from:"Rafiqul Ahsan"

Re: 2.0.5 on Solaris with openssl 0.9.8h [SEC=UNCLASSIFIED]

2008-08-18 Thread Rafiqul Ahsan

Hi Alan,

Thank you for your responses, and I appreciate for your time. I have
few Sun machines, T2000, V210 - all of them has Solaris 10 with
/usr/sfw/ dirs...Not sure I would try deleting the directory. But
before going in to that approach, I have done a little test

1. I moved libssl.so.0.9.7, and libcrypto.so.0.9.7 from /usr/sfw/lib
directory, and copied libssl.0.9.8, and libcrypto.0.9.8 in to this
directory.

2. Having following path, and FLAGS...
bash-3.00# echo $PATH
/usr/sbin:/usr/bin:/usr/local/ssl/bin:/usr/sfw/bin:/usr/local/bin:/usr/ccs/bin
bash-3.00# echo LDFLAGS
LDFLAGS
bash-3.00# echo $LDFLAGS
-L/usr/local/ssl/lib -R/usr/local/ssl/lib
bash-3.00# echo $CPPFLAGS
-I/usr/local/ssl/include/openssl
bash-3.00# echo $CFLAGS
-I/usr/local/ssl/include/openssl
bash-3.00# crle
Configuration file [version 4]: /var/ld/ld.config
  Default Library Path (ELF):   /lib/:/usr/lib:/usr/local/ssl/lib
  Trusted Directories (ELF):/lib/secure:/usr/lib/secure  (system default)
Command line:
  crle -c /var/ld/ld.config -l /lib/:/usr/lib:/usr/local/ssl/lib
bash-3.00# echo $LD_LIBRARY_PATH
/usr/lib:/usr/local/ssl/lib

3. ./configure --prefix=/usr/local --with-openssl-includes=/usr/local/s
sl/include --with-openssl-libraries=/usr/local/ssl/lib

See the below WARNING :
configure: WARNING: pcap library not found, silently disabling the
RADIUS sniffer.
config.status: WARNING: ./Make.inc.in seems to ignore the --datarootdir setting
config.status: WARNING: ./src/include/build-radpaths-h.in seems to
ignore the --datarootdir setting
chmod: WARNING: can't access check-radiusd-config
configure: WARNING: silently not building rlm_counter.
configure: WARNING: FAILURE: rlm_counter requires: libgdbm.
configure: WARNING: silently not building rlm_eap_tls.
configure: WARNING: FAILURE: rlm_eap_tls requires: OpenSSL.
configure: WARNING: silently not building rlm_eap_ttls.
configure: WARNING: FAILURE: rlm_eap_ttls requires: OpenSSL.
configure: WARNING: silently not building rlm_eap_ikev2.
configure: WARNING: FAILURE: rlm_eap_ikev2 requires: libeap-ikev2
EAPIKEv2/connector.h.
configure: WARNING: the TNCS library isn't found!
configure: WARNING: silently not building rlm_eap_tnc.
configure: WARNING: FAILURE: rlm_eap_tnc requires: -lTNCS.
configure: WARNING: silently not building rlm_eap_peap.
configure: WARNING: FAILURE: rlm_eap_peap requires: OpenSSL.
configure: WARNING: silently not building rlm_ippool.
configure: WARNING: FAILURE: rlm_ippool requires: libgdbm.
configure: WARNING: neither krb5 'k5crypto' nor 'crypto' libraries are found!
configure: WARNING: the comm_err library isn't found!
configure: WARNING: silently not building rlm_krb5.
configure: WARNING: FAILURE: rlm_krb5 requires: krb5.h.
configure: WARNING: silently not building rlm_ldap.
configure: WARNING: FAILURE: rlm_ldap requires: libldap_r.
configure: WARNING: silently not building rlm_otp.
configure: WARNING: FAILURE: rlm_otp requires: openssl-libs.
configure: WARNING: silently not building rlm_perl.
configure: WARNING: FAILURE: rlm_perl requires: EXTERN.h perl.h libperl.so.
configure: WARNING: silently not building rlm_python.
configure: WARNING: FAILURE: rlm_python requires: Python.h libpython2.3.
configure: WARNING: silently not building rlm_sql_iodbc.
configure: WARNING: FAILURE: rlm_sql_iodbc requires: libiodbc isql.h.
configure: WARNING: silently not building rlm_sql_postgresql.
configure: WARNING: FAILURE: rlm_sql_postgresql requires: libpq.
configure: WARNING: oracle headers not found. Use --with-oracle-home-dir=.
configure: WARNING: silently not building rlm_sql_oracle.
configure: WARNING: FAILURE: rlm_sql_oracle requires: oci.h.
configure: WARNING: silently not building rlm_sql_unixodbc.
configure: WARNING: FAILURE: rlm_sql_unixodbc requires: libodbc sql.h.

4. Make --- never creates rlm_eap_ttls/tls.o

5. Make install creates new radiusd...but with no libssl.so.0.9.X, and
libcrypto.so.0.9.X
Here is the output...
# ldd /usr/local/sbin/radiusd
libfreeradius-radius-2.0.5.so => /usr/local/lib/libfreeradius-ra
dius-2.0.5.so
libnsl.so.1 => /lib//libnsl.so.1
libresolv.so.2 => /lib//libresolv.so.2
libsocket.so.1 => /lib//libsocket.so.1
librt.so.1 => /lib//librt.so.1
libpthread.so.1 => /lib//libpthread.so.1
libcrypt_d.so.1 => /usr/lib/libcrypt_d.so.1
libltdl.so.3 => /usr/local/lib/libltdl.so.3
libdl.so.1 => /lib//libdl.so.1
libc.so.1 => /lib//libc.so.1
libgcc_s.so.1 => /usr/sfw/lib/libgcc_s.so.1
libmp.so.2 => /lib//libmp.so.2
libmd.so.1 => /lib//libmd.so.1
libscf.so.1 => /lib//libscf.so.1
libaio.so.1 => /lib//libaio.so.1
libgen.so.1 => /lib//libgen.so.1
libdoor.so.1 => /lib//libdoor.so.1
libuutil.so.1 => /lib//libuutil.so.1
libm.so.2 => /lib//libm.so.2
/platform/SUNW,Sun-Fire-V210/lib/libc_psr.so.1
/platform/SUNW,Sun-Fire-V210/lib/libmd_psr.so.1


I am confused ! I see it likes , and ONLY likes
libssl.so.0.9.7, and libcrypto.so.0.9.7 at /usr.sfw/lib ...

Rafi

Re: 2.0.5 on Solaris with openssl 0.9.8h [SEC=UNCLASSIFIED]

2008-08-17 Thread Rafiqul Ahsan

Thanks for your response. Here is what I set :
bash-3.00# crle

Configuration file [version 4]: /var/ld/ld.config
  Default Library Path (ELF):   /lib/:/usr/lib:/usr/local/ssl/lib
  Trusted Directories (ELF):/lib/secure:/usr/lib/secure  (system default)

Command line:
  crle -c /var/ld/ld.config -l /lib/:/usr/lib:/usr/local/ssl/lib

bash-3.00# echo $LD_LIBRARY_PATH
/usr/lib:/usr/local/ssl/lib

Looks like the issue is not the search path because it already
serached to my desired location /usr/local/ssl/lib before
/usr/sfw/lib. The issue is why Freeradius radiusd is looking for
object libssl.so.0.9.7 libcrypto.so.0.9.7, and obviously it will not
find at /usr/local/ssl/lib ?

Here is the (partial) output of ldd -s radiusd

   find object=libssl.so.0.9.7; required by /usr/local/sbin/radiusd
search path=/usr/local/lib:/usr/local/ssl/lib:/usr/sfw/lib  (RPATH from file
 /usr/local/sbin/radiusd)
trying path=/usr/local/lib/libssl.so.0.9.7
trying path=/usr/local/ssl/lib/libssl.so.0.9.7
trying path=/usr/sfw/lib/libssl.so.0.9.7
libssl.so.0.9.7 =>   /usr/sfw/lib/libssl.so.0.9.7

   find object=libcrypto.so.0.9.7; required by /usr/local/sbin/radiusd
search path=/usr/local/lib:/usr/local/ssl/lib:/usr/sfw/lib  (RPATH from file
 /usr/local/sbin/radiusd)
trying path=/usr/local/lib/libcrypto.so.0.9.7
trying path=/usr/local/ssl/lib/libcrypto.so.0.9.7
trying path=/usr/sfw/lib/libcrypto.so.0.9.7
libcrypto.so.0.9.7 =>/usr/sfw/lib/libcrypto.so.0.9.7


On 8/17/08, Ranner, Frank MR <[EMAIL PROTECTED]> wrote:
> UNCLASSIFIED
>
> > -Original Message-
> > From:
> > [EMAIL PROTECTED]
> eradius.org [mailto:freeradius-users->
> [EMAIL PROTECTED] On
> > Behalf Of Rafiqul Ahsan
> > Sent: Monday, 18 August 2008 07:21
> > To: FreeRadius users mailing list
> > Subject: Re: 2.0.5 on Solaris with openssl 0.9.8h
> >
> > I believe I specified the path using -Rpath, and Solaris Linker
> > searches this specified path for so libraris at run time. But still it
> > is linking with /usr/swf/lib.. Did not find any other info on how we
> > change the orders of dirs that it uses.
> >
>
> Use ldd -s to determine how the shared libraries are found. The bottom
> line is, use LD_LIBRARY_PATH
> to overide all other settings. In your startup script put:
>
> LD_LIBRARY_PATH=/usr/lib:/usr/local/ssl/lib; export LD_LIBRARY_PATH
>
> You can also specify system-wide library search paths using crle
>
> [EMAIL PROTECTED] radius] # crle
>
> Configuration file [version 4]: /var/ld/ld.config
>  Default Library Path (ELF):
> /usr/lib:/usr/local/lib:/var/cfengine/lib
>  Trusted Directories (ELF):/usr/lib/secure  (system default)
>
> Command line:
>  crle -c /var/ld/ld.config -l /usr/lib:/usr/local/lib:/var/cfengine/lib
>
>
> Using rpath is not such a good idea as it is the last resort - crle and
> LD_LIBRARY_PATH will override
> it as 'ldd -s' will show.
>
> Regards,
> Frank Ranner
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>


-- 
Rafiqul Ahsan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: 2.0.5 on Solaris with openssl 0.9.8h

2008-08-17 Thread Rafiqul Ahsan

I believe I specified the path using -Rpath, and Solaris Linker
searches this specified path for so libraris at run time. But still it
is linking with /usr/swf/lib.. Did not find any other info on how we
change the orders of dirs that it uses.

