Do you know how to compile pre 1.0.2? (I really do have problems!)
Here is how to get 1.0.0 and 1.0.1 to work on Sol 8 / 9.
Requirements:
gcc, gdbm, gmake, libiconv, openssh, openssl, tcp_wrappers, zlib
pkg_get (for openldap)
/etc/profile or /.profile
PATH=/opt/csw/bin:$PATH
PATH=$PATH:/usr/local/bin:/usr/ccs/bin:/usr/sfw/bin:/usr/openwin/bin
LD_LIBRARY_PATH=/opt/csw/lib:$LD_LIBRARY_PATH:/opt/csw/lib/sasl2
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/lib:/usr/local/lib:/usr/local/
ssl/lib
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/openwin/lib
MANPATH=/usr/man:/usr/local/man
export PATH LD_LIBRARY_PATH MANPATH
Blastwave:
pkg-get
pkgadd -d pkg_get.pkg
If not Solaris9 (/usr/sfw/bin):
wget-i386.bin / wget-sparc.bin
chmod 0755 wget
$PATH: wget, gzip, /opt/csw/bin
URL in /opt/csw/etc/pkg-get.conf
GPG:
pkg-get install textutils (extra install)
pkg-get install gnupg
gnupg installs: bdb4, bzip2, common, expat, gettext, gsed
libiconv, libtool, openldap, openssl,
sasl, textutils, zlib
Key for GPG:
wget http://www.blastwave.org/mirrors.html
gpg --import mirrors.html
pkg-get -U (now without errors)
pkg-get -c (list s. gunpg)
OpenLDAP:
pkg-get install openldap-2.1.22 (s.o. should be installed already)
Perl:
pkg-get install perl
LDAP Fix:
./src/modules/rlm_ldap/rlm_ldap.c
unterhalb #define TIMELIMIT 5
/* Anpassungen fuer OpenLDAP */
#define LDAP_OPT_SUCCESS 0
#define LDAP_OPT_DEBUG_LEVEL 0x5001 /* debug level */
#define LDAP_OPT_NETWORK_TIMEOUT 0x5005 /* socket
level timeout */
#define LDAP_OPT_X_TLS 0x6000
#define LDAP_OPT_X_TLS_CACERTFILE 0x6002
#define LDAP_OPT_X_TLS_CACERTDIR 0x6003
#define LDAP_OPT_X_TLS_CERTFILE 0x6004
#define LDAP_OPT_X_TLS_KEYFILE 0x6005
#define LDAP_OPT_X_TLS_RANDOM_FILE 0x6009
#define LDAP_OPT_X_TLS_HARD 1
LTDL Fix:
./src/modules/rlm_sql/rlm_sql.h
./src/include/modpriv.h
LibTool: copied created libtool from 1.0.1 to 1.0.2s:
./libltdl: make seems ok
./ make breaks at rlm_eap
Alan DeKok wrote in response to [EMAIL PROTECTED]:
There are known problems with 1.0.1 on Solaris.
$ cvs -d :pserver:[EMAIL PROTECTED]:/source login
<type in: anoncvs>
$ cvs -d :pserver:[EMAIL PROTECTED]:/source checkout -r
release_1_0 radiusd
OR: ftp cvs.freeradius.org anonymous email mget pub/radius/CVS.../*
Might work, but does not compile, yet!
Compiling:
freeradius: cd ./libltdl: ./configure --enable-ltdl-install
freeradius: cd ./libltdl: make (erzeugt Fehler, Ursache unklar)
freeradius: cd ./src: CONFIGURE nicht nötig (?)
freeradius: cd ./src: make
freeradius: ./configure.sh
# cd ./libltdl
# ./configure --enable-ltdl-install
# make
# cd ../src
# make
# cd ..
./configure \
--without-rlm_krb5 \
--without-rlm_sql_iodbc --without-rlm_sql_mysql \
--without-rlm_sql_postgresql \
--without-rlm_sql_oracle --without-rlm_sql_unixodbc \
--with-include-dir=/opt/csw/include \
--with-rlm-sql-include-dir=/opt/csw/include \
--with-rlm-ldap-include-dir=/opt/csw/include \
--with-openssl-includes=/usr/local/ssl/include \
--with-openssl-libraries=/usr/local/ssl/lib
> ../config.050118.log
#
# Without LDAP support:
#
# ./configure --without-rlm_ldap \
# --with-openssl-includes=/usr/local/ssl/include \
# --with-openssl-libraries=/usr/local/ssl/lib >
config.041203.log
freeradius: make
freeradius: make install
freeradius: vi /usr/local/ssl/misc/CA.pl: #!/opt/csw/bin/perl
freeradius: vi scripts/certs.sh (Zufalls-Zeichenfolge eintragen, kein " !)
