Re: pppd + freeradius
On Thu, Aug 28, 2003 at 10:23:26AM +0600, Eric wrote: Has anybody linked ppp-daemon to freeradius server. The 2.4.2b3 release of ppp has its own radiusclient, but it doesn't work. It works. You're misconfiguring it, or something. /fc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: max_request and max_servers in radiusd.conf
Quoting Kostas Kalevras [EMAIL PROTECTED]: Freeradius version: 0.9.0 Authentication method: LDAP - openldap-2.0.27.tgz Running in ISP enviroment connected to various kind of NAS Found a few errors in radius.log i) thread error /var/log/radius.log.0.gz:Thu Aug 28 18:59:19 2003 : Info: The maximum number of threads (32) are active, cannot spawn new thread to handle request = What is the recommended value for max_servers and also max_request in radius.conf ?? It depends on your needs on the modules used etc. Maybe something around 96-120 Thanks for the value... But that is for max_servers... How about max_request value?? By default it is set to 1024 by the rules of 256*4 client... So I try with 100 clients .. so the value would be 256*100 = 25600 .. Is it ok ?? For backend slow response.. I'll try to fix it... thanks... regards, --haizam This e-mail has been sent via JARING webmail at http://www.jaring.my - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_unix error invalid password
On Fri, 2003-08-29 at 13:51, Alan DeKok wrote: If the module says that the password is incorrect, then it's incorrect. Are you sure that the server is using the right version of crypt() ? Alan DeKok. running in debug mode I get this: rad_recv: Access-Request packet from host 192.168.1.102:1812, id=0, length=44 Thread 1 assigned request 0 --- Walking the entire request list --- Threads: total/active/spare threads = 5/1/4 Waking up in 5 seconds... Thread 1 handling request 0, (1 handled so far) User-Name = matt User-Password = correct password modcall: entering group authorize modcall[authorize]: module preprocess returns ok rlm_chap: Could not find proper Chap-Password attribute in request modcall[authorize]: module chap returns noop modcall[authorize]: module mschap returns notfound rlm_realm: No '@' in User-Name = matt, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop users: Matched DEFAULT at 152 modcall[authorize]: module files returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type System auth: type System modcall: entering group authenticate rlm_unix: [matt]: invalid password modcall[authenticate]: module unix returns reject modcall: group authenticate returns reject auth: Failed to validate the user. Login incorrect: [matt] (from client wlan port 0) Delaying request 0 for 1 seconds Finished request 0 Going to the next request Thread 1 waiting to be assigned a request --- Walking the entire request list --- Threads: total/active/spare threads = 5/0/5 Sending Access-Reject of id 0 to 192.168.1.102:1812 Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 0 with timestamp 3f501f6c Nothing to do. Sleeping until we see a request. I didn't feel like leaving the password in but I had three other people confirm that it is correct case and everything in between the quotes. The user name is also correct for case and spelling. I am testing from windows with the Radius Client 1.0 from www.efinesoft.com I was unable to find a copy of the ntradping program. It works with the only other radius server I have access to. Forgive my ignorance but I am not sure how to check the crypt version. I am looking into that. I have not changed anything and all other authentication systems have worked fine. thanks a lot for the help. -- Matt Whiteley [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: log clear passwords
On Thursday 28 August 2003 9:43 pm, Evren Yurtesen wrote: No, modifying sources wouldnt do any good, because when you use chap the password is not transmitted over the line. Thus there is no way for freeradius to know what password the client entered. yes and no -- while the password itself isn't necessarilly transmitted, the radius server is ultimately able to determine it was good or it was bad; for the case of good, the server ALREADY KNOWS the password [be it from the file or a database record] so logging a known value at that point should be trivial... -- Yet another Blog: http://osnut.homelinux.net pgp0.pgp Description: signature
Snmp?