On 8/17/08, Alan DeKok <[EMAIL PROTECTED]> wrote:
> Rafiqul Ahsan wrote:
> > Ok, I tried as follows :
> ...
> > Still "ldd /usr/local/sbin/radiusd" shows the shared object from
> > /usr/sfw/lib/*0.9.7
>
>  Then the issue is that the linker is linking against "libssl.so", and
> not "libssl.so.0.9.8".  This means that at run-time, /usr/sfw/lib is
> found *before* /usr/local/lib, and so it links to the other version of
> libssl.
>
>  The only solutions are:
>
>  a) change the order of directories that the run-time linker uses
>  b) delete the /usr/sfw/lib/libssl* files
>
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>


-- 
Rafiqul Ahsan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: 2.0.5 on Solaris with openssl 0.9.8h

2008-08-16 Thread Rafiqul Ahsan

Ok, I tried as follows :

1. chmod a-rx /usr/sfw

2. As before I kept below FLAGS on :
CFLAGS=-I/usr/local/ssl/include/openssl
CPPFLAGS=-I/usr/local/ssl/include/openssl
LDFLAGS='-L/usr/local/ssl/lib -R/usr/local/ssl/lib'
export CFLAGS CPPFLAGS LDFLAGS

3. ./configure
4. make
5. make install

Still "ldd /usr/local/sbin/radiusd" shows the shared object from
/usr/sfw/lib/*0.9.7

Here are the outputs when we deleted the permission (before build),
and added the permissions (after build) :

bash-3.00# chmod a-rx /usr/sfw/
bash-3.00# ls -al /usr/sfw/
total 54
d-  11 root bin  512 Aug  1 11:06 .
drwxr-xr-x  42 root sys 1024 Aug  5 23:54 ..
drwxr-xr-x   3 root bin 6144 Aug  1 11:08 bin
lrwxrwxrwx   1 root root   9 Aug  1 11:06 doc -> share/doc
drwxr-xr-x  22 root bin 2048 Aug  1 11:08 include
lrwxrwxrwx   1 root root  10 Aug  1 11:06 info -> share/info
drwxr-xr-x  31 root bin 6656 Aug 13 12:35 lib
drwxr-xr-x   3 root bin  512 Aug  1 10:51 libexec
lrwxrwxrwx   1 root root   9 Aug  1 10:54 man -> share/man
drwxr-xr-x   3 root bin  512 Aug  1 10:50 mysql
drwxr-xr-x   2 root bin  512 Aug  1 11:14 sbin
drwxr-xr-x  21 root bin  512 Aug  1 11:06 share
drwxr-xr-x   4 root bin  512 Aug  1 10:34 sparc-sun-solaris2.10
lrwxrwxrwx   1 root root   9 Aug  1 09:54 src -> share/src
drwxr-xr-x   6 root bin  512 Aug  1 09:54 swat

bash-3.00# chmod a+rx /usr/sfw/
bash-3.00# ls -al /usr/sfw/
total 54
dr-xr-xr-x  11 root bin  512 Aug  1 11:06 .
drwxr-xr-x  42 root sys 1024 Aug  5 23:54 ..
drwxr-xr-x   3 root bin 6144 Aug  1 11:08 bin
lrwxrwxrwx   1 root root   9 Aug  1 11:06 doc -> share/doc
drwxr-xr-x  22 root bin 2048 Aug  1 11:08 include
lrwxrwxrwx   1 root root  10 Aug  1 11:06 info -> share/info
drwxr-xr-x  31 root bin 6656 Aug 13 12:35 lib
drwxr-xr-x   3 root bin  512 Aug  1 10:51 libexec
lrwxrwxrwx   1 root root   9 Aug  1 10:54 man -> share/man
drwxr-xr-x   3 root bin  512 Aug  1 10:50 mysql
drwxr-xr-x   2 root bin  512 Aug  1 11:14 sbin
drwxr-xr-x  21 root bin  512 Aug  1 11:06 share
drwxr-xr-x   4 root bin  512 Aug  1 10:34 sparc-sun-solaris2.10
lrwxrwxrwx   1 root root   9 Aug  1 09:54 src -> share/src
drwxr-xr-x   6 root bin  512 Aug  1 09:54 swat


On 8/17/08, Alan DeKok <[EMAIL PROTECTED]> wrote:
> Rafiqul Ahsan wrote:
> > Looks like I Freeradius still built with openssl 0.9.7 at
> > /usr/swf...here is the ldd output :
>
>  Follow instructions.  If you "chmod a-rx /usr/swf", the linker CANNOT
> and WILL NOT pick up OpenSSL from that directory.
>
>  If that causes too many problems, then "chmod a-r
> /usr/sfw/lib/libssl*" and /usr/sfw/lib/libcrypto*".  Really.  It's that
> simple.
>
>  *Then* build the server.  *Then* change the permissions back.
>
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>


-- 
Rafiqul Ahsan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: 2.0.5 on Solaris with openssl 0.9.8h

2008-08-16 Thread Rafiqul Ahsan

Looks like I Freeradius still built with openssl 0.9.7 at
/usr/swf...here is the ldd output :

# ldd /usr/local/sbin/radiusd
libfreeradius-radius-2.0.5.so => /usr/local/lib/libfreeradius-ra
dius-2.0.5.so
libnsl.so.1 =>   /lib/libnsl.so.1
libresolv.so.2 =>/lib/libresolv.so.2
libsocket.so.1 =>/lib/libsocket.so.1
librt.so.1 =>/lib/librt.so.1
libpthread.so.1 =>   /lib/libpthread.so.1
libcrypt_d.so.1 =>   /usr/lib/libcrypt_d.so.1
libltdl.so.3 =>  /usr/local/lib/libltdl.so.3
libssl.so.0.9.7 =>   /usr/sfw/lib/libssl.so.0.9.7
libcrypto.so.0.9.7 =>/usr/sfw/lib/libcrypto.so.0.9.7
libdl.so.1 =>/lib/libdl.so.1
libc.so.1 => /lib/libc.so.1
libgcc_s.so.1 => /usr/sfw/lib/libgcc_s.so.1
libmp.so.2 =>/lib/libmp.so.2
libmd.so.1 =>/lib/libmd.so.1
libscf.so.1 =>   /lib/libscf.so.1
libaio.so.1 =>   /lib/libaio.so.1
libgen.so.1 =>   /lib/libgen.so.1
libdoor.so.1 =>  /lib/libdoor.so.1
libuutil.so.1 => /lib/libuutil.so.1
libssl_extra.so.0.9.7 => /usr/sfw/lib/libssl_extra.so.0.9.7
libcrypto_extra.so.0.9.7 =>  /usr/sfw/lib/libcrypto_extra.so.0.9.7
libm.so.2 => /lib/libm.so.2
/platform/SUNW,Sun-Fire-V210/lib/libc_psr.so.1
    /platform/SUNW,Sun-Fire-V210/lib/libmd_psr.so.1

On 8/16/08, Rafiqul Ahsan <[EMAIL PROTECTED]> wrote:
> Here is the output. Not sure if this ensures the Freeradius built with
> /usr/local/ssl/lib (0.9.8h), or /usr/sfw (0.9.7). My objective is to
> build with 0.9.8h (but below output shows libgcc_s.sp.1 located at
> /usr/sfw/lib). Can you please confirm from below output :
>
> # ldd /usr/local/lib/libltdl.so.3.1.4
>libdl.so.1 =>/lib/libdl.so.1
>libc.so.1 => /lib/libc.so.1
>libgcc_s.so.1 => /usr/sfw/lib/libgcc_s.so.1
>libm.so.2 => /lib/libm.so.2
>    /platform/SUNW,Sun-Fire-V210/lib/libc_psr.so.1
>
>
>
> On 8/16/08, Andrew Hood <[EMAIL PROTECTED]> wrote:
> > Rafiqul Ahsan wrote:
> > > It is Solaris 10 (V210). Now I have added below Flags (as per your
> > > previous email) :
> > >
> > > CFLAGS=-I/usr/local/ssl/include/openssl
> > > CPPFLAGS=-I/usr/local/ssl/include/openssl
> > > LDFLAGS='-L/usr/local/ssl/lib -R/usr/local/ssl/lib'
> > > export CFLAGS CPPFLAGS LDFLAGS
> > >
> > > How else to verify that my Frerradius 2.0.5 was built with
> > > openssl0.9.8h (Again, please note openssl 0.9.8h was installed in
> > > /usr/local/ssl, and prebuilt openssl (came with Solaris 10) 0.9.7 is
> > > at /usr/sfw) ? I wanted to build with 0.9.8h because it supports
> > > advance crypto like sha2, sha256 etcBut still does not seem like
> > > Freeradius is working with sha256.
> > >
> > > Here is the part of make log :
> > >  gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/local/ssl/include/openssl 
> > > -I/usr/local/s
> > > sl/include/openssl -c ltdl.c  -fPIC -DPIC -o .libs/ltdl.o
> > >  gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/local/ssl/include/openssl 
> > > -I/usr/local/s
> > > sl/include/openssl -c ltdl.c -o ltdl.o >/dev/null 2>&1
> > > /bin/bash ./libtool --tag=CC   --mode=link gcc  
> > > -I/usr/local/ssl/include/openssl
> > >  -no-undefined -version-info 4:4:1 -L/usr/local/ssl/lib 
> > > -R/usr/local/ssl/lib -o
> > > libltdl.la -rpath /usr/local/lib ltdl.lo -ldl
> > > gcc -shared -Wl,-h -Wl,libltdl.so.3 -o .libs/libltdl.so.3.1.4  
> > > .libs/ltdl.o  -R/
> > > usr/local/ssl/lib -L/usr/local/ssl/lib -ldl -lc
> > > (cd .libs && rm -f libltdl.so.3 && ln -s libltdl.so.3.1.4 libltdl.so.3)
> > > (cd .libs && rm -f libltdl.so && ln -s libltdl.so.3.1.4 libltdl.so)
> > > ar cru .libs/libltdl.a  ltdl.o
> > > ranlib .libs/libltdl.a
> > > creating libltdl.la
> >
> > Assuming you have run "make install", what does
> >
> > ldd /your/path/to/libltdl.so
> >
> > return?
> > --
> > REALITY.SYS not found: Universe halted.
> > -
> > List info/subscribe/unsubscribe? See 
> > http://www.freeradius.org/list/users.html
> >
>
>
> --
> Rafiqul Ahsan
>