freeradius: scripts/certs.sh (Syntax Error beheben)
freeradius: scripts/CA.certs: PASSWORD = eap.conf (s.n.Zeile)
/usr/local/etc/raddb/eap.conf: private_key_password
Add user:
/usr/local/etc/raddb/users
Configure server:
/usr/local/etc/raddb/radiusd.conf
/usr/local/etc/raddb/clients.conf
Configure proxy:
/usr/local/etc/raddb/proxy.conf
Start freeradius in debug mode:
/usr/local/sbin/radiusd -sfxxyz -l stdout
/usr/local/sbin/radiusd -X
Test freeradius:
/usr/local/bin/radtest bob bob localhost 0 testing123
After changes: freeradius CTRL-C and restart
MS-Chapv2: EAP-TLS requires certificates
path to openssl and CA.pl
Certificates: /usr/local/radius/certs.sh
cp -r /usr/local/radius/certs /etc/raddb/
Cisco Setup:
Express SetUp:
Name: DE-LLH-R-AP001
MAC: 0011.93b8.00ff
IP: 172.22.222.6
SNMP: defaultCommunity (ro)
Role: Access Point Root
Express Security:
SSID: DE-LLH (broadcast)
VLAN: none
Encryption: ciphers tkip
Authentication: open+EAP, network+EAP
Key Managment: wpa
Radius Server: 172.22.222.42
Radius Secret: de-llh (vgl. RADIUS: client.conf)
Network Interfaces:
IP Address
Fast Ethernet
Radio0-802.11G - Status & Settings
Radio1 - not installed
Security - Admin Access:
Default Authentication
Password: bier
User: admin (rw)
Password: bier
Security - Encryption:
Cipher: TKIP
Keys: keine
Properties: keine
Security - SSID Manager:
DE-LLH
Open Authentication with EAP
Network EAP with MAC Authentication
Server: Use Defaults
Key Managment Mandatory: WPA (no Pre-shared Key)
Accounting disabled
General Settings off
EAP Client: pallhuber / pallhuber
Global Radio0 SSID Properties: DE-LLH / DE-LLH Force
Security - Server Manager:
Backup Radius: none
Server List: 172.22.222.42
Shared Secret: de-llh (vgl. RADIUS: client.conf)
Authentication: 1812
Accounting: 1813
Server Properties: 172.22.222.42 (alle bis auf TACACS)
Global Properties: none
Security - Local Radius:
Statistics: none
General Setup: none
EAP-FAST Setup: none
Security - Advanced Security:
Mac Addresses: Authentication Server if not in Local List
Local List: 0030.f1b5.d16b
Services:
Telnet/SSH: Disabled / Enabled
Hot Standby: Disabled
Discovery: Enabled
DNS: Disabled
Filter: none
HTTP: https
QoS: none
SNMP: Disabled
NTP: Disabled / Datum & Uhrzeit einstellen
VLAN: None
ARP Caching: Disabled
Wireless Services:
none
System Software:
Model: AIR-AP1231G-E-K9 (802.11g, Europa)
Serial: FHK0832JOYZ
File: c1200-k9w7-tar.123-2.JA
Configuration: show config, restart, LED
Event Log:
Syslog Server: 172.22.222.42
Facility: Local use 7
# Solaris9: /etc/syslog.conf: Logging Access Point Messages
user.debug /var/log/authlog
local7.debug /var/log/access_point
/etc/init.d/syslog stop
/etc/init.d/syslog start (syslog service starting.)
more /etc/syslog.pid
Administration:
/freeradius/dialup_admin/htdocs/*.php in Apache "htdocs"
Testing:
echo 'user-name=matthias, user-password=hello'| /usr/local/bin/radclient
172.22.222.42 auth adiva.de-0205
/usr/local/bin/radtest matthias hello 172.22.222.42 0 adiva.de-0205
Compilig freeradius / squid:
rlm_ldap missing definitions:
below #define TIMELIMIT 5
/* Anpassungen fuer OpenLDAP */
#define LDAP_OPT_SUCCESS 0
#define LDAP_OPT_DEBUG_LEVEL 0x5001 /* debug level */
#define LDAP_OPT_NETWORK_TIMEOUT 0x5005 /* socket
level timeout */
#define LDAP_OPT_X_TLS 0x6000
#define LDAP_OPT_X_TLS_CACERTFILE 0x6002
#define LDAP_OPT_X_TLS_CACERTDIR 0x6003
#define LDAP_OPT_X_TLS_CERTFILE 0x6004
#define LDAP_OPT_X_TLS_KEYFILE 0x6005
#define LDAP_OPT_X_TLS_RANDOM_FILE 0x6009
#define LDAP_OPT_X_TLS_HARD 1
#define LDAP_OPT_DEBUG_LEVEL 0x5001 /* debug level */
#define LDAP_OPT_NETWORK_TIMEOUT 0x5005 /* socket
level timeout */
/opt/csw/include/ldap.h defines everything
/opt/SUNWwbsvr/plugins/include/ldapsdk50/ldap.h headers only
/usr/include/ldap.h nothing defined here
/usr/iplanet/ds5/plugins/slapd/slapi/include/ldap.h headers only
/usr/ds/v5.2/plugins/slapd/slapi/include/ldap.h headers only
Matthias Rumitz
TC Unix / Netzwerke
ADIVA Computertechnologie GmbH
Norsk-Data-Str. 1
D-61352 Bad Homburg v.d.H.
Fon: +49(0) 61 72 / 48 61 - 0
Fax: +49(0) 61 72 / 48 61 - 700
Web: http://www.adiva.de eMail: [EMAIL PROTECTED]
Diese E-Mail Nachricht enthält vertrauliche und/oder rechtlich geschützte
Informationen.
Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich
erhalten haben,
informieren Sie bitte sofort den Absender und vernichten Sie diese Mail.
This e-mail message may contain confidential and/or privileged
information.
If you are not the intended recipient (or have received this e-mail in error)
please notify the sender immediately and destroy this e-mail.
----- Originalnachricht -----
Von: "Schoggins, George" <[EMAIL PROTECTED]>
Datum: Freitag, Januar 28, 2005 8:13 pm
Betreff: Install problems on Solaris 8
> Does anyone have step by step on what has to be installed to get
> radiusto work? I have installed libraries and env variable and
> pkg's for three
> days now and I an still getting errors. Is there a list of what
> needs to
> be installed before radius? Is there any samples of the cofigure
> arguments anywhere? Help!!!!!
>
> George Schoggins
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
