Re: 2.0.5 on Solaris with openssl 0.9.8h [SEC=UNCLASSIFIED]
Hi Alan, Thank you for your responses, and I appreciate for your time. I have few Sun machines, T2000, V210 - all of them has Solaris 10 with /usr/sfw/ dirs...Not sure I would try deleting the directory. But before going in to that approach, I have done a little test 1. I moved libssl.so.0.9.7, and libcrypto.so.0.9.7 from /usr/sfw/lib directory, and copied libssl.0.9.8, and libcrypto.0.9.8 in to this directory. 2. Having following path, and FLAGS... bash-3.00# echo $PATH /usr/sbin:/usr/bin:/usr/local/ssl/bin:/usr/sfw/bin:/usr/local/bin:/usr/ccs/bin bash-3.00# echo LDFLAGS LDFLAGS bash-3.00# echo $LDFLAGS -L/usr/local/ssl/lib -R/usr/local/ssl/lib bash-3.00# echo $CPPFLAGS -I/usr/local/ssl/include/openssl bash-3.00# echo $CFLAGS -I/usr/local/ssl/include/openssl bash-3.00# crle Configuration file [version 4]: /var/ld/ld.config Default Library Path (ELF): /lib/:/usr/lib:/usr/local/ssl/lib Trusted Directories (ELF):/lib/secure:/usr/lib/secure (system default) Command line: crle -c /var/ld/ld.config -l /lib/:/usr/lib:/usr/local/ssl/lib bash-3.00# echo $LD_LIBRARY_PATH /usr/lib:/usr/local/ssl/lib 3. ./configure --prefix=/usr/local --with-openssl-includes=/usr/local/s sl/include --with-openssl-libraries=/usr/local/ssl/lib See the below WARNING : configure: WARNING: pcap library not found, silently disabling the RADIUS sniffer. config.status: WARNING: ./Make.inc.in seems to ignore the --datarootdir setting config.status: WARNING: ./src/include/build-radpaths-h.in seems to ignore the --datarootdir setting chmod: WARNING: can't access check-radiusd-config configure: WARNING: silently not building rlm_counter. configure: WARNING: FAILURE: rlm_counter requires: libgdbm. configure: WARNING: silently not building rlm_eap_tls. configure: WARNING: FAILURE: rlm_eap_tls requires: OpenSSL. configure: WARNING: silently not building rlm_eap_ttls. configure: WARNING: FAILURE: rlm_eap_ttls requires: OpenSSL. configure: WARNING: silently not building rlm_eap_ikev2. configure: WARNING: FAILURE: rlm_eap_ikev2 requires: libeap-ikev2 EAPIKEv2/connector.h. configure: WARNING: the TNCS library isn't found! configure: WARNING: silently not building rlm_eap_tnc. configure: WARNING: FAILURE: rlm_eap_tnc requires: -lTNCS. configure: WARNING: silently not building rlm_eap_peap. configure: WARNING: FAILURE: rlm_eap_peap requires: OpenSSL. configure: WARNING: silently not building rlm_ippool. configure: WARNING: FAILURE: rlm_ippool requires: libgdbm. configure: WARNING: neither krb5 'k5crypto' nor 'crypto' libraries are found! configure: WARNING: the comm_err library isn't found! configure: WARNING: silently not building rlm_krb5. configure: WARNING: FAILURE: rlm_krb5 requires: krb5.h. configure: WARNING: silently not building rlm_ldap. configure: WARNING: FAILURE: rlm_ldap requires: libldap_r. configure: WARNING: silently not building rlm_otp. configure: WARNING: FAILURE: rlm_otp requires: openssl-libs. configure: WARNING: silently not building rlm_perl. configure: WARNING: FAILURE: rlm_perl requires: EXTERN.h perl.h libperl.so. configure: WARNING: silently not building rlm_python. configure: WARNING: FAILURE: rlm_python requires: Python.h libpython2.3. configure: WARNING: silently not building rlm_sql_iodbc. configure: WARNING: FAILURE: rlm_sql_iodbc requires: libiodbc isql.h. configure: WARNING: silently not building