-- 
Rafiqul Ahsan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: 2.0.5 on Solaris with openssl 0.9.8h

2008-08-16 Thread Rafiqul Ahsan

Here is the output. Not sure if this ensures the Freeradius built with
/usr/local/ssl/lib (0.9.8h), or /usr/sfw (0.9.7). My objective is to
build with 0.9.8h (but below output shows libgcc_s.sp.1 located at
/usr/sfw/lib). Can you please confirm from below output :

# ldd /usr/local/lib/libltdl.so.3.1.4
libdl.so.1 =>/lib/libdl.so.1
libc.so.1 => /lib/libc.so.1
libgcc_s.so.1 => /usr/sfw/lib/libgcc_s.so.1
libm.so.2 => /lib/libm.so.2
/platform/SUNW,Sun-Fire-V210/lib/libc_psr.so.1



On 8/16/08, Andrew Hood <[EMAIL PROTECTED]> wrote:
> Rafiqul Ahsan wrote:
> > It is Solaris 10 (V210). Now I have added below Flags (as per your
> > previous email) :
> >
> > CFLAGS=-I/usr/local/ssl/include/openssl
> > CPPFLAGS=-I/usr/local/ssl/include/openssl
> > LDFLAGS='-L/usr/local/ssl/lib -R/usr/local/ssl/lib'
> > export CFLAGS CPPFLAGS LDFLAGS
> >
> > How else to verify that my Frerradius 2.0.5 was built with
> > openssl0.9.8h (Again, please note openssl 0.9.8h was installed in
> > /usr/local/ssl, and prebuilt openssl (came with Solaris 10) 0.9.7 is
> > at /usr/sfw) ? I wanted to build with 0.9.8h because it supports
> > advance crypto like sha2, sha256 etcBut still does not seem like
> > Freeradius is working with sha256.
> >
> > Here is the part of make log :
> >  gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/local/ssl/include/openssl 
> > -I/usr/local/s
> > sl/include/openssl -c ltdl.c  -fPIC -DPIC -o .libs/ltdl.o
> >  gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/local/ssl/include/openssl 
> > -I/usr/local/s
> > sl/include/openssl -c ltdl.c -o ltdl.o >/dev/null 2>&1
> > /bin/bash ./libtool --tag=CC   --mode=link gcc  
> > -I/usr/local/ssl/include/openssl
> >  -no-undefined -version-info 4:4:1 -L/usr/local/ssl/lib 
> > -R/usr/local/ssl/lib -o
> > libltdl.la -rpath /usr/local/lib ltdl.lo -ldl
> > gcc -shared -Wl,-h -Wl,libltdl.so.3 -o .libs/libltdl.so.3.1.4  .libs/ltdl.o 
> >  -R/
> > usr/local/ssl/lib -L/usr/local/ssl/lib -ldl -lc
> > (cd .libs && rm -f libltdl.so.3 && ln -s libltdl.so.3.1.4 libltdl.so.3)
> > (cd .libs && rm -f libltdl.so && ln -s libltdl.so.3.1.4 libltdl.so)
> > ar cru .libs/libltdl.a  ltdl.o
> > ranlib .libs/libltdl.a
> > creating libltdl.la
>
> Assuming you have run "make install", what does
>
> ldd /your/path/to/libltdl.so
>
> return?
> --
> REALITY.SYS not found: Universe halted.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>


-- 
Rafiqul Ahsan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: 2.0.5 on Solaris with openssl 0.9.8h

2008-08-16 Thread Rafiqul Ahsan

It is Solaris 10 (V210). Now I have added below Flags (as per your
previous email) :

CFLAGS=-I/usr/local/ssl/include/openssl
CPPFLAGS=-I/usr/local/ssl/include/openssl
LDFLAGS='-L/usr/local/ssl/lib -R/usr/local/ssl/lib'
export CFLAGS CPPFLAGS LDFLAGS

How else to verify that my Frerradius 2.0.5 was built with
openssl0.9.8h (Again, please note openssl 0.9.8h was installed in
/usr/local/ssl, and prebuilt openssl (came with Solaris 10) 0.9.7 is
at /usr/sfw) ? I wanted to build with 0.9.8h because it supports
advance crypto like sha2, sha256 etcBut still does not seem like
Freeradius is working with sha256.

Here is the part of make log :
 gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/local/ssl/include/openssl -I/usr/local/s
sl/include/openssl -c ltdl.c  -fPIC -DPIC -o .libs/ltdl.o
 gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/local/ssl/include/openssl -I/usr/local/s
sl/include/openssl -c ltdl.c -o ltdl.o >/dev/null 2>&1
/bin/bash ./libtool --tag=CC   --mode=link gcc  -I/usr/local/ssl/include/openssl
 -no-undefined -version-info 4:4:1 -L/usr/local/ssl/lib -R/usr/local/ssl/lib -o
libltdl.la -rpath /usr/local/lib ltdl.lo -ldl
gcc -shared -Wl,-h -Wl,libltdl.so.3 -o .libs/libltdl.so.3.1.4  .libs/ltdl.o  -R/
usr/local/ssl/lib -L/usr/local/ssl/lib -ldl -lc
(cd .libs && rm -f libltdl.so.3 && ln -s libltdl.so.3.1.4 libltdl.so.3)
(cd .libs && rm -f libltdl.so && ln -s libltdl.so.3.1.4 libltdl.so)
ar cru .libs/libltdl.a  ltdl.o
ranlib .libs/libltdl.a
creating libltdl.la



On 8/15/08, Andrew Hood <[EMAIL PROTECTED]> wrote:
> Rafiqul Ahsan wrote:
> > Hi Alan, and All,
> >
> > Well, I believe I have linked Freeradius 2.0.5 with the right openssl
> > (0.9.8h) now by adding below env variables(my build logs also says
> > that linked with -L/usr/local/ssl/lib). However I still see the same
> > error while using sha256 encryption algorithm with RSA 2048 key. I
> > sent this query to openssl maillist, they are sending me back to you
> > (freeradius folks) to verify whether Freeradius supports sha2, sha256
> > etc. (I hoped that below patch would allow, but no luck).
> >
> > CFLAGS=-I/usr/local/ssl/include/openssl
> > CPPFLAGS=-I/usr/local/ssl/include/openssl
> > LDFLAGS=-L/usr/local/ssl/lib
> > export CFLAGS CPPFLAGS LDFLAGS
>
> I forget. Were you using the Sun toolchain or GNU?
>
> You probably need one of:
>
> LDFLAGS='-L/usr/local/ssl/lib -Wl,-rpath -Wl,/usr/local/ssl/lib
>
> or
>
> LDFLAGS='-L/usr/local/ssl/lib -R/usr/local/ssl/lib'
>
> or whatever similar incantation your linker wants to achive the same
> result, forcing it to use the version of openssl in /usr/local/lib
>
>
> --
> REALITY.SYS not found: Universe halted.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>


-- 
Rafiqul Ahsan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: 2.0.5 on Solaris with openssl 0.9.8h

2008-08-14 Thread Rafiqul Ahsan

Hi Alan, and All,

Well, I believe I have linked Freeradius 2.0.5 with the right openssl
(0.9.8h) now by adding below env variables(my build logs also says
that linked with -L/usr/local/ssl/lib). However I still see the same
error while using sha256 encryption algorithm with RSA 2048 key. I
sent this query to openssl maillist, they are sending me back to you
(freeradius folks) to verify whether Freeradius supports sha2, sha256
etc. (I hoped that below patch would allow, but no luck).

CFLAGS=-I/usr/local/ssl/include/openssl
CPPFLAGS=-I/usr/local/ssl/include/openssl
LDFLAGS=-L/usr/local/ssl/lib
export CFLAGS CPPFLAGS LDFLAGS

And earlier I added below two patches to Freeradius:

--- freeradius-1.1.7/configure  
+++ freeradius-1.1.7-new/configure  
@@ -20552,7 +20552,7 @@
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   ac_check_lib_save_LIBS=$LIBS
-LIBS="-lssl  $LIBS"
+LIBS="-lssl -lcrypto -ldl $LIBS"
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -20617,8 +20617,7 @@
if test "x$OPENSSL_LIB_DIR" != "x"; then
OPENSSL_LIBS="-L$OPENSSL_LIB_DIR"
fi
-   OPENSSL_LIBS="$OPENSSL_LIBS -lcrypto -lssl -lcrypto"
-
+   OPENSSL_LIBS="$OPENSSL_LIBS -lcrypto -lssl -lcrypto -ldl"
 fi


diff -Naur 
freeradius-1.1.7-mod/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
freeradius-1.1.7/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
--- freeradius-1.1.7-mod/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
2007-04-20
14:58:46.0 +0300
+++ freeradius-1.1.7/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
@@ -292,6 +292,7 @@
 */
SSL_library_init();
SSL_load_error_strings();
+   OpenSSL_add_all_digests();

meth = TLSv1_method();
    ctx = SSL_CTX_new(meth);




On 8/14/08, Alan DeKok <[EMAIL PROTECTED]> wrote:
> Rafiqul Ahsan wrote:
> > I tried to install the openssl from Sunware, but it installs at
> > /usr/local/ssl directory. Somehow (could not figure out how) the
> > freeradius build process linking with the Solaris prebuilt openssl
> > library at /usr/sfw..
>
>  Because that's what the linker on Solaris does.  Go read it's
> documentation to see how to configure it to do what you want.  This
> isn't a FreeRADIUS question.
>
> > I would like to change configuration the linker to prefer one version
> > (0.9.8)over the other (0.9.7 is prebuilt comes with Solaris).. also to
> > include references to prefer one over other...But I don;t know where
> > to change.I looked at Configure, Makefilebut cannot seem to find
> > where it was configured that. Can you please help ?
>
>  Maybe the Solaris linker documentation will help?
>
>  Heck, if you're building as root, just do "chmod a-rwx /usr/sfw",
> build FreeRADIUS, and then do "chmod a+rx /usr/sqf".  That should solve
> it.  i.e. This is pretty much a Unix 101 question...
>
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>


-- 
Rafiqul Ahsan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: 2.0.5 on Solaris with openssl 0.9.8h

2008-08-13 Thread Rafiqul Ahsan

I tried to install the openssl from Sunware, but it installs at
/usr/local/ssl directory. Somehow (could not figure out how) the
freeradius build process linking with the Solaris prebuilt openssl
library at /usr/sfw..

