> Just wondering if anyone else has tried running out-of-the-box
> freeradius and openssl versions on SuSE 9.1 pro and had any issues?
A lot of problems using last snapshots (suse9.1 and debian sid):
leaving enable shared lib. rlm_eap rlm_eap_ttls rlm_eap_peap disappear
and get no linking.
Disabling sharing with --disable-shared crash on rlm_krb5 making ...
/usr/lib/libkrb5.a(codec.o)(.text+0xaf): In function
`krb5_decode_EncKrbCredPart':
: undefined reference to `decode_EncKrbCredPart'
/usr/lib/libkrb5.a(codec.o)(.text+0xdf): In function
`krb5_encode_Authenticator':
: undefined reference to `encode_Authenticator'
/usr/lib/libkrb5.a(codec.o)(.text+0x10f): In function
`krb5_decode_Authenticator':
: undefined reference to `decode_Authenticator'
/usr/lib/libkrb5.a(codec.o)(.text+0x13f): In function
`krb5_encode_EncAPRepPart':
: undefined reference to `encode_EncAPRepPart'
/usr/lib/libkrb5.a(codec.o)(.text+0x16f): In function
`krb5_decode_EncAPRepPart':
: undefined reference to `decode_EncAPRepPart'
/usr/lib/libkrb5.a(codec.o)(.text+0x19f): In function
`krb5_encode_EncTGSRepPart':
: undefined reference to `encode_EncTGSRepPart'
/usr/lib/libkrb5.a(codec.o)(.text+0x1cf): In function
`krb5_decode_EncTGSRepPart':
: undefined reference to `decode_EncTicketPart' ...
[... x 100]
I tried disabling rlm_krb5 but some elese crash about libpg and kerberus.
A lot of warning everywhere.
I used
CFLAGS="$RPM_OPT_FLAGS -I/usr/include/security -I/usr/include/et"
./configure \
--prefix=/usr \
--bindir=/usr/bin \
--sbindir=/usr/sbin \
--libexecdir=/usr/libexec \
--datadir=/usr/share \
--sysconfdir=/etc \
--localstatedir=/var \
--libdir=/usr/lib/freeradius \
--includedir=/usr/include \
--infodir=/usr/share/info \
--mandir=/usr/share/man \
--with-threads \
--with-thread-pool \
--with-snmp \
--with-large-files \
--disable-ltdl-install \
--with-ltdl-lib=/usr/lib \
--with-ltdl-include=/usr/include \
--with-gnu-ld \
--enable-heimdal-krb5 \
--with-openssl-includes=/usr/include/openssl \
--with-openssl-libraries=/usr/lib \
--with-rlm-krb5-include-dir=/usr/include/heimdal \
--with-rlm-krb5-lib-dir=/usr/lib \
--disable-shared \
--enable-developer \
--enable-strict-dependencies
Some Cflags add in order to patch com_err.h and pam_appl.h folders.
I tried also to patch rlm_krb5.c as suse done on 0.93
#include <et/com_err.h>
-static int verify_krb5_tgt(krb5_context context, rlm_krb5_t *instance,
+static int verify_krb5_tgt(krb5_context context,
but it' wasn't useful. Same errors on suse 9.1 an Deb sid upgraded.
So I'd like to know how you got rid of these problems, which snapshot did
you use and which configure file.
No more than a week or two ago I succeded in compiling and I got server
working,
so I suppose some changes in last snapshot are causing all these problems
on krb5.
I also think that forcing static modules on rlm_eap sub type is causing
ttls and peap disappearing.
It is the case of Inter-library dependencies in this simplified way:
rlm_eap ---static modules link --------> rlm_eap_tls--(-lname link)-->
crypto lib
! ^ ^
! ! !
!----stm--> rlm_eap_ttsl ---- sh lib -- |
!----stm--> rlm_eap_peap ---- sh lib --------|
warning say: linking a shared lib to loadable module is not portable
It seems to me true: in order to have other non libtool modules linked in
these
situations linking is asked in a chain of shared lib with libtools.
But forcing static modules outside libtools rules breaks the ring. [1]
Looking at rules.mak we can find:
# If the module is in the list of static modules, then the "dynamic"
# library is built statically, so that the '.la' file contains the
# libraries that the module depends on.
#
# Yes, this is a horrible hack.
#
ifeq ($(findstring $(TARGET),$(STATIC_MODULES)),)
LINK_MODE=-export-dynamic
...
And in all .la files we find
# Should we warn about portability when linking against -modules?
shouldnotlink=yes
Look at rlm_eap
dependency_libs='
/usr/src/packages/SOURCES/freeradius-1.1.0/src/lib/libradius.la
-lcrypt -L/usr/lib -lssl -lnsl -lresolv -lpthread -lcrypto '
we can't find submodule forced in static linking, I beelieve because the
fact
static was forced (wasn't better declare them in $(STATIC_MODULES) as
written
in rules.mak ? I ask neh, I'm not sure at all.).
So I did a thing: restore as original makefile.in adding or deleting #
Some little adjustment to spec file (didn't find *.so and stopped rpm
building)
Et voila'.
+ '[' /var/tmp/freeradius-1.1.0-build '!=' / ']'
+ '[' -d /var/tmp/freeradius-1.1.0-build ']'
+ rm -rf /var/tmp/freeradius-1.1.0-build
Krb5 will never sure work, but it was to easy : My little brain is saying:
if they did it some valid reason have to be. (bugs ... crash, I don't know)
So starting radiusd I see rlm_exec is not found even if it's in
freradius/lib.
Strace -f: it' s not true: It's read but not linked
So I link it in usr/lib ln ... in usr/lib: it's read first in freeradius/lib
than in usr/lib and in this case the warning is different: a complaint
about ELF format. grrr...
I made also the opposite action:
I modified rlm_eap_ttls and rlm_eap_peap in such way to force static linking
as done in rlm_eap (outside libtool rules) using:
#STATIC_OBJS += $(shell ls -1 types/rlm_eap_tls/rlm_eap_tls.a 2>/dev/null)
and deleting from rlm...
This works for peap and ttls but an other lib (freeradius I think)
disappear.
So I'm asking which is the way, how to get my server working, and how many
time before complete removal or patching libtool libraries and modules.
In the middle time I'll be happy to compile without sharing and krb5 support
(i tried --without-... but other libs depending on krb5 libpq .. crash), but
with ttls and peap modules, if it is possible.
--
[1] Makefile.in in rlm_eap
#
# Statically link a few modules.
#
#STATIC_OBJS += $(shell ls -1 types/rlm_eap_gtc/rlm_eap_gtc.a
types/rlm_eap_leap/rlm_eap_leap.a types/rlm_eap_md5/rlm_eap_md5.a
types/rlm_eap_mschapv2/rlm_eap_mschapv2.a types/rlm_eap_peap/rlm_eap_peap.a
types/rlm_eap_sim/rlm_eap_sim.a types/rlm_eap_tls/rlm_eap_tls.a
types/rlm_eap_ttls/rlm_eap_ttls.a 2>/dev/null)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