rlm_sql_postgresql. configure: WARNING: FAILURE: rlm_sql_postgresql requires: libpq. configure: WARNING: oracle headers not found. Use --with-oracle-home-dir=. configure: WARNING: silently not building rlm_sql_oracle. configure: WARNING: FAILURE: rlm_sql_oracle requires: oci.h. configure: WARNING: silently not building rlm_sql_unixodbc. configure: WARNING: FAILURE: rlm_sql_unixodbc requires: libodbc sql.h. 4. Make --- never creates rlm_eap_ttls/tls.o 5. Make install creates new radiusd...but with no libssl.so.0.9.X, and libcrypto.so.0.9.X Here is the output... # ldd /usr/local/sbin/radiusd libfreeradius-radius-2.0.5.so => /usr/local/lib/libfreeradius-ra dius-2.0.5.so libnsl.so.1 => /lib//libnsl.so.1 libresolv.so.2 => /lib//libresolv.so.2 libsocket.so.1 => /lib//libsocket.so.1 librt.so.1 => /lib//librt.so.1 libpthread.so.1 => /lib//libpthread.so.1 libcrypt_d.so.1 => /usr/lib/libcrypt_d.so.1 libltdl.so.3 => /usr/local/lib/libltdl.so.3 libdl.so.1 => /lib//libdl.so.1 libc.so.1 => /lib//libc.so.1 libgcc_s.so.1 => /usr/sfw/lib/libgcc_s.so.1 libmp.so.2 => /lib//libmp.so.2 libmd.so.1 => /lib//libmd.so.1 libscf.so.1 => /lib//libscf.so.1 libaio.so.1 => /lib//libaio.so.1 libgen.so.1 => /lib//libgen.so.1 libdoor.so.1 => /lib//libdoor.so.1 libuutil.so.1 => /lib//libuutil.so.1 libm.so.2 => /lib//libm.so.2 /platform/SUNW,Sun-Fire-V210/lib/libc_psr.so.1 /platform/SUNW,Sun-Fire-V210/lib/libmd_psr.so.1 I am confused ! I see it likes , and ONLY likes libssl.so.0.9.7, and libcrypto.so.0.9.7 at /usr.sfw/lib ... Rafi
Re: 2.0.5 on Solaris with openssl 0.9.8h [SEC=UNCLASSIFIED]
Thanks for your response. Here is what I set : bash-3.00# crle Configuration file [version 4]: /var/ld/ld.config Default Library Path (ELF): /lib/:/usr/lib:/usr/local/ssl/lib Trusted Directories (ELF):/lib/secure:/usr/lib/secure (system default) Command line: crle -c /var/ld/ld.config -l /lib/:/usr/lib:/usr/local/ssl/lib bash-3.00# echo $LD_LIBRARY_PATH /usr/lib:/usr/local/ssl/lib Looks like the issue is not the search path because it already serached to my desired location /usr/local/ssl/lib before /usr/sfw/lib. The issue is why Freeradius radiusd is looking for object libssl.so.0.9.7 libcrypto.so.0.9.7, and obviously it will not find at /usr/local/ssl/lib ? Here is the (partial) output of ldd -s radiusd find object=libssl.so.0.9.7; required by /usr/local/sbin/radiusd search path=/usr/local/lib:/usr/local/ssl/lib:/usr/sfw/lib (RPATH from file /usr/local/sbin/radiusd) trying path=/usr/local/lib/libssl.so.0.9.7 trying path=/usr/local/ssl/lib/libssl.so.0.9.7 trying path=/usr/sfw/lib/libssl.so.0.9.7 libssl.so.0.9.7 => /usr/sfw/lib/libssl.so.0.9.7 find object=libcrypto.so.0.9.7; required by /usr/local/sbin/radiusd search path=/usr/local/lib:/usr/local/ssl/lib:/usr/sfw/lib (RPATH from file /usr/local/sbin/radiusd) trying path=/usr/local/lib/libcrypto.so.0.9.7 trying path=/usr/local/ssl/lib/libcrypto.so.0.9.7 trying path=/usr/sfw/lib/libcrypto.so.0.9.7 libcrypto.so.0.9.7 =>/usr/sfw/lib/libcrypto.so.0.9.7 On 8/17/08, Ranner, Frank MR <[EMAIL PROTECTED]> wrote: > UNCLASSIFIED > > > -Original Message- > > From: > > [EMAIL PROTECTED] > eradius.org [mailto:freeradius-users-> > [EMAIL PROTECTED] On > > Behalf Of Rafiqul Ahsan > > Sent: Monday, 18 August 2008 07:21 > > To: FreeRadius users mailing list > > Subject: Re: 2.0.5 on Solaris with openssl 0.9.8h > > > > I believe I specified the path using -Rpath, and