I would like to change configuration the linker to prefer one version
(0.9.8)over the other (0.9.7 is prebuilt comes with Solaris).. also to
include references to prefer one over other...But I don;t know where
to change.I looked at Configure, Makefilebut cannot seem to find
where it was configured that. Can you please help ?

Thanks

On 8/13/08, Alan DeKok <[EMAIL PROTECTED]> wrote:
> Rafiqul Ahsan wrote:
> > I am facing some challenges on building Freeradius 2.0.5 (Solaris OS)
> > with openssl version 0.9.8h. The Solaris 10 come with prebuilt openssl
> > version, and found at /usr/sfw/bin/openssl, version 0.9.7d. Prior to
> > building freeradius I built newer version openssl (v.0.9.8h) located
> > in /usr/local/ssl. here are the two openssl version now I have in my
> > Solaris.
>
>  Why not just install the OpenSSL from sunfreeware?  They have a
> package pre-built...
>
> > When I built Freeradius 2.0.5 (I simply executed three comands,
> > ./configure make and make install) , I was expecting that it would
> > build with my desired openssl version.
>
>  Why?  How does it know what you desire?  Did you configure the linker
> to prefer one version over the other?  Did you configure the C "include"
> references to prefer one over the other?
>
> > this. I sent openssl community this question, they wanted me to verify
> > whether I actualy built the freeradius with this new openssl version.
>
>  Well... of course.
>
> > I am not able to understand what library it is actually built with,
> > because I could not figure out from build log, nor the configure. But
> > if I use the configure options as below, I see a rolling error (that
> > telling me that I must not have built the freeradius with openssl
> > 0.9.8h ?) :
>
>  No idea.
> ...
> > Text relocation remains referenced
> > against symbol  offset  in file
> >0x0
> > /usr/local/ssl/lib/libssl.a(ssl_lib.o)
>
>  That's a fairly useless error.  Are you sure that the libssl.a file is
> really a library, and not something else?
>
>  Alan DEKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>


-- 
Rafiqul Ahsan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

2.0.5 on Solaris with openssl 0.9.8h

2008-08-12 Thread Rafiqul Ahsan

Alan, and all ,

I am facing some challenges on building Freeradius 2.0.5 (Solaris OS)
with openssl version 0.9.8h. The Solaris 10 come with prebuilt openssl
version, and found at /usr/sfw/bin/openssl, version 0.9.7d. Prior to
building freeradius I built newer version openssl (v.0.9.8h) located
in /usr/local/ssl. here are the two openssl version now I have in my
Solaris.

bash-3.00# openssl version
OpenSSL 0.9.8h 28 May 2008

bash-3.00# /usr/sfw/bin/openssl version
OpenSSL 0.9.7d 17 Mar 2004 (+ security patches to 2006-09-29)

When I built Freeradius 2.0.5 (I simply executed three comands,
./configure make and make install) , I was expecting that it would
build with my desired openssl version.

Aparantly, I found that certain has algorithm (sha256) is not
supporting when I work with freeradius (I mean with SSL version that
it was built with). However openssl version 0.9.8h should support
this. I sent openssl community this question, they wanted me to verify
whether I actualy built the freeradius with this new openssl version.
I am not able to understand what library it is actually built with,
because I could not figure out from build log, nor the configure. But
if I use the configure options as below, I see a rolling error (that
telling me that I must not have built the freeradius with openssl
0.9.8h ?) :


... (see portion of my out when I executed make, after ./configure
./configure \
--prefix=/usr/local/freeradius \
--with-openssl=yes \
--with-openssl-dir=/usr/local/ssl \
--with-openssl-includes=/usr/local/ssl/include \
--with-openssl-libraries=/usr/local/ssl/lib )


RB5 -c peap.c -o peap.o >/dev/null 2>&1
/export/home/dev/freeradius-server-2.0.5/libtool --mode=link gcc
-release 2.0.5 \
-module -export-dynamic   -o rlm_eap_peap.la \
-rpath /usr/local/lib rlm_eap_peap.lo peap.lo rlm_eap_peap.c peap.c
/export/home/dev/f
radius-server-2.0.5/src/lib/libfreeradius-radius.la
../../libeap/libfreeradius-eap.la
usr/local/ssl/lib -lcrypto -lssl -lcrypto -ldl -lnsl -lresolv -lsocket
-lposix4  -lpth
d
gcc -shared -Wl,-h -Wl,rlm_eap_peap-2.0.5.so -o
.libs/rlm_eap_peap-2.0.5.so  .libs/rlm
p_peap.o .libs/peap.o
-R/export/home/dev/freeradius-server-2.0.5/src/lib/.libs -R/exp
/home/dev/freeradius-server-2.0.5/src/modules/rlm_eap/libeap/.libs
-R/usr/local/lib -L
port/home/dev/freeradius-server-2.0.5/src/lib/.libs
/export/home/dev/freeradius-server
0.5/src/lib/.libs/libfreeradius-radius.so
../../libeap/.libs/libfreeradius-eap.so -L/u
local/ssl/lib -lssl -lcrypto -ldl -lnsl -lresolv -lsocket -lposix4
-lpthread -lc
Text relocation remains referenced
against symbol  offset  in file
   0x0
/usr/local/ssl/lib/libssl.a(ssl_lib.o)
   0x4
/usr/local/ssl/lib/libssl.a(ssl_lib.o)
   0x8
/usr/local/ssl/lib/libssl.a(ssl_lib.o)
   0xc
/usr/local/ssl/lib/libssl.a(ssl_lib.o)
   0x10
/usr/local/ssl/lib/libssl.a(ssl_lib.o)
   0x14
/usr/local/ssl/lib/libssl.a(ssl_lib.o)
   0x18
/usr/local/ssl/lib/libssl.a(ssl_lib.o)
   0x1c
/usr/local/ssl/lib/libssl.a(ssl_lib.o)
   0x20
/usr/local/ssl/lib/libssl.a(ssl_lib.o)
   0x24
/usr/local/ssl/lib/libssl.a(ssl_lib.o)
   0x28
/usr/local/ssl/lib/libssl.a(ssl_lib.o)
   0x2c
/usr/local/ssl/lib/libssl.a(ssl_lib.o)
   0x30
/usr/local/ssl/lib/libssl.a(ssl_lib.o)
   0x34
/usr/local/ssl/lib/libssl.a(ssl_lib.o)
   0x38
/usr/local/ssl/lib/libssl.a(ssl_lib.o)
   0x3c
/usr/local/ssl/lib/libssl.a(ssl_lib.o)
   0x40
/usr/local/ssl/lib/libssl.a(ssl_lib.o)



On 8/7/08, Rafiqul Ahsan <[EMAIL PROTECTED]> wrote:
> I changed the Makefile for random file creation step (as a fix for my
> earlier posted error)...
>
> This is what I found at Makefile  :
>
> random:
>@if [ -e /dev/urandom ] ; then \
>dd if=/dev/urandom of=./random count=10 >/dev/null 2>&1; \
>else \
>date > ./random; \
>fi
>
> I Changed to ...
>
> random
>  date > ./random;
>
> That solved my earlier problem, and now my server is listening.
>
> Thanks,
> Rafi
>
>
>
>
>
>
>
> On 8/7/08, Rafiqul Ahsan <[EMAIL PROTECTED]> wrote:
> > I see below error when I execute bootstrap
> >
> > bash-3.00# /usr/local/etc/raddb/certs/bootstrap
> > ...
> > make: Nothing to be done for `ca'.
> > make: Nothing to be done for `server'.
> > make: `dh' is up to date.
> > /bin/sh: test: argument expected
> > make: *** [random] Erro

Re: 2.0.5 on Solaris, openssl 0.9.8h ---> does support sha256 ?

2008-08-09 Thread Rafiqul Ahsan

Alan,

Never mind. I got this fixed by going through the source code and
found that the function does only few checkings, like certs path where
I found the issues.

Thanks, again and hope that this patch I applied will help to support sha256-rsa

Thanks
Rafi

On 8/9/08, Rafiqul Ahsan <[EMAIL PROTECTED]> wrote:
> I saw this error (rlm_eap: SSL error error:02001002:system
> library:fopen:No such file or directory) before I had applied the
> patches (openSSL_add_all_digests() at rlm_eap_tls.c, and LIBS,
> OPENSSL_LIBS at configure as I have indicated in my last email). After
> the patches, the make and make install succeded but I ./radiusd -X
> giving me symbol reference error.
>
> On 8/9/08, Alan DeKok <[EMAIL PROTECTED]> wrote:
> > Rafiqul Ahsan wrote:
> > > I have tested authentication works with my existing certs. When I load
> > > the new certs (sha256), and I see below error at "radiusd -X"
> > > I am using FreeeRadius 2.0.5, openssl 0.9.8h, OS Solaris.
> > ...
> > > rlm_eap: SSL error error:02001002:system library:fopen:No such file or
> > directory
> > > rlm_eap_tls: Error reading Trusted root CA list
> > /usr/local/etc/raddb/certs/wmaxf
> > > orum/sam-cacert.pem
> >
> >  What part of that message is unclear?
> >
> >
> > > Is there any known patch for this to support advance encryption...I
> > > believe I saw somewhere in web that 1.1.7 has this patch, how about
> > > 2.0.5 ?
> >
> >  What do you mean, "advance encryption"?
>
> I meant whether 2.0.5 supports sha256-rsa (cryptographic algorithms) or not.
>
>
> >  Alan DeKok.
> > -
> > List info/subscribe/unsubscribe? See 
> > http://www.freeradius.org/list/users.html
> >
>
>
> --
> Rafiqul Ahsan
>


-- 
Rafiqul Ahsan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: 2.0.5 on Solaris, openssl 0.9.8h ---> does support sha256 ?

2008-08-09 Thread Rafiqul Ahsan

I saw this error (rlm_eap: SSL error error:02001002:system
library:fopen:No such file or directory) before I had applied the
patches (openSSL_add_all_digests() at rlm_eap_tls.c, and LIBS,
OPENSSL_LIBS at configure as I have indicated in my last email). After
the patches, the make and make install succeded but I ./radiusd -X
giving me symbol reference error.

On 8/9/08, Alan DeKok <[EMAIL PROTECTED]> wrote:
> Rafiqul Ahsan wrote:
> > I have tested authentication works with my existing certs. When I load
> > the new certs (sha256), and I see below error at "radiusd -X"
> > I am using FreeeRadius 2.0.5, openssl 0.9.8h, OS Solaris.
> ...
> > rlm_eap: SSL error error:02001002:system library:fopen:No such file or
> directory
> > rlm_eap_tls: Error reading Trusted root CA list
> /usr/local/etc/raddb/certs/wmaxf
> > orum/sam-cacert.pem
>
>  What part of that message is unclear?
>
>
> > Is there any known patch for this to support advance encryption...I
> > believe I saw somewhere in web that 1.1.7 has this patch, how about
> > 2.0.5 ?
>
>  What do you mean, "advance encryption"?