can you guys please give me some hints about using snmp on freeradius ? is this possible to bind it to another port beside standard snmp port (116?) are freeradius using this port at all ?! :) thanks :) -- Those who do not do politics will be done in by politics ! :) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Need some help configuring freeradius - openssl problem (EAP)
Hi, I sent this message out twice, but did not get a response. I was wondering if someone could help me. --- Hi, I have openssl 0.9.7 installed in /usr/local/ssl, and am trying to configure my freeradius installation at my wireless access point with : ./configure --prefix=/usr/local/freeradius --with-ssl=/usr/local/ssl --with-mcrypt=/usr/local/lib/libmcrypt/ --with-mhash=/usr/local/lib/libmhash/ --with-ltdl-lib=/usr/lib --with-gnu-ld I get an error in the configuration : loading cache ../../../../.././config.cache checking for gcc... (cached) gcc checking whether the C compiler (gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG ) works... yes checking whether the C compiler (gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG ) is a cross-compiler... no checking whether we are using GNU C... (cached) yes checking whether gcc accepts -g... (cached) yes checking for openssl/ssl.h... no checking for DH_new in -lcrypto... no checking for SSL_new in -lssl... no checking how to run the C preprocessor... (cached) gcc -E checking for openssl/err.h... no checking for openssl/engine.h... no configure: warning: silently not building rlm_eap_tls. configure: warning: FAILURE: rlm_eap_tls requires: (openssl/ssl.h) libcrypto libssl. How do I fix this problem ? Thanks, MS - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Need some help configuring freeradius - openssl problem (EAP)
Hi, I sent this message out twice, but did not get a response. I was wondering if someone could help me. --- Hi, I have openssl 0.9.7 installed in /usr/local/ssl, and am trying to configure my freeradius installation at my wireless access point with : ./configure --prefix=/usr/local/freeradius --with-ssl=/usr/local/ssl --with-mcrypt=/usr/local/lib/libmcrypt/ --with-mhash=/usr/local/lib/libmhash/ --with-ltdl-lib=/usr/lib --with-gnu-ld I get an error in the configuration : loading cache ../../../../.././config.cache checking for gcc... (cached) gcc checking whether the C compiler (gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG ) works... yes checking whether the C compiler (gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG ) is a cross-compiler... no checking whether we are using GNU C... (cached) yes checking whether gcc accepts -g... (cached) yes checking for openssl/ssl.h... no checking for DH_new in -lcrypto... no checking for SSL_new in -lssl... no checking how to run the C preprocessor... (cached) gcc -E checking for openssl/err.h... no checking for openssl/engine.h... no configure: warning: silently not building rlm_eap_tls. configure: warning: FAILURE: rlm_eap_tls requires: (openssl/ssl.h) libcrypto libssl. How do I fix this problem ? Thanks, MS - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Snmp?
From: Zoup Sent: Saturday, 30 August 2003 7:09 PM can you guys please give me some hints about using snmp on freeradius ? is this possible to bind it to another port beside standard snmp port (116?) are freeradius using this port at all ?! :) I don't know which one you mean, altough I _assume_ it's the first answer you're after: FreeRADIUS doesn't talk SNMP directly. It registers with the SNMP multiplexer running on your system, and communicates through it. So it shouldn't bind port 116 at all. For making SNMP queries to NAS's, it uses the snmpget and snmpwalk programs on your system. (See checkrad.pl) -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need some help configuring freeradius - openssl problem (EAP)
From: Madhusudan Singh [EMAIL PROTECTED] configure: warning: FAILURE: rlm_eap_tls requires: (openssl/ssl.h) libcrypto libssl. This is the problem. How do I fix this problem ? By installing libcrypto and libssl Do a find / -name ssl.h to find out if ssl.h is already there. Thor. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_unix error invalid password
Matt Whiteley [EMAIL PROTECTED] wrote: I didn't feel like leaving the password in but I had three other people confirm that it is correct case and everything in between the quotes. The user name is also correct for case and spelling. There really isn't much I can say. The server is being told the password is wrong, that's why it's rejecting the user. About the only thing I can suggest is source code modifications to rlm_unix, to print both encrypted passwords, so you can see what's going on. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: log clear passwords
