've got MIT Kerberos installed, libcom_err.so should be living in /usr/local/lib. To insure everything works properly and that you don't have some conflicts between SEAM and MIT, make sure /usr/local/lib is first on your system library path (check with crle). What version of Kerberos are you using ? I've got two Solaris 9 installs (versions 1.2.8 and 1.3.1) and I've built freeradius on both - no issues. Check your kerberos version by using the krb5-config script (also shipped with most recent versions of MIT Kerberos). --Craig Gary McKinney wrote: Steve, Did moving the the com_err from RLM_LIBS line to the HEADERS line correct the problem compiling?? ( you know what they say: Just because it compiled does not mean it compiled!)... If that corrected the compile problem and it works for you I suspect the changes would be of interest to others wanting to use Kerboros as well... Gary N. McKinney - Original Message - From: Steve OBrien To: [EMAIL PROTECTED] Sent: Tuesday, April 06, 2004 6:33 PM Subject: Re: Compiling with rlm_krb Possible BUG? I edited the makefile and moved -lcom_err from the RLM_LIBS line to the HEADERS line and make seemed to work. Not sure if that is a bug... Steve --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.654 / Virus Database: 419 - Release Date: 4/6/2004 -- / Craig Huckabee| e-mail: [EMAIL PROTECTED] / / Code 715-CH | phone: (843) 218 5653 / / SPAWAR Systems Center | close proximity: Hey You! / / Charleston, SC|ICBM: 32.78N, 79.93W / - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Compiling with rlm_krb
make sure /usr/local/lib is first on your system library path (check with crle). Thanks!! I never knew about that command, jeez what a great one! What version of Kerberos are you using ? 1.3.3 binary from MIT To insure everything works properly and that you don't have some conflicts between SEAM and MIT Do you have the Solaris Kerberos packages installed? I've got two Solaris 9 installs (versions 1.2.8 and 1.3.1) and I've built freeradius on both - no issues. Are you using Kerberos for freeradius authentication? If you are would you mind sharing you radiusd.conf Kerberos configuration, I have not been able to find much information about it. Steve
Re: Compiling with rlm_krb
Steve OBrien wrote: To insure everything works properly and that you don't have some conflicts between SEAM and MIT Do you have the Solaris Kerberos packages installed? I've used the MIT binary packages and built my own. SEAM is almost usable by default, but it falls short in the GSSAPI implementation. I've got two Solaris 9 installs (versions 1.2.8 and 1.3.1) and I've built freeradius on both - no issues. Are you using Kerberos for freeradius authentication? If you are would you mind sharing you radiusd.conf Kerberos configuration, I have not been able to find much information about it. We were using it during some tests - I'll see if I have some notes laying around and post them. --Craig -- / Craig Huckabee| e-mail: [EMAIL PROTECTED] / / Code 715-CH | phone: (843) 218 5653 / / SPAWAR Systems Center | close proximity: Hey You! / / Charleston, SC|ICBM: 32.78N, 79.93W / - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Compiling with rlm_krb
There isn't really much to do for Kerberos re:
radiusd.conf
...
modules {
krb5 {
}
...
authenticate {
krb5
}
...
in your users file have
...
DEFAULT Auth-Type := Kerberos
you also need a /etc/krb5.keytab and /etc/krb5.conf (you probably
already have them)
I don't think Kerberos will work with EAP, PEAP, or LEAP, but one can
always hope.
We use one-time passwords with Kerberos so sending it clear-text isn't a
problem.
for testing I use:
echo code 2, length = 40 | cat -RAAT-expect
echo Framed-IP-Address = 255.255.255.254| cat -RAAT-expect
echo Service-Type = Framed-User | cat -RAAT-expect
echo Filter-Id = \dialup\ | cat -RAAT-expect
echo User-Name = $TESTUSER| cat -RAAT-input
echo User-Password = test3ok | cat -RAAT-input
echo NAS-IP-Address = 123.123.123.123 | cat -RAAT-input
kadmin.local -q cpw -pw test3ok $TESTUSER 21RAAT-got
radclient -f RAAT-input -i 123.123.123.123 radius.ds.lanl.gov:1645 auth
$1 21RAAT-got
kadmin.local -q cpw -randkey $TESTUSER 21/dev/null
diff RAAT-expect RAAT-got
On Wed, 2004-04-07 at 08:51, Steve OBrien wrote:
make sure /usr/local/lib is first on your system library
path (check with crle).
Thanks!! I never knew about that command, jeez what a great one!
What version of Kerberos are you using ?
1.3.3 binary from MIT
To insure everything works properly and that you don't have some
conflicts between
SEAM and MIT
Do you have the Solaris Kerberos packages installed?
I've got two Solaris 9
installs (versions 1.2.8 and 1.3.1) and I've built freeradius on both
-
no issues.
Are you using Kerberos for freeradius authentication?
If you are would you mind sharing you radiusd.conf Kerberos
configuration, I have not been able to find much information about it.
Steve
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Compiling with rlm_krb
Hey Steve, You really did not give very much info but I suspect you don't have Kerboros installed in the machine... Gary N. McKinney Network Administrator Computer Services Dept. Brevard County Library System -- Original Message -- From: Steve OBrien [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Tue, 6 Apr 2004 10:52:11 -0700 I am getting: ld: fatal: library -lcom_err: not found ld: fatal: File processing errors. No output written to .libs/rlm_krb5-1.0.0-pre0.so when trying to compile rlm_krb, I have googled and do not see any reference to this library, what is it? TIA, Steve Sent via the KillerWebMail system at mail.brev.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Compiling with rlm_krb
You really did not give very much info but I suspect you don't have Kerberos installed in the machine... I do have the Solaris 9 binaries from MIT Kerberos installed. In /usr/local/include there is com_err.h but I am not sure if that is what it is looking for. It finds all the other libraries. I have tried passing --with-rlm-krb5-lib-dir=/usr/loca/lib and --with-rlm-krb5-include-dir=/usr/local/include but still no make. Steve O'Brien City of Bend Network Administrator [EMAIL PROTECTED] 541-322-6393
Re: Compiling with rlm_krb Possible BUG?
I edited the makefile and moved -lcom_err from the RLM_LIBS line to the HEADERS line and make seemed to work. Not sure if that is a bug... Steve