Solaris Linker > > searches this specified path for so libraris at run time. But still it > > is linking with /usr/swf/lib.. Did not find any other info on how we > > change the orders of dirs that it uses. > > > > Use ldd -s to determine how the shared libraries are found. The bottom > line is, use LD_LIBRARY_PATH > to overide all other settings. In your startup script put: > > LD_LIBRARY_PATH=/usr/lib:/usr/local/ssl/lib; export LD_LIBRARY_PATH > > You can also specify system-wide library search paths using crle > > [EMAIL PROTECTED] radius] # crle > > Configuration file [version 4]: /var/ld/ld.config > Default Library Path (ELF): > /usr/lib:/usr/local/lib:/var/cfengine/lib > Trusted Directories (ELF):/usr/lib/secure (system default) > > Command line: > crle -c /var/ld/ld.config -l /usr/lib:/usr/local/lib:/var/cfengine/lib > > > Using rpath is not such a good idea as it is the last resort - crle and > LD_LIBRARY_PATH will override > it as 'ldd -s' will show. > > Regards, > Frank Ranner > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Rafiqul Ahsan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.0.5 on Solaris with openssl 0.9.8h
I believe I specified the path using -Rpath, and Solaris Linker searches this specified path for so libraris at run time. But still it is linking with /usr/swf/lib.. Did not find any other info on how we change the orders of dirs that it uses. On 8/17/08, Alan DeKok <[EMAIL PROTECTED]> wrote: > Rafiqul Ahsan wrote: > > Ok, I tried as follows : > ... > > Still "ldd /usr/local/sbin/radiusd" shows the shared object from > > /usr/sfw/lib/*0.9.7 > > Then the issue is that the linker is linking against "libssl.so", and > not "libssl.so.0.9.8". This means that at run-time, /usr/sfw/lib is > found *before* /usr/local/lib, and so it links to the other version of > libssl. > > The only solutions are: > > a) change the order of directories that the run-time linker uses > b) delete the /usr/sfw/lib/libssl* files > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Rafiqul Ahsan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.0.5 on Solaris with openssl 0.9.8h
Ok, I tried as follows : 1. chmod a-rx /usr/sfw 2. As before I kept below FLAGS on : CFLAGS=-I/usr/local/ssl/include/openssl CPPFLAGS=-I/usr/local/ssl/include/openssl LDFLAGS='-L/usr/local/ssl/lib -R/usr/local/ssl/lib' export CFLAGS CPPFLAGS LDFLAGS 3. ./configure 4. make 5. make install Still "ldd /usr/local/sbin/radiusd" shows the shared object from /usr/sfw/lib/*0.9.7 Here are the outputs when we deleted the permission (before build), and added the permissions (after build) : bash-3.00# chmod a-rx /usr/sfw/ bash-3.00# ls -al /usr/sfw/ total 54 d- 11 root bin 512 Aug 1 11:06 . drwxr-xr-x 42 root sys 1024 Aug 5 23:54 .. drwxr-xr-x 3 root bin 6144 Aug 1 11:08 bin lrwxrwxrwx 1 root root 9 Aug 1 11:06 doc -> share/doc drwxr-xr-x 22 root bin 2048 Aug 1 11:08 include lrwxrwxrwx 1 root root 10 Aug 1 11:06 info -> share/info drwxr-xr-x 31 root bin 6656 Aug 13 12:35 lib drwxr-xr-x 3 root bin 512 Aug 1 10:51 libexec lrwxrwxrwx 1 root root 9 Aug 1 10:54 man -> share/man drwxr-xr-x 3 root bin 512 Aug 1 10:50 mysql drwxr-xr-x 2 root bin 512 Aug 1 11:14 sbin drwxr-xr-x 21 root bin 512 Aug 1 11:06 share drwxr-xr-x 4 root bin 512 Aug 1 10:34 sparc-sun-solaris2.10 lrwxrwxrwx 1 root root 9 Aug 1 09:54 src -> share/src drwxr-xr-x 6 root bin 512 Aug 1 09:54 swat bash-3.00# chmod