Ubuntu FreeRadius does not recoginize some perl.so symbols and does not compile from source and is also outdated (Why is there no new version in SID? Is the package still maintained?)

[Thomas Glanzmann]

Hello,
I wanted to use the FreeRadius package included in Ubuntu 12.04.2 LTS
(GNU/Linux 3.2.0-49-generic x86_64) to do SMS OTP password. In order to
do that I need to load perl code into FreeRadius which fails with the
following error on a fresh installed system:

(1) FreeRadius does not recognize symbol from perl module

sudo apt-get install freeradius libauthen-krb5-simple-perl
sudo cat > /etc/freeradius/sites-enabled/perl <<EOF
authenticate {
        perl
}

authorize {
        update control {
                Auth-Type := perl
        }
        preprocess
}

preacct {
        preprocess
        acct_unique
        suffix
}

accounting {
        detail
        radutmp
        attr_filter.accounting_response
}

session {
        radutmp
}
EOF
sudo cat > /etc/freeradius/example.pl <<EOF
use Authen::Krb5::Simple;
EOF
root@ubuntu64:~# sudo /etc/init.d/freeradius restart
 * Stopping FreeRADIUS daemon freeradius
 * /var/run/freeradius/freeradius.pid not found...
   ...done.
 * Starting FreeRADIUS daemon freeradius
Can't load '/usr/lib/perl5/auto/Authen/Krb5/Simple/Simple.so' for module 
Authen::Krb5::Simple: /usr/lib/perl5/auto/Authen/Krb5/Simple/Simple.so: 
undefined symbol: PL_thr_key at /usr/lib/perl/5.14/DynaLoader.pm line 184.
 at /etc/freeradius/example.pl line 1
Compilation failed in require at /etc/freeradius/example.pl line 1.
BEGIN failed--compilation aborted at /etc/freeradius/example.pl line 1.
   ...fail!

In order to resolve that issue the FreeRadius version need to be upgradred.
However I tried to rebuild from source because I saw a similar bug before which
got resolved by rebuilding the package after a perl security update:

(2) Freeradius does not build from source.

sudo su -
apt-get build-dep freeradius
apt-get source freeradius
cd freeradius-2.1.10+dfsg/
debian/rules binary

And it fails:

radeapclient.c:975:6: warning: variable 'count' set but not used 
[-Wunused-but-set-variable]
libtool: compile:  gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall 
-D_GNU_SOURCE -g -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align 
-Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations 
-Wnested-externs -W -Wredundant-decls -Wundef -I/tmp/freeradius-2.1.10+dfsg/src 
-Ilibeap -c radeapclient.c -o radeapclient.o >/dev/null 2>&1
/usr/bin/libtool --mode=link gcc   -o radeapclient radeapclient.lo 
libeap/libfreeradius-eap.la -lnsl -lresolv  -lpthread -lcrypto -lssl -lcrypto
libtool: link: gcc -o .libs/radeapclient .libs/radeapclient.o  
libeap/.libs/libfreeradius-eap.so -lnsl -lresolv -lpthread -lssl -lcrypto  
-Wl,-rpath -Wl,/usr/lib/freeradius
/usr/bin/ld: .libs/radeapclient.o: undefined reference to symbol 'fr_perror'
/usr/bin/ld: note: 'fr_perror' is defined in DSO 
/usr/lib/freeradius/libfreeradius-radius-2.1.10.so so try adding it to the 
linker command line
/usr/lib/freeradius/libfreeradius-radius-2.1.10.so: could not read symbols: 
Invalid operation
collect2: ld returned 1 exit status
make[7]: *** [radeapclient] Error 1

Full log is at: http://pbot.rmdir.de/6QWM6SrvmhzLYUQzjpQ3Dg

For the second issue I saw that there was a bug report which was closed because
it was not reproducible. For me it is, I reproduced it on a system setup from
scratch. I installed your ssh key on the system so that you can troubleshoot the
problem.

ssh -l yolanda -p 4001 infra.gmvl.de
You can get root by issueing 'sudo su -'. I disabled the password prompt.
You can also set you a password by 'sudo passwd yolanda' if necessary.
The system has full internet access.

Please let me know if I should file a bugreport for (1) and/or reopen the
bugreport for (2).

Howto reproduce the build bug:

        - Install a fresh Ubuntu in the packet selection only select ssh
          server
        - Execute the commands mentioned above.

References:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=623928
https://bugs.launchpad.net/ubuntu/+source/freeradius/+bug/1090365

As Alan has mention on the bug 1090365 in launchpad, is is easily fixed
by applying the following patch:

--
commit c86003daabfd7db7249c7259db48a5cc1aa2fb01
Author: Alan T. DeKok <al...@freeradius.org>
Date:   Thu Jan 20 16:01:17 2011 +0100

    Add $(LIBRADIUS) to allow it to link

diff --git a/src/modules/rlm_eap/Makefile.in b/src/modules/rlm_eap/Makefile.in
index 1e20588..5576294 100644
--- a/src/modules/rlm_eap/Makefile.in
+++ b/src/modules/rlm_eap/Makefile.in
@@ -6,7 +6,7 @@ TARGET      = @targetname@
 SRCS        = rlm_eap.c eap.c mem.c
 HEADERS     = eap.h rlm_eap.h
 RLM_CFLAGS  = $(INCLTDL) -Ilibeap
-CLIENTLIBS  = libeap/$(LIBPREFIX)freeradius-eap.la
+CLIENTLIBS  = libeap/$(LIBPREFIX)freeradius-eap.la $(LIBRADIUS)
 RLM_LIBS    = libeap/$(LIBPREFIX)freeradius-eap.la $(LIBLTDL)
 RLM_INSTALL = install-subdirs
 RLM_SUBDIRS = libeap @eaptypes@
--

So I wonder why the build problem was not fixed?

I really would like to see that both issues get fixed. That way the out of the
box FreeRadius packet gets usuable and someone does not need to recompile the
package. Also I do not understand why Debian and Ubuntu does not have the
current version of the 2.2.x branch. It looks like the package is no longer
maintained. I also do not see a current version in SID (for Debian and Ubuntu
that is). So I wonder what is going on here?

So for now I'm stuck with compiling FreeRadius by myself for
Debian/Ubuntu. Has someone updated Debian packages somewhere?

Cheers,
        Thomas
--
Thomas Glanzmann <tho...@glanzmann.de>  Landline  +49 9131 6 14 720
Diplom-Informatiker Univ.               Facsimile +49 9131 6 14 721
Rathsbergerstrasse 28
D-91054 Erlangen - Burgberg, Germany    http://thomas.glanzmann.de/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html