I meant whether 2.0.5 supports sha256-rsa (cryptographic algorithms) or not.

>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

-- 
Rafiqul Ahsan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: 2.0.5 on Solaris, openssl 0.9.8h ---> does support sha256 ?

2008-08-08 Thread Rafiqul Ahsan

Hi Alan,

I have applied below two patches (as I have seen somebody posted for
freeradius 1.1.7) for freeradius 2.0.5 supporting sha256-rsa (the
patches listed below as 1, and 2). After ./configure, make clean,
make, and make install I ran ./radiusd -X, but getting symbol
reference error as per below log (I have not rebuilt openssl):

   tls {
rsa_key_exchange = yes
dh_key_exchange = no
rsa_key_length = 1024
dh_key_length = 1024
verify_depth = 2
pem_file_type = yes
private_key_file = "/usr/local/etc/raddb/certs/server_pvt.pem"
certificate_file = "/usr/local/etc/raddb/certs/server_cert.pem"
CA_file = "/usr/local/etc/raddb/certs/ServerRootCA.pem"
dh_file = "/usr/local/etc/raddb/certs/DH"
random_file = "/usr/local/etc/raddb/certs/random"
fragment_size = 1024
include_length = yes
check_crl = no
   }
ld.so.1: radiusd: fatal: relocation error: file
/usr/local/lib/rlm_eap_tls-2.0.5.so: symbol openSSL_add_all_digests:
referenced symbol not found
Killed


1. freeradius-1.1.7/configure

-LIBS="-lssl  $LIBS"
+LIBS="-lssl -lcrypto -ldl $LIBS"


-   OPENSSL_LIBS="$OPENSSL_LIBS -lcrypto -lssl -lcrypto"
+   OPENSSL_LIBS="$OPENSSL_LIBS -lcrypto -lssl -lcrypto -ldl"



2. freeradius-1.1.7/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c

SSL_library_init();
SSL_load_error_strings();
+   OpenSSL_add_all_digests();

meth = TLSv1_method();
ctx = SSL_CTX_new(meth);


Can you please help ?


-- 
Rafiqul Ahsan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: 2.0.5 on Solaris, openssl 0.9.8h ---> does support sha256 ?

2008-08-08 Thread Rafiqul Ahsan

I have tested authentication works with my existing certs. When I load
the new certs (sha256), and I see below error at "radiusd -X"
I am using FreeeRadius 2.0.5, openssl 0.9.8h, OS Solaris.

Is there any known patch for this to support advance encryption...I
believe I saw somewhere in web that 1.1.7 has this patch, how about
2.0.5 ?

Thanks for your thoughts,
Rafi

 tls {
rsa_key_exchange = yes
dh_key_exchange = no
rsa_key_length = 1024
dh_key_length = 1024
verify_depth = 2
pem_file_type = yes
private_key_file = "/usr/local/etc/raddb/certs/wmxforum/xohm.com3.pvt.pe
m"
certificate_file = "/usr/local/etc/raddb/certs/wmxforum/xohm.com3.pem"
CA_file = "/usr/local/etc/raddb/certs/wmaxforum/sam-cacert.pem"
dh_file = "/usr/local/etc/raddb/certs/wmxforum/DH"
random_file = "/usr/local/etc/raddb/certs/wmxforum/random"
fragment_size = 1024
include_length = yes
check_crl = no
   }
rlm_eap: SSL error error:02001002:system library:fopen:No such file or directory
rlm_eap_tls: Error reading Trusted root CA list /usr/local/etc/raddb/certs/wmaxf
orum/sam-cacert.pem
rlm_eap: Failed to initialize type tls
/usr/local/etc/raddb/eap.conf[3]: Instantiation failed for module "eap"
/usr/local/etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module "eap
".
/usr/local/etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing authenticat
e section.
 }
}
Errors initializing modules

On 8/7/08, Rafiqul Ahsan <[EMAIL PROTECTED]> wrote:
> I changed the Makefile for random file creation step (as a fix for my
> earlier posted error)...
>
> This is what I found at Makefile  :
>
> random:
>@if [ -e /dev/urandom ] ; then \
>dd if=/dev/urandom of=./random count=10 >/dev/null 2>&1; \
>else \
>date > ./random; \
>fi
>
> I Changed to ...
>
> random
>      date > ./random;
>
> That solved my earlier problem, and now my server is listening.
>
> Thanks,
> Rafi
>
>
>
>
>
>
>
> On 8/7/08, Rafiqul Ahsan <[EMAIL PROTECTED]> wrote:
> > I see below error when I execute bootstrap
> >
> > bash-3.00# /usr/local/etc/raddb/certs/bootstrap
> > ...
> > make: Nothing to be done for `ca'.
> > make: Nothing to be done for `server'.
> > make: `dh' is up to date.
> > /bin/sh: test: argument expected
> > make: *** [random] Error 1
> >
> > On 8/7/08, Alan DeKok <[EMAIL PROTECTED]> wrote:
> > > Rafiqul Ahsan wrote:
> > > > Thanks, I was able to build freeradius 2.0.5 on Solaris 10. However,
> > > > server is not running, and I see below error when I run "radiusd -X".
> > > > Here is the output.
> > > ...
> > > >   make_cert_command = "/usr/local/etc/raddb/certs/bootstrap"
> > > >}
> > > > Exec-Program output:
> > >
> > >  It's trying to run the bootstrap command.  It's not working.
> > >
> > >  Run the bootstrap command by hand, and then re-start the server.
> > >
> > >  Alan DeKok.
> > > -
> > > List info/subscribe/unsubscribe? See 
> > > http://www.freeradius.org/list/users.html
> > >
> >
> >
> > --
> > Rafiqul Ahsan
> >
>
>
> --
> Rafiqul Ahsan
>

-- 
Rafiqul Ahsan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: 2.0.5 on Solaris

2008-08-07 Thread Rafiqul Ahsan

I changed the Makefile for random file creation step (as a fix for my
earlier posted error)...

This is what I found at Makefile  :

random:
@if [ -e /dev/urandom ] ; then \
dd if=/dev/urandom of=./random count=10 >/dev/null 2>&1; \
else \
date > ./random; \
fi

I Changed to ...

random
  date > ./random;

That solved my earlier problem, and now my server is listening.

Thanks,
Rafi







On 8/7/08, Rafiqul Ahsan <[EMAIL PROTECTED]> wrote:
> I see below error when I execute bootstrap
>
> bash-3.00# /usr/local/etc/raddb/certs/bootstrap
> ...
> make: Nothing to be done for `ca'.
> make: Nothing to be done for `server'.
> make: `dh' is up to date.
> /bin/sh: test: argument expected
> make: *** [random] Error 1
>
> On 8/7/08, Alan DeKok <[EMAIL PROTECTED]> wrote:
> > Rafiqul Ahsan wrote:
> > > Thanks, I was able to build freeradius 2.0.5 on Solaris 10. However,
> > > server is not running, and I see below error when I run "radiusd -X".
> > > Here is the output.
> > ...
> > >   make_cert_command = "/usr/local/etc/raddb/certs/bootstrap"
> > >}
> > > Exec-Program output:
> >
> >  It's trying to run the bootstrap command.  It's not working.
> >
> >  Run the bootstrap command by hand, and then re-start the server.
> >
> >  Alan DeKok.
> > -
> > List info/subscribe/unsubscribe? See 
> > http://www.freeradius.org/list/users.html
> >
>
>
> --
> Rafiqul Ahsan
>


-- 
Rafiqul Ahsan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: 2.0.5 on Solaris

2008-08-06 Thread Rafiqul Ahsan

I see below error when I execute bootstrap

bash-3.00# /usr/local/etc/raddb/certs/bootstrap
...
make: Nothing to be done for `ca'.
make: Nothing to be done for `server'.
make: `dh' is up to date.
/bin/sh: test: argument expected
make: *** [random] Error 1

On 8/7/08, Alan DeKok <[EMAIL PROTECTED]> wrote:
> Rafiqul Ahsan wrote:
> > Thanks, I was able to build freeradius 2.0.5 on Solaris 10. However,
> > server is not running, and I see below error when I run "radiusd -X".
> > Here is the output.
> ...
> >   make_cert_command = "/usr/local/etc/raddb/certs/bootstrap"
> >}
> > Exec-Program output:
>
>  It's trying to run the bootstrap command.  It's not working.
>
>  Run the bootstrap command by hand, and then re-start the server.
>
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>


-- 
Rafiqul Ahsan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: 2.0.5 on Solaris

2008-08-06 Thread Rafiqul Ahsan

type = "auth"
secret = "testing123"
response_window = 20
max_outstanding = 65536
zombie_period = 40
status_check = "status-server"
ping_check = "none"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
 }
 home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
 }
 realm example.com {
auth_pool = my_auth_failover
 }
 realm LOCAL {
 }
radiusd:  Instantiating modules 
 instantiate {
 Module: Linked to module rlm_exec
 Module: Instantiating exec
  exec {
wait = no
input_pairs = "request"
shell_escape = yes
  }
 Module: Linked to module rlm_expr
 Module: Instantiating expr
 Module: Linked to module rlm_expiration
 Module: Instantiating expiration
  expiration {
reply-message = "Password Has Expired  "
  }
 Module: Linked to module rlm_logintime
 Module: Instantiating logintime
  logintime {
reply-message = "You are calling outside your allowed timespan  "
minimum-timeout = 60
  }
 }
radiusd:  Loading Virtual Servers 
server inner-tunnel {
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Linked to module rlm_pap
 Module: Instantiating pap
  pap {
encryption_scheme = "auto"
auto_header = no
  }
 Module: Linked to module rlm_chap
 Module: Instantiating chap
 Module: Linked to module rlm_mschap
 Module: Instantiating mschap
  mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = no
  }
 Module: Linked to module rlm_unix
 Module: Instantiating unix
  unix {
radwtmp = "/usr/local/var/log/radius/radwtmp"
  }
 Module: Linked to module rlm_eap
 Module: Instantiating eap
  eap {
default_eap_type = "md5"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
  }
 Module: Linked to sub-module rlm_eap_md5
 Module: Instantiating eap-md5
 Module: Linked to sub-module rlm_eap_leap
 Module: Instantiating eap-leap
 Module: Linked to sub-module rlm_eap_gtc
 Module: Instantiating eap-gtc
   gtc {
challenge = "Password: "
auth_type = "PAP"
   }
 Module: Linked to sub-module rlm_eap_tls
 Module: Instantiating eap-tls
   tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = "/usr/local/etc/raddb/certs/server.pem"
certificate_file = "/usr/local/etc/raddb/certs/server.pem"
CA_file = "/usr/local/etc/raddb/certs/ca.pem"
private_key_password = "whatever"
dh_file = "/usr/local/etc/raddb/certs/dh"
random_file = "/usr/local/etc/raddb/certs/random"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
make_cert_command = "/usr/local/etc/raddb/certs/bootstrap"
   }
Exec-Program output:
Exec-Program: returned: 1
rlm_eap: Failed to initialize type tls
/usr/local/etc/raddb/eap.conf[17]: Instantiation failed for module "eap"
/usr/local/etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find
module "eap".
/usr/local/etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing
authenticate section.
 }
}
Errors initializing modules