Tom Emerson [EMAIL PROTECTED] wrote: yes and no -- while the password itself isn't necessarilly transmitted, the radius server is ultimately able to determine it was good or it was bad; for the case of good, the server ALREADY KNOWS the password [be it from the file or a database record] so logging a known value at that point should be trivial... Why would you want to log the password from the database? You can always look it up in the database, if you care what it is. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need some help configuring freeradius - openssl problem (EAP)
Madhusudan Singh [EMAIL PROTECTED] wrote: I have openssl 0.9.7 installed in /usr/local/ssl, and am trying to configure my freeradius installation at my wireless access point with : ./configure --prefix=/usr/local/freeradius --with-ssl=/usr/local/ssl ... That won't work in FreeRADIUS 0.9.0. It doesn't use that option to look for OpenSSL. Try the latest CVS snapshot, and do: ./configure --prefix=/usr/local/freeradius --with-open-ssl-inc=/usr/local/ssl/include --with-openssl-lib=/usr/local/ssl/lib ... and it should be better. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Passwords over 12 chars
Hi, Is there a some reason why any password that I type into freeside over 12 chars is put into the sqlradius database and Crypt-Password? I have a customer whodials in useing the password countrybumpkin. Now that I have switched over to freeside this password is exported and a Crypy-Password. If I make it 12 or less it is put in as password. Is this suppose to be like this? Can it be stoped? Troy
Re: Passwords over 12 chars
- Original Message - From: Troy Hammonds 1) send mail in plain text instead of html 2) it's a question for the mailing list of the database you are using Thor. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Passwords over 12 chars
From: Troy Hammonds Sent: Sunday, 31 August 2003 12:29 AM Is there a some reason why any password that I type into freeside over 12 chars is put into the sqlradius database and Crypt-Password? Ask the Freeside people. FreeRADIUS has nothing to do with that. http://www.sisd.com/freeside/ -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP/TTLS problem with EAP/MD5
Hi ppl,
i have problem with implementing of EAP/TTLS on freeradius, i have setup
auth in EAP/TTLS to EAP/MD5 and this is my error:
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type EAP
modcall: entering group authenticate
rlm_eap: EAP Identity
rlm_eap: No such EAP type 4
rlm_eap: Failed in EAP select
modcall[authenticate]: module eap returns invalid
modcall: group authenticate returns invalid
auth: Failed to validate the user.
looking at the source i have seen that the problem is in following lines:
#eap.c
if ((default_eap_type PW_EAP_MD5) ||
(default_eap_type PW_EAP_MAX_TYPES) ||
(inst-types[default_eap_type] == NULL)) {
DEBUG2( rlm_eap: No such EAP type %d,
default_eap_type);
return EAP_INVALID;
}
looking at eap.h have seen that PW_EAP_MD5 value is 4.
Anyone has some idea?
Sergio,
FutureBrain
follows freeradius log
rad_recv: Access-Request packet from host 192.168.2.254:2051, id=0,
length=193
User-Name = tobi
NAS-IP-Address = 192.168.2.254
Called-Station-Id = 0030bd96618f
Calling-Station-Id = 0030bd97d2f8
NAS-Identifier = 0030bd96618f
NAS-Port = 189
Framed-MTU = 1400
State = 0x52c82cce680f4e775d5e00ab17705d2f
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x0204003f158000351703010030d38d75a57f3413419cb84a5afea774b0c58547ba2544163213b71c06082b522a18d5f79ea4d77e85ffc94fe8069de8ff
Message-Authenticator = 0xfaf781eca6accfb78d59d841524e9f7d
modcall: entering group authorize
modcall[authorize]: module preprocess returns ok
modcall[authorize]: module chap returns noop
rlm_eap: EAP packet type response id 4 length 63
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module eap returns updated
rlm_realm: No '@' in User-Name = tobi, looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module suffix returns noop
users: Matched DEFAULT at 152
users: Matched tobi at 215
modcall[authorize]: module files returns ok
modcall[authorize]: module mschap returns noop
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type EAP
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
eaptls_process returned 7
rlm_eap_ttls: Session established. Proceeding to decode tunneled
attributes.
TTLS: Got tunneled request
EAP-Message = 0x020901746f6269
Freeradius-Proxied-To = 127.0.0.1
TTLS: Got tunneled identity of tobi
TTLS: Setting default EAP type for tunneled EAP session.