On 7/27/08, Alan DeKok <[EMAIL PROTECTED]> wrote:
> Rafiqul Ahsan wrote:
> > Can anyone suggest the documents/wiki for installation steps for
> > Freeradius 2.0.5 on Solaris ?
>
> $ ./configure
> $ make
> $ make install
>
>  This worked the last time I tried 2.0.5 on Solaris.
>
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

-- 
Rafiqul Ahsan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

2.0.5 on Solaris

2008-07-27 Thread Rafiqul Ahsan

Can anyone suggest the documents/wiki for installation steps for
Freeradius 2.0.5 on Solaris ?

-- 
Rafiqul Ahsan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

EAP-TLS authentication error

2006-12-16 Thread Rafiqul Ahsan


Hi All,

I am using wpa_supplicant-0.5.5 against freeradius - v1.1.3 . I am getting
following error :

TLS_accept:error in SSLv3 read client certificate B
rlm_eap: SSL error error:0D07209B:asn1 encoding routines:ASN1_get_object:too
long
rlm_eap_tls: SSL_read failed inside of TLS (-1), TLS session fails.
In SSL Handshake Phase
In SSL Accept mode
rlm_eap: SSL error error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad
object header
rlm_eap_tls: BIO_read failed inside of TLS (-1), TLS session fails.
 eaptls_process returned 13
 rlm_eap: Freeing handler
 modcall[authenticate]: module "eap" returns reject for request 23
modcall: leaving group authenticate (returns reject) for request 23
auth: Failed to validate the user.
Login incorrect: [rafi/] (from client
192.168.1.102 port 19801 cli )
Delaying request 23 for 2 seconds
Finished request 23

Here are my configs :

test.conf (wpa_supplicant config)

linux:/home/admin/wpa_supplicant-0.5.5 # cat test.conf
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel
ap_scan=0
network={
   scan_ssid=0
   key_mgmt=IEEE8021X
   eap=TLS
   identity="rafi"
   eapol_flags=0
   ca_cert="/etc/1x/eap_tls/certs/cacert.pem"
   client_cert="/etc/1x/eap_tls/certs/clientcert.pem"
   private_key="/etc/1x/eap_tls/certs/clientkey.pem"
   private_key_passwd="wimax i2 test certs"
}

eap.conf :


   eap {
   default_eap_type = tls

   timer_expire = 120
   ignore_unknown_eap_types = no

   cisco_accounting_username_bug = no

   md5 {
   }

   leap {
   }

   gtc {
   auth_type = PAP
   }

   tls {
 rsa_key_exchange = yes
 dh_key_exchange = no
 rsa_key_length = 1024
 dh_key_length = 1024
 verify_depth = 2
 pem_file_type = yes

   private_key_password = "wimax i2 test certs"

   private_key_file =
/usr/local/etc/raddb/certs/rafi/eap_tls_certs/serverkey.pem
   certificate_file =
/usr/local/etc/raddb/certs/rafi/eap_tls_certs/servercert.pem
   CA_file =
/usr/local/etc/raddb/certs/rafi/eap_tls_certs/cacert.pem
   dh_file = /usr/local/etc/raddb/certs/rafi/dh
   random_file = /usr/local/etc/raddb/certs/rafi/random

 fragment_size = 1024

 include_length = yes

 check_cert_cn = %{User-Name}
   }


}



users :

rafi   Auth-Type := EAP






--
Rafiqul Ahsan630-717-1698(h)
2120 Periwinkle Ln 630-689-1457(h)
Naperville, IL 60540847-812-6176(c)
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

EAP-TTLS success

2006-10-24 Thread Rafiqul Ahsan

Hi all,
 
I found the issue for below error "EAP-request timed out OR EAP-response to an unknown EAP-request" --- NAS was not responding with the state attribute received from radius server. As soon as we fixed this at NAS, it went through all the steps required to authenticate an user using TTLS-MSCHAPV2. 

 
My plaform was Solaris 10, with freeradius version 1.1.3 
 
Thanks all for your valuable input.
 
Rafi 
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: EAP-TTLS problem at phase 1

2006-10-21 Thread Rafiqul Ahsan

Hello Hoercher,
 
Please see below answers/questions (in red):ok, i played around a bit and found EAP-TTLS working with noparticular problems.On 10/21/06, Rafiqul Ahsan <
[EMAIL PROTECTED]> wrote:> "testuser" User-Password := "testuser"looks ok, but I'm not absolutely sure about the quotation marks forthe username, they are not needed in any case.

 
testuser User-Password :="testuser"
I will try with only above entry in users file
 
> the error was about no matching "anonymous_identity", and thats why I had to> have a DEFAULT entry after this with Auth-Type :=EAP.
As you didn't show that error one cannot check for it's real cause.Everything else correctly configured you don't need that setting (andit might be actually wrong depending on circumstances).
 
OK, I found some positings about username_identity_check disabling for user "anonymous"...here it is
 
Quote
I guess since somebody implemented this check, there must be some broken NASes out there... andthe attached patch fixes this situation. If user sets "username_identity_check = no" in 
eap section it will disable this check. The default for this setting is "yes".
Unquote
 
So, now I have added this patch to files eap.c, rlm_eap.h, and rlm_eap.c, compiled. I will test it this on monday.I am expecting this patch will lead to pass this anonymous user check phase in radius 
server.I will post you the result on that. Please let me know if you are aware of this. 
> Do you suggest any particular format of my users file ? Please note, the> phase 1 user identity is "anonymous_identity", and phase 2 user/passwd is
> "testuser/testuser".I did take note. So, take an unaltered users file and just add yourline as mentioned above.Something I found in your previous post led to an failure here. Usephase2="autheap=MSCHAPV2"
instead ofphase2="auth=MSCHAPV2"
 
Not sure where we configure this phase2="autheap=MSCHAPV2" ? Are we at phase 2 yet ? I thought we have not passed the phase 1..can you pls clarify ?
> modcall: entering group authenticate for request 1^M> rlm_eap: Either EAP-request timed out OR EAP-response to an unknown
> EAP-request^MThat does look strange (and might indicate your real problem), if itstill persists with the suggested changes it might be useful to digfurther into that. Perhaps you could add another -x to the freeradius
invocation to get timestamps on the logfile.
 
 
I will test with the above patch - and see if we can pass the anonymous identity check problem. If persists - I will recompile with original files mentioned above, and test again to give you the full debug logs.

 
Thanks
Rafi
regardsK. Hoercher-List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: EAP-TTLS problem at phase 1

2006-10-21 Thread Rafiqul Ahsan

orize]: module "realmbackslash" returns noop for request 1^M
    rlm_realm: No '%' in User-Name = "anonymous_identity", looking up realm NULL^M    rlm_realm: No such realm "NULL"^M  modcall[authorize]: module "realmpercent" returns noop for request 1^M
rlm_fastusers:  Reloading fastusers hash^Mrlm_fastusers:  File /usr/local/etc/raddb/acct_users was unchanged. Not reloading.^Mrlm_fastusers:  File /usr/local/etc/raddb/users was unchanged. Not reloading.^M
rlm_fastusers:  checking defaults^M  fastusers: Matched DEFAULT at 6^M  modcall[authorize]: module "fastusers" returns updated for request 1^Mmodcall: leaving group authorize (returns updated) for request 1^M
  rad_check_password:  Found Auth-Type EAP^Mauth: type "EAP"^M  Processing the authenticate section of radiusd.conf^Mmodcall: entering group authenticate for request 1^Mrlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request^M
  rlm_eap: Failed in handler^M  modcall[authenticate]: module "eap" returns invalid for request 1^Mmodcall: leaving group authenticate (returns invalid) for request 1^Mauth: Failed to validate the user.^M
Login incorrect: [anonymous_identity/] (from client 192.168.1.102 port 19801 cli DU?I\272()^MDelaying request 1 for 2 seconds^MFinished request 1^M
Going to the next request^M--- Walking the entire request list ---^MWaking up in 2 seconds...^M--- Walking the entire request list ---^MWaking up in 2 seconds...^M--- Walking the entire request list ---^M
Sending Access-Reject of id 3 to 192.168.1.102 port 19801^MWaking up in 1 seconds...^M--- Walking the entire request list ---^MCleaning up request 1 ID 3 with timestamp 45394f9b^M
Nothing to do.  Sleeping until we see a request.^Mexit^M 
On 10/21/06, K. Hoercher <[EMAIL PROTECTED]> wrote:
Hi,as mentioned in various places in the documentation and countlesstimes on this list:
On 10/21/06, Rafiqul Ahsan <[EMAIL PROTECTED]> wrote:> Here is my users file :>> "testuser" Auth-Type := EAP, User-Password := "testuser"
>>> DEFAULT Auth-Type := EAPDont't set Auth-Type> Here is the radius log (only shown the failed part)>> rlm_fastusers:  checking defaults^M>   fastusers: Matched DEFAULT at 6^M
>   modcall[authorize]: module "fastusers" returns updated for request 1^M> modcall: leaving group authorize (returns updated) for request 1^M>   rad_check_password:  Found Auth-Type EAP^M
> auth: type "EAP"^M>   Processing the authenticate section of radiusd.conf^M> modcall: entering group authenticate for request 1^M>  rlm_eap: Either EAP-request timed out OR EAP-response to an unknown
> EAP-request^M>   rlm_eap: Failed in handler^M>   modcall[authenticate]: module "eap" returns invalid for request 1^M> modcall: leaving group authenticate (returns invalid) for request 1^M
Thats pretty much non-informative. In case, the above fix does not yetyield the desired results, provide the full debug output.regardsK. Hoercher-List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html-- Rafiqul Ahsan630-717-1698(h)2120 Periwinkle Ln 630-689-1457(h)Naperville, IL 60540847-812-6176(c)

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

EAP-TTLS problem at phase 1

2006-10-20 Thread Rafiqul Ahsan


Hi all,
I have been trying to figure this out for couple days, but could not get any clue. My test is about authentication with EAP-TTLS/MSCHAPV2.
I am using freeradius v - 1.1.3, on Solaris 10.
No matter what I do, I get "rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request" at the server.
Anybody can help me what went wrong ? Here is my configs..and logs (truncated)
Awaits some solution...
Rafi
 
 
Here is my eap.conf
    eap {    default_eap_type = ttls 
    timer_expire = 60    ignore_unknown_eap_types = no
    cisco_accounting_username_bug = no
    md5 {    }
    leap {    }
    gtc {    auth_type = PAP    }
    tls {  rsa_key_exchange = yes  dh_key_exchange = no  rsa_key_length = 1024  dh_key_length = 1024  verify_depth = 2  pem_file_type = yes
    private_key_password = "wimax i2 test certs"     private_key_file = /etc/freeradius/etc/certs/key2.pem    certificate_file = /etc/freeradius/etc/certs/cert2.pem    CA_file = /etc/freeradius/etc/certs/cacert.pem
    dh_file = /etc/freeradius/etc/certs/dh    random_file = /etc/freeradius/etc/certs/random
  fragment_size = 1024
  include_length = yes
  check_cert_cn = %{User-Name}    }
    ttls {    default_eap_type = mschapv2 
    #   copy_request_to_tunnel = no
    #   use_tunneled_reply = no    }
 peap {    default_eap_type = mschapv2
    #   copy_request_to_tunnel = no    #   use_tunneled_reply = no
    #   proxy_tunneled_request_as_eap = yes    }
    mschapv2 {    }    }
 
 
Here is my users file :
 
"testuser" Auth-Type := EAP, User-Password := "testuser"

DEFAULT Auth-Type := EAP
 
Here is my supplicant config :
# cat supplicant.confctrl_interface=/var/tmp/supplicant.ctleap_trace=1enableWiMAXauth=1validateFNECerts=1checkCRL=1ignoreTimeOfDay=0update_config=0data_interface=/var/tmp/supplicant_data.ctl
ap_scan=0fast_reauth=1load_dynamic=/usr/lib/wpa_supplicant/eap_ttls.sonetwork={eap=TTLSeap_workaround=1anonymous_identity="anonymous_identity"ca_path="/var/tmp/truststore"
ca_cert="/var/tmp/root.crt"client_cert="/var/tmp/cpe.crt"private_key="/var/tmp/key"private_key_passwd="wimax i2 test certs"phase2="auth=MSCHAPV2"}

 
Here is the radius log (only shown the failed part)
 
rlm_fastusers:  checking defaults^M  fastusers: Matched DEFAULT at 6^M  modcall[authorize]: module "fastusers" returns updated for request 1^Mmodcall: leaving group authorize (returns updated) for request 1^M
  rad_check_password:  Found Auth-Type EAP^Mauth: type "EAP"^M  Processing the authenticate section of radiusd.conf^Mmodcall: entering group authenticate for request 1^M
rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request^M  rlm_eap: Failed in handler^M  modcall[authenticate]: module "eap" returns invalid for request 1^Mmodcall: leaving group authenticate (returns invalid) for request 1^M
 
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: AAA configuration for given attributes - need help please !!!

2006-09-15 Thread Rafiqul Ahsan

The answer to that is, user will be authenticated by sending RADIUS Access Req with EAP Message, Sever will respond to the client by RADIUS Access-Challenge, EAP-TTLS Tunnel will be established (TLS handshake protocol using EAP message), EAP Message Exchange will occure (EAP-TTLS MS-CHAP-v2 authentication or any other authentication), and Server will either send RADIUS Access-Accept, or Access-Reject. The attributes will be included in the messages - my question is how to find the particular radius file where we are going to configure these attributes ?

 
I have seen client.conf, users and radiusd.conf - not finding much...because of my lack of experiance...
 
Hope that clarify the problem.
 
Thanks
rafi 
On 9/15/06, Peter Nixon <[EMAIL PROTECTED]> wrote:
On Fri 15 Sep 2006 20:27, Alan DeKok wrote:> "Rafiqul Ahsan" <
[EMAIL PROTECTED]> wrote:> > I am new to this AAA freeradius area, I need to configure the AAA radius> > server for following mentioned attributes according to the message,> > Access-req, Access-Accept, and Access-Challenge, and Access-Reject (pls
> > see below).>>   Configure the server to do... what, exactly?>>   The question you're asking is the same as "how do I configure a web> server to send bold text."  The answer is "huh?"
Why do I have the nasty feeling that there is a university somewhere teachingAAA as a course--Peter Nixonhttp://www.peternixon.net/PGP Key: 
http://www.peternixon.net/public.asc-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Rafiqul Ahsan630-717-1698(h)2120 Periwinkle Ln 630-689-1457(h)Naperville, IL 60540847-812-6176(c)
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

AAA configuration for given attributes - need help please !!!

2006-09-15 Thread Rafiqul Ahsan

Hi,
 
I am new to this AAA freeradius area, I need to configure the AAA radius server for following mentioned attributes according to the message, Access-req, Access-Accept, and Access-Challenge, and Access-Reject (pls see below). Also, I looked at the configuration files at radius server like 
clients.conf, users, radiusd.conf - I am not sure where this attributes to configure. Could any body help me getting started with this that would be highly appreciated. Also, please comment on the VSA attribute below - I am tryign to understand on section 
5.26, RFC 2865 - but not sure where to start.
 
Your help would be highly appreciated.
 
Below the attributes :
 
Access Request attributes

User-Name User-PasswordNAS-IPAddressNAS-PortService-TypeStateVendor-SpecificSession-TimeoutNAS-IdentifierCalled-Station-IDCalling-Station-IDNAS-Port-TypeEAP-MessageMessage-Authenticator

Access-Challenge attributes
Reply-MessageStateSession-TimeoutEAP-MessageMessage-Authenticator
Access-Accept attributes
User-NameStateService-TypeSession-TimeoutEAP-MessageVSA (Vendor Suitable Attributes)VSA ( ---)Message-Authenticator
 
Access-Reject Attributes
Reply-MessageStateSession-TimeoutEAP-MessageMessage-Authenticator
Thanks
Rafi
 
 
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: 1.1.3 on Solaris 10 (sparc)

2006-09-06 Thread Rafiqul Ahsan

Hi Lin, and others

It worked with the path. I am able to build, and install the free radius on Solaris 10. Thanks for your help.
I am planning to add EAP-AKA on the Free radius, as I understand this does not support currently. Any idea where to start ?

Thanks for your help.

Rafi 
On 9/6/06, Lin Richardson <[EMAIL PROTECTED]> wrote:

So to confirm the observations and comments above:My environment worked without any errors.  The following give some detail as to why.bash-3.00# which ar/usr/ccs/bin/arbash-3.00# echo $PATH
/usr/local/bin:/usr/bin:/usr/ccs/bin:/usr/sbin ar is a command line tool that is not in your path, so I guess ./configure sets it to false... and then tries to run it with the command "false".Fix your path to include the location of ar and you will probably have better results.  Thanks to the others on the list for catching this detail.  
It may be a good idea to add to the wiki as well. 
Lin

On 9/6/06, Rafiqul Ahsan <[EMAIL PROTECTED] 
> wrote: 

Thanks to Lin, Mercel, and Rob for your input. I am not sure about Mercel's comment on value of AR, this has been set to false in the Makefile at libltdl/ directory (where it actually fails). The question is what value should it be ? 

Also, Rob - when I put the /usr/ccs/bin/ on top of my PATH, it picks a make that gives me error as "make: Fatal error in reader: Makefile, line 41: Unexpected end of line seen". Wheras my earlier picks on make file from /usr/local/bin - did not give me this error. Following is the various command output FYI. Also - I could you please explain a little more on where to put this get -R/path/to/dep alongside the -L linker flags (an example would be appreciated). Is it needed to add on the Makefile on ./libltdl/ directory ? 

Thanks for your help.

Rafi

# /usr/local/bin/make -vGNU Make 3.80Copyright (C) 2002  Free Software Foundation, Inc.This is free software; see the source for copying conditions.There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A 
PARTICULAR PURPOSE.# /usr/ccs/bin/make -vmake: Warning: Ignoring DistributedMake -v optionmake: Fatal error in reader: Makefile, line 41: Unexpected end of line seen 
Here is my PATH (after I added /usr/ccs/bin - as suggested by Rob)
# echo $PATH/usr/ccs/bin:/usr/sbin:/usr/bin:/usr/sfw/bin/:/usr/local/bin 

On 9/6/06, Rob Shepherd <[EMAIL PROTECTED] 
> wrote: 

[EMAIL PROTECTED] wrote:> Lin Richardson wrote: >> You should post this to thet userlist (I am cc'ing them on this>> reply).  Perhaps someone there has seen the "false cru" error before...
>>>> I'm no compiler guru, but google tells me that libtool may be to >> blame. I don't acutally show libtool installed on my box and don't>> know much about it.> I'm no compiler guru either, but the system appears to be missing 'ar'
> (I thought I remembered 'ar' being called with options 'cru' before, and > the config.log confirms this:)For solaris...Add /usr/ccs/bin to the top of your path.In addition, as mentioned in this thread. The preferable way of
satisfying run time lib dependencies on solaris is by get -R/path/to/dep alongside the -L linker flags.Rob--Rob Shepherd | Computer and Network Engineer | Technium CAST | LL57 4HJ
[EMAIL PROTECTED] | 01248 675024 | 07776 210516 -List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html
-- Rafiqul Ahsan630-717-1698(h) 2120 Periwinkle Ln 630-689-1457(h)Naperville, IL 60540847-812-6176(c)-List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html -List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html-- Rafiqul Ahsan630-717-1698(h)2120 Periwinkle Ln 630-689-1457(h)Naperville, IL 60540847-812-6176(c)

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: 1.1.3 on Solaris 10 (sparc)

2006-09-06 Thread Rafiqul Ahsan

Thanks to Lin, Mercel, and Rob for your input. I am not sure about Mercel's comment on value of AR, this has been set to false in the Makefile at libltdl/ directory (where it actually fails). The question is what value should it be ?