TTLS: Sending tunneled request
EAP-Message = 0x020901746f6269
Freeradius-Proxied-To = 127.0.0.1
User-Name = tobi
modcall: entering group authorize
modcall[authorize]: module preprocess returns ok
modcall[authorize]: module chap returns noop
rlm_eap: EAP packet type response id 0 length 9
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module eap returns updated
rlm_realm: No '@' in User-Name = tobi, looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module suffix returns noop
users: Matched DEFAULT at 152
users: Matched tobi at 215
modcall[authorize]: module files returns ok
modcall[authorize]: module mschap returns noop
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type EAP
modcall: entering group authenticate
rlm_eap: EAP Identity
rlm_eap: No such EAP type 4
rlm_eap: Failed in EAP select
modcall[authenticate]: module eap returns invalid
modcall: group authenticate returns invalid
auth: Failed to validate the user.
TTLS: Got tunneled reply RADIUS code 3
EAP-Message = 0x0404
Message-Authenticator = 0x
TTLS: Rejecting tunneled user
rlm_eap: Handler failed in EAP type 21
TTLS: Freeing handler for user tobi
rlm_eap: Failed in EAP select
modcall[authenticate]: module eap returns invalid
modcall: group authenticate returns invalid
auth: Failed to validate the user.
Delaying request 4 for 1 seconds
Finished request 4
Going to the next request
rl_next: returning NULL
Waking up in 6 seconds...
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: log clear passwords
Why would you want to log the password from the database? You can always look it up in the database, if you care what it is. In my case, we migrated 2000 dial up users to a new ISP. We were given a list of login and passwords, not fully updated with the real info in the client side. I want to log the clear text password to be able to say to the client you are typing XXX as password. It's incredible, but we have many dial up users who say Im typing X as password, but they are entering Y. Is just to give better support to clients. Omar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
mschap v2 and external authentication
Hi everyone. My problem is following: I'm using freeradius 0.9.0. I need to authenticate users by mschap v2. The database is a quite sophisticated one in an Oracle. So I want to authenticate by external script using Exec-Program-Wait. With pap and chap it goes well, but with mschap it fails with an error: auth: type MS-CHAP modcall: entering group Auth-Type rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: No LM-Password or NT-Password attribute found. Cannot perform MS-CHAP authentication. modcall[authenticate]: module mschap returns fail modcall: group Auth-Type returns fail auth: Failed to validate the user. Piece of config in users file: DEFAULT Auth-Type = Accept Service-Type = Framed-User, Exec-Program-Wait = /usr/local/bin/billing/login, Framed-Protocol = PPP, Idle-Timeout = 900, Framed-Routing = None If I put here plaintext user and password it passes ok. In general I understand that some data (password) used by mschap core module can't be received by it, but I have no clue how to bypass this. Or how to fed it manually from my script. Is it possible at all to use mschap and Exec-Program-Wait together? I would kindly appreciate any help. Thanks. -- Dmitry Koval [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re:(2) log clear passwords
by the way, didnt they have a password database to authenticate users anyhow? how come they have an not up to date database of passwords? How were they authenticating anyhow? Omar Armas wrote: Why would you want to log the password from the database? You can always look it up in the database, if you care what it is. In my case, we migrated 2000 dial up users to a new ISP. We were given a list of login and passwords, not fully updated with the real info in the client side. I want to log the clear text password to be able to say to the client you are typing XXX as password. It's incredible, but we have many dial up users who say Im typing X as password, but they are entering Y. Is just to give better support to clients. Omar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: log clear passwords
Yet you can see that they type the password wrong. If you are using chap then you should accept that you cant learn more than that. As a matter of fact using CHAP is not any more secure than using PAP if you are using it for dialup. It is extremely difficult to spy on a dialup line anyhow (thus wouldnt worth for cracking either) If the password exchanged between the client and the NAS is not encrypted, who cares? :) The information exchanged between the NAS and the FreeRadius is already encrypted so there is also very little risk of compromising the security. The downside of using CHAP is if you lose your user database, then you are doomed. You must change every user's password doh. If the user forgets his password then it should be trivial to give a new one though. So for dialup environment, using PAP is actually acceptable. Also you can use PAP with cleartext passwords too if you want. Evren Omar Armas wrote: Why would you want to log the password from the database? You can always look it up in the database, if you care what it is. In my case, we migrated 2000 dial up users to a new ISP. We were given a list of login and passwords, not fully updated with the real info in the client side. I want to log the clear text password to be able to say to the client you are typing XXX as password. It's incredible, but we have many dial up users who say Im typing X as password, but they are entering Y. Is just to give better support to clients. Omar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need some help configuring freeradius - openssl problem (EAP)
Hi Thanks for your response. Let me try this out. MS That won't work in FreeRADIUS 0.9.0. It doesn't use that option to look for OpenSSL. Try the latest CVS snapshot, and do: ./configure --prefix=/usr/local/freeradius --with-open-ssl-inc=/usr/local/ssl/include --with-openssl-lib=/usr/local/ssl/lib ... and it should be better. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need some help configuring freeradius - openssl problem (EAP)
Hi I tried what you suggested. Downloaded freeradius-snapshot-20030830. No go. I still get : checking for openssl/ssl.h... no checking for DH_new in -lcrypto... no checking for SSL_new in -lssl... no checking how to run the C preprocessor... (cached) gcc -E checking for openssl/err.h... no checking for openssl/rand.h... no checking for openssl/engine.h... no configure: warning: silently not building rlm_eap_tls. configure: warning: FAILURE: rlm_eap_tls requires: (openssl/ssl.h) libcrypto libssl. and checking for inttypes.h... (cached) yes checking for DES_cbc_encrypt in -lcrypto... no checking for des_cbc_encrypt in -lcrypto... no configure: warning: silently not building rlm_x99_token. configure: warning: FAILURE: rlm_x99_token requires: des_cbc_encrypt. I used the following different configure options : --with-open-ssl-inc=, --with-openssl-inc and --with-openssl-include. (the first is what you suggested, I was just trying to make sure it wasn't a typo) Last configure command : ./configure --prefix=/usr/local/freeradius --with-mcrypt=/usr/local/lib/libmcrypt/ --with-mhash=/usr/local/lib/libmhash/ --with-ltdl-lib=/usr/lib --with-gnu-ld --with-openssl-include=/usr/local/ssl/include/ --with-openssl-lib=/usr/local/ssl/lib/ And I do have the following include file : /usr/local/ssl/include/openssl/ssl.h What could be wrong ? Thanks, MS Alan DeKok wrote: Madhusudan Singh [EMAIL PROTECTED] wrote: I have openssl 0.9.7 installed in /usr/local/ssl, and am trying to configure my freeradius installation at my wireless access point with : ./configure --prefix=/usr/local/freeradius --with-ssl=/usr/local/ssl ... That won't work in FreeRADIUS 0.9.0. It doesn't use that option to look for OpenSSL. Try the latest CVS snapshot, and do: ./configure --prefix=/usr/local/freeradius --with-open-ssl-inc=/usr/local/ssl/include --with-openssl-lib=/usr/local/ssl/lib ... and it should be better. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP/TTLS problem with EAP/MD5
Fastbyte [EMAIL PROTECTED] wrote:
i have problem with implementing of EAP/TTLS on freeradius, i have setup
auth in EAP/TTLS to EAP/MD5 and this is my error:
...
rlm_eap: No such EAP type 4
It looks like you don't have the 'md5' sub-module configured inside
of the 'eap' module. Either you've deleted it, or you've re-ordered
the list of sub-modules.
looking at the source i have seen that the problem is in following lines:
#eap.c
if ((default_eap_type PW_EAP_MD5) ||
(default_eap_type PW_EAP_MAX_TYPES) ||
(inst-types[default_eap_type] == NULL)) {
...
looking at eap.h have seen that PW_EAP_MD5 value is 4.
Well.. The value of PW_EAP_MD5 is NOT less than PW_EAP_MD5, and it's
not MORE than the valur of PW_EAP_MAX_TYPES, so by the process of
elimination, it means that the last test is the one which is failing.
Include a configuration entry for 'md5', just like the default
'radiusd.conf'. List 'ttls' after 'md5', just like the default
'radiusd.conf'
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need some help configuring freeradius - openssl problem (EAP)
Madhusudan Singh [EMAIL PROTECTED] wrote: I tried what you suggested. Downloaded freeradius-snapshot-20030830. No go. I still get : checking for openssl/ssl.h... no checking for DH_new in -lcrypto... no ... Try looking at the logs from 'configure'. If that doesn't help, edit the Makefiles. Each 'Makefile' for the modules is about 10 lines. The 'configure' scripts are there only as an easy short-hand, in 99% of the normal cases. If 'configure' is too hard to use, edit the 'Makefile' by hand. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