Also, Rob - when I put the /usr/ccs/bin/ on top of my PATH, it picks a make that gives me error as "make: Fatal error in reader: Makefile, line 41: Unexpected end of line seen". Wheras my earlier picks on make file from /usr/local/bin - did not give me this error. Following is the various command output FYI. Also - I could you please explain a little more on where to put this get -R/path/to/dep alongside the -L linker flags (an example would be appreciated). Is it needed to add on the Makefile on ./libltdl/ directory ?

Thanks for your help.

Rafi

# /usr/local/bin/make -vGNU Make 3.80Copyright (C) 2002  Free Software Foundation, Inc.This is free software; see the source for copying conditions.There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.# /usr/ccs/bin/make -vmake: Warning: Ignoring DistributedMake -v optionmake: Fatal error in reader: Makefile, line 41: Unexpected end of line seen 
Here is my PATH (after I added /usr/ccs/bin - as suggested by Rob)
# echo $PATH/usr/ccs/bin:/usr/sbin:/usr/bin:/usr/sfw/bin/:/usr/local/bin 

On 9/6/06, Rob Shepherd <[EMAIL PROTECTED]> wrote:
[EMAIL PROTECTED] wrote:> Lin Richardson wrote:
>> You should post this to thet userlist (I am cc'ing them on this>> reply).  Perhaps someone there has seen the "false cru" error before...>>>> I'm no compiler guru, but google tells me that libtool may be to
>> blame. I don't acutally show libtool installed on my box and don't>> know much about it.> I'm no compiler guru either, but the system appears to be missing 'ar'> (I thought I remembered 'ar' being called with options 'cru' before, and
> the config.log confirms this:)For solaris...Add /usr/ccs/bin to the top of your path.In addition, as mentioned in this thread. The preferable way ofsatisfying run time lib dependencies on solaris is by get -R/path/to/dep
alongside the -L linker flags.Rob--Rob Shepherd | Computer and Network Engineer | Technium CAST | LL57 4HJ[EMAIL PROTECTED] | 01248 675024 | 07776 210516
-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html-- Rafiqul Ahsan630-717-1698(h)
2120 Periwinkle Ln 630-689-1457(h)Naperville, IL 60540847-812-6176(c)
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Free Radius make error with Sol10

2006-09-05 Thread Rafiqul Ahsan

Hi,
 
Following error I am getting when i try to make the free radius on Solaris 10. I am following direction as stated from link http://wiki.freeradius.org/index.php/Build

 
I installed following packages as suggested in the above link :
libgcc-3.3-sol10-sparc-local.gz
openssl-0.9.8b-sol10-sparc-local.gz
openldap-2.3.21-sol10-sparc-local.gz
 
And trying to build, freradius-1.1.3.tar.bz2
 
Using make version 3.80
 
Here is the sequesnce of command :
./configure
./make - and getting following error.
 
# makemake: *** No targets specified and no makefile found.  Stop.# cd# cd rafi_dir/# cd free_radius_1.1.3/# cd freeradius-1.1.3# makegmake[1]: Entering directory `/export/home/dev/rafi_dir/free_radius_1.1.3/freeradius-
1.1.3'Making all in libltdl...gmake[2]: Entering directory `/export/home/dev/rafi_dir/free_radius_1.1.3/freeradius-1.1.3/libltdl'/usr/sfw/bin//gmake  all-amgmake[3]: Entering directory `/export/home/dev/rafi_dir/free_radius_1.1.3/freeradius-
1.1.3/libltdl'/bin/bash ./libtool --tag=CC   --mode=link gcc  -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -no-undefined -version-info 4:4:1  -o libltdl.la
 -rpath /usr/local/lib ltdl.lo -ldl -lnsl -lresolv -lsocket -lposix4  -lpthreadgcc -shared -Wl,-h -Wl,libltdl.so.3 -o .libs/libltdl.so.3.1.4  .libs/ltdl.o  -ldl -lnsl -lresolv -lsocket -lposix4 -lpthread -lc (cd .libs && rm -f 
libltdl.so.3 && ln -s libltdl.so.3.1.4 libltdl.so.3)(cd .libs && rm -f libltdl.so && ln -s libltdl.so.3.1.4 libltdl.so)false cru .libs/libltdl.a  ltdl.ogmake[3]: *** [
libltdl.la] Error 1gmake[3]: Leaving directory `/export/home/dev/rafi_dir/free_radius_1.1.3/freeradius-1.1.3/libltdl'gmake[2]: *** [all] Error 2gmake[2]: Leaving directory `/export/home/dev/rafi_dir/free_radius_1.1.3/freeradius-
1.1.3/libltdl'gmake[1]: *** [common] Error 2gmake[1]: Leaving directory `/export/home/dev/rafi_dir/free_radius_1.1.3/freeradius-1.1.3'make: *** [all] Error 2Please help me figure out where do i need to look at, or any configuration that I missed ?

 
Thanks
Rafi-- Rafiqul Ahsan630-717-1698(h)2120 Periwinkle Ln 630-689-1457(h)Naperville, IL 60540847-812-6176(c) 
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

freeradius-1.1.2 install question on Solaris 10 (SPARC)

2006-07-31 Thread Rafiqul Ahsan

I am trying to install freeradius-1.1.2 on Solaris 10. 
 
I noticed that it requires to have open ssl installed on the system, and the Solaris 10 that I am working on has already installed open SSL as follows :
 
/usr/local/ssl/lib# ls -altotal 11884drwxr-xr-x   4 root bin  512 Apr 21 09:01 .drwxr-xr-x  10 root root 512 Apr 21 09:01 ..drwxr-xr-x   2 root bin  512 Apr 21 09:01 engines
-rw-r--r--   1 root bin  2235224 Oct 15  2005 libcrypto.alrwxrwxrwx   1 root root  18 Apr 21 09:01 libcrypto.so -> libcrypto.so.0.9.8-r-xr-xr-x   1 root bin  1333832 Oct 15  2005 
libcrypto.so.0.9.7-r-xr-xr-x   1 root bin  1529352 Oct 15  2005 libcrypto.so.0.9.8-rw-r--r--   1 root bin   389692 Oct 15  2005 libssl.alrwxrwxrwx   1 root root  15 Apr 21 09:01 libssl.so
 -> libssl.so.0.9.8-r-xr-xr-x   1 root bin   234036 Oct 15  2005 libssl.so.0.9.7-r-xr-xr-x   1 root bin   291900 Oct 15  2005 libssl.so.0.9.8drwxr-xr-x   2 root bin  512 Apr 21 09:01 pkgconfig
 
Also initiatially when I did ./configure - it was giving me error that the PATH was not set for gcc, cc etc. I set the path as follows :
 
export PATH=$PATH:/usr/local/bin
 
and then I attempetd to do make as follows :
 
# makemake[1]: Entering directory `/export/home/lab/freeradius-1.1.2'Making all in libltdl...make[2]: Entering directory `/export/home/lab/freeradius-1.1.2/libltdl'/bin/sh ./libtool --mode=compile gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -c 
ltdl.cmkdir .libsgcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -c ltdl.c   -fPIC -DPIC -o .libs/ltdl.loltdl.c: In function `lt_dlopenext':ltdl.c
:2926: warning: unused variable `file_found'gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -c ltdl.c -o ltdl.o >/dev/null 2>&1mv -f .libs/ltdl.lo 
ltdl.lo/bin/sh ./libtool --mode=link gcc  -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG  -o libltdl.la -rpath /usr/local/lib -no-undefined -version-info 4:0:1 
ltdl.lo -ldl -lnsl -lresolv -lsocket -lposix4  -lpthreadrm -fr .libs/libltdl.la .libs/libltdl.* .libs/libltdl.*/usr/ccs/bin/ld -G -z defs -h libltdl.so.3 -o .libs/libltdl.so.3.1.0  ltdl.lo  -ldl -lnsl -lresolv -lsocket -lposix4 -lpthread -lc 
(cd .libs && rm -f libltdl.so.3 && ln -s libltdl.so.3.1.0 libltdl.so.3)(cd .libs && rm -f libltdl.so && ln -s libltdl.so.3.1.0 libltdl.so)ar cru .libs/libltdl.a  ltdl.o ./libtool: ar: not found
make[2]: *** [libltdl.la] Error 1make[2]: Leaving directory `/export/home/lab/freeradius-1.1.2/libltdl'make[1]: *** [common] Error 2make[1]: Leaving directory `/export/home/lab/freeradius-
1.1.2'make: *** [all] Error 2 
 
I dont have any clue what that might be.. Can anybody help me figure out the problem ?
 
Thanks
Rafi
-- Rafiqul Ahsan630-717-1698(h)2120 Periwinkle Ln 630-689-1457(h)Naperville, IL 60540847-812-6176(c) 
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: 2.0.5 on Solaris with openssl 0.9.8h [SEC=UNCLASSIFIED]

Re: 2.0.5 on Solaris with openssl 0.9.8h [SEC=UNCLASSIFIED]

Re: 2.0.5 on Solaris with openssl 0.9.8h

Re: 2.0.5 on Solaris with openssl 0.9.8h

Re: 2.0.5 on Solaris with openssl 0.9.8h

Re: 2.0.5 on Solaris with openssl 0.9.8h

Re: 2.0.5 on Solaris with openssl 0.9.8h

Re: 2.0.5 on Solaris with openssl 0.9.8h

Re: 2.0.5 on Solaris with openssl 0.9.8h

2.0.5 on Solaris with openssl 0.9.8h

Re: 2.0.5 on Solaris, openssl 0.9.8h ---> does support sha256 ?

Re: 2.0.5 on Solaris, openssl 0.9.8h ---> does support sha256 ?

Re: 2.0.5 on Solaris, openssl 0.9.8h ---> does support sha256 ?

Re: 2.0.5 on Solaris, openssl 0.9.8h ---> does support sha256 ?

Re: 2.0.5 on Solaris

Re: 2.0.5 on Solaris

Re: 2.0.5 on Solaris

2.0.5 on Solaris

EAP-TLS authentication error

EAP-TTLS success

Re: EAP-TTLS problem at phase 1

Re: EAP-TTLS problem at phase 1

EAP-TTLS problem at phase 1

Re: AAA configuration for given attributes - need help please !!!

AAA configuration for given attributes - need help please !!!

Re: 1.1.3 on Solaris 10 (sparc)

Re: 1.1.3 on Solaris 10 (sparc)

Free Radius make error with Sol10

freeradius-1.1.2 install question on Solaris 10 (SPARC)

29 matches

Site Navigation

Mail list logo

Footer information