a+rx /usr/sfw/ bash-3.00# ls -al /usr/sfw/ total 54 dr-xr-xr-x 11 root bin 512 Aug 1 11:06 . drwxr-xr-x 42 root sys 1024 Aug 5 23:54 .. drwxr-xr-x 3 root bin 6144 Aug 1 11:08 bin lrwxrwxrwx 1 root root 9 Aug 1 11:06 doc -> share/doc drwxr-xr-x 22 root bin 2048 Aug 1 11:08 include lrwxrwxrwx 1 root root 10 Aug 1 11:06 info -> share/info drwxr-xr-x 31 root bin 6656 Aug 13 12:35 lib drwxr-xr-x 3 root bin 512 Aug 1 10:51 libexec lrwxrwxrwx 1 root root 9 Aug 1 10:54 man -> share/man drwxr-xr-x 3 root bin 512 Aug 1 10:50 mysql drwxr-xr-x 2 root bin 512 Aug 1 11:14 sbin drwxr-xr-x 21 root bin 512 Aug 1 11:06 share drwxr-xr-x 4 root bin 512 Aug 1 10:34 sparc-sun-solaris2.10 lrwxrwxrwx 1 root root 9 Aug 1 09:54 src -> share/src drwxr-xr-x 6 root bin 512 Aug 1 09:54 swat On 8/17/08, Alan DeKok <[EMAIL PROTECTED]> wrote: > Rafiqul Ahsan wrote: > > Looks like I Freeradius still built with openssl 0.9.7 at > > /usr/swf...here is the ldd output : > > Follow instructions. If you "chmod a-rx /usr/swf", the linker CANNOT > and WILL NOT pick up OpenSSL from that directory. > > If that causes too many problems, then "chmod a-r > /usr/sfw/lib/libssl*" and /usr/sfw/lib/libcrypto*". Really. It's that > simple. > > *Then* build the server. *Then* change the permissions back. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Rafiqul Ahsan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.0.5 on Solaris with openssl 0.9.8h
Looks like I Freeradius still built with openssl 0.9.7 at /usr/swf...here is the ldd output : # ldd /usr/local/sbin/radiusd libfreeradius-radius-2.0.5.so => /usr/local/lib/libfreeradius-ra dius-2.0.5.so libnsl.so.1 => /lib/libnsl.so.1 libresolv.so.2 =>/lib/libresolv.so.2 libsocket.so.1 =>/lib/libsocket.so.1 librt.so.1 =>/lib/librt.so.1 libpthread.so.1 => /lib/libpthread.so.1 libcrypt_d.so.1 => /usr/lib/libcrypt_d.so.1 libltdl.so.3 => /usr/local/lib/libltdl.so.3 libssl.so.0.9.7 => /usr/sfw/lib/libssl.so.0.9.7 libcrypto.so.0.9.7 =>/usr/sfw/lib/libcrypto.so.0.9.7 libdl.so.1 =>/lib/libdl.so.1 libc.so.1 => /lib/libc.so.1 libgcc_s.so.1 => /usr/sfw/lib/libgcc_s.so.1 libmp.so.2 =>/lib/libmp.so.2 libmd.so.1 =>/lib/libmd.so.1 libscf.so.1 => /lib/libscf.so.1 libaio.so.1 => /lib/libaio.so.1 libgen.so.1 => /lib/libgen.so.1 libdoor.so.1 => /lib/libdoor.so.1 libuutil.so.1 => /lib/libuutil.so.1 libssl_extra.so.0.9.7 => /usr/sfw/lib/libssl_extra.so.0.9.7 libcrypto_extra.so.0.9.7 => /usr/sfw/lib/libcrypto_extra.so.0.9.7 libm.so.2 => /lib/libm.so.2 /platform/SUNW,Sun-Fire-V210/lib/libc_psr.so.1 /platform/SUNW,Sun-Fire-V210/lib/libmd_psr.so.1 On 8/16/08, Rafiqul Ahsan <[EMAIL PROTECTED]> wrote: > Here is the output. Not sure if this ensures the Freeradius built with > /usr/local/ssl/lib (0.9.8h), or /usr/sfw (0.9.7). My objective is to > build with 0.9.8h (but below output shows libgcc_s.sp.1 located at > /usr/sfw/lib). Can you please confirm from below output : > > # ldd /usr/local/lib/libltdl.so.3.1.4 >libdl.so.1 =>/lib/libdl.so.1 >libc.so.1 => /lib/libc.so.1 >libgcc_s.so.1 => /usr/sfw/lib/libgcc_s.so.1 >libm.so.2 => /lib/libm.so.2 > /platform/SUNW,Sun-Fire-V210/lib/libc_psr.so.1 > > > > On 8/16/08, Andrew Hood <[EMAIL PROTECTED]> wrote: > > Rafiqul Ahsan wrote: > > > It is Solaris 10 (V210). Now I have added below Flags (as per your > > > previous email) : > > > > > > CFLAGS=-I/usr/local/ssl/include/openssl > > > CPPFLAGS=-I/usr/local/ssl/include/openssl > > > LDFLAGS='-L/usr/local/ssl/lib -R/usr/local/ssl/lib' > > > export CFLAGS CPPFLAGS LDFLAGS > > > > > > How else to verify that my Frerradius 2.0.5 was built with > > > openssl0.9.8h (Again, please note openssl 0.9.8h was installed in > > > /usr/local/ssl, and prebuilt openssl (came with Solaris 10) 0.9.7 is > > > at /usr/sfw) ? I wanted to build with 0.9.8h because it supports > > > advance crypto like sha2, sha256 etcBut still does not seem like > > > Freeradius is working with sha256. > > > > > > Here is the part of make log : > > > gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/local/ssl/include/openssl > > > -I/usr/local/s > > > sl/include/openssl -c ltdl.c -fPIC -DPIC -o .libs/ltdl.o > > > gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/local/ssl/include/openssl > > > -I/usr/local/s > > > sl/include/openssl -c ltdl.c -o ltdl.o >/dev/null 2>&1 > > > /bin/bash ./libtool --tag=CC --mode=link gcc > > > -I/usr/local/ssl/include/openssl > > > -no-undefined -version-info 4:4:1 -L/usr/local/ssl/lib > > > -R/usr/local/ssl/lib -o > > > libltdl.la -rpath /usr/local/lib ltdl.lo -ldl > > > gcc -shared -Wl,-h -Wl,libltdl.so.3 -o .libs/libltdl.so.3.1.4 > > > .libs/ltdl.o -R/ > > > usr/local/ssl/lib -L/usr/local/ssl/lib -ldl -lc > > > (cd .libs && rm -f libltdl.so.3 && ln -s libltdl.so.3.1.4 libltdl.so.3) > > > (cd .libs && rm -f libltdl.so && ln -s libltdl.so.3.1.4 libltdl.so) > > > ar cru .libs/libltdl.a ltdl.o > > > ranlib .libs/libltdl.a > > > creating libltdl.la > > > > Assuming you have run "make install", what does > > > > ldd /your/path/to/libltdl.so > > > > return? > > -- > > REALITY.SYS not found: Universe halted. > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > -- > Rafiqul Ahsan > -- Rafiqul Ahsan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.0.5 on Solaris with openssl 0.9.8h
Here is the output. Not sure if this ensures the Freeradius built with /usr/local/ssl/lib (0.9.8h), or /usr/sfw (0.9.7). My objective is to build with 0.9.8h (but below output shows libgcc_s.sp.1 located at /usr/sfw/lib). Can you please confirm from below output : # ldd /usr/local/lib/libltdl.so.3.1.4 libdl.so.1 =>/lib/libdl.so.1 libc.so.1 => /lib/libc.so.1 libgcc_s.so.1 => /usr/sfw/lib/libgcc_s.so.1 libm.so.2 => /lib/libm.so.2 /platform/SUNW,Sun-Fire-V210/lib/libc_psr.so.1 On 8/16/08, Andrew Hood <[EMAIL PROTECTED]> wrote: > Rafiqul Ahsan wrote: > > It is Solaris 10 (V210). Now I have added below Flags (as per your > > previous email) : > > > > CFLAGS=-I/usr/local/ssl/include/openssl > > CPPFLAGS=-I/usr/local/ssl/include/openssl > > LDFLAGS='-L/usr/local/ssl/lib -R/usr/local/ssl/lib' > > export CFLAGS CPPFLAGS LDFLAGS > > > > How else to verify that my Frerradius 2.0.5 was built with > > openssl0.9.8h (Again, please note openssl 0.9.8h was installed in > > /usr/local/ssl, and prebuilt openssl (came with Solaris 10) 0.9.7 is > > at /usr/sfw) ? I wanted to build with 0.9.8h because it supports > > advance crypto like sha2, sha256 etcBut still does not seem like > > Freeradius is working with sha256. > > > > Here is the part of make log : > > gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/local/ssl/include/openssl > > -I/usr/local/s > > sl/include/openssl -c ltdl.c -fPIC -DPIC -o .libs/ltdl.o > > gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/local/ssl/include/openssl > > -I/usr/local/s > > sl/include/openssl -c ltdl.c -o ltdl.o >/dev/null 2>&1 > > /bin/bash ./libtool --tag=CC --mode=link gcc > > -I/usr/local/ssl/include/openssl > > -no-undefined -version-info 4:4:1 -L/usr/local/ssl/lib > > -R/usr/local/ssl/lib -o > > libltdl.la -rpath /usr/local/lib ltdl.lo -ldl > > gcc -shared -Wl,-h -Wl,libltdl.so.3 -o .libs/libltdl.so.3.1.4 .libs/ltdl.o > > -R/ > > usr/local/ssl/lib -L/usr/local/ssl/lib -ldl -lc > > (cd .libs && rm -f libltdl.so.3 && ln -s libltdl.so.3.1.4 libltdl.so.3) > > (cd .libs && rm -f libltdl.so && ln -s libltdl.so.3.1.4 libltdl.so) > > ar cru .libs/libltdl.a ltdl.o > > ranlib .libs/libltdl.a > > creating libltdl.la > > Assuming you have run "make install", what does > > ldd /your/path/to/libltdl.so > > return? > -- > REALITY.SYS not found: Universe halted. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Rafiqul Ahsan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.0.5 on Solaris with openssl 0.9.8h
It is Solaris 10 (V210). Now I have added below Flags (as per your previous email) : CFLAGS=-I/usr/local/ssl/include/openssl CPPFLAGS=-I/usr/local/ssl/include/openssl LDFLAGS='-L/usr/local/ssl/lib -R/usr/local/ssl/lib' export CFLAGS CPPFLAGS LDFLAGS How else to verify that my Frerradius 2.0.5 was built with openssl0.9.8h (Again, please note openssl 0.9.8h was installed in /usr/local/ssl, and prebuilt openssl (came with Solaris 10) 0.9.7 is at /usr/sfw) ? I wanted to build with 0.9.8h because it supports advance crypto like sha2, sha256 etcBut still does not seem like Freeradius is working with sha256. Here is the part of make log : gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/local/ssl/include/openssl -I/usr/local/s sl/include/openssl -c ltdl.c -fPIC -DPIC -o .libs/ltdl.o gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/local/ssl/include/openssl -I/usr/local/s sl/include/openssl -c ltdl.c -o ltdl.o >/dev/null 2>&1 /bin/bash ./libtool --tag=CC --mode=link gcc -I/usr/local/ssl/include/openssl -no-undefined -version-info 4:4:1 -L/usr/local/ssl/lib -R/usr/local/ssl/lib -o libltdl.la -rpath /usr/local/lib ltdl.lo -ldl gcc -shared -Wl,-h -Wl,libltdl.so.3 -o .libs/libltdl.so.3.1.4 .libs/ltdl.o -R/ usr/local/ssl/lib -L/usr/local/ssl/lib -ldl -lc (cd .libs && rm -f libltdl.so.3 && ln -s libltdl.so.3.1.4 libltdl.so.3) (cd .libs && rm -f libltdl.so && ln -s libltdl.so.3.1.4 libltdl.so) ar cru .libs/libltdl.a ltdl.o ranlib .libs/libltdl.a creating libltdl.la On 8/15/08, Andrew Hood <[EMAIL PROTECTED]> wrote: > Rafiqul Ahsan wrote: > > Hi Alan, and All, > > > > Well, I believe I have linked Freeradius 2.0.5 with the right openssl > > (0.9.8h) now by adding below env variables(my build logs also says > > that linked with -L/usr/local/ssl/lib). However I still see the same > > error while using sha256 encryption algorithm with RSA 2048 key. I > > sent this query to openssl maillist, they are sending me back to you > > (freeradius folks) to verify whether Freeradius supports sha2, sha256 > > etc. (I hoped that below patch would allow, but no luck). > > > > CFLAGS=-I/usr/local/ssl/include/openssl > > CPPFLAGS=-I/usr/local/ssl/include/openssl > > LDFLAGS=-L/usr/local/ssl/lib > > export CFLAGS CPPFLAGS LDFLAGS > > I forget. Were you using the Sun toolchain or GNU? > > You probably need one of: > > LDFLAGS='-L/usr/local/ssl/lib -Wl,-rpath -Wl,/usr/local/ssl/lib > > or > > LDFLAGS='-L/usr/local/ssl/lib -R/usr/local/ssl/lib' > > or whatever similar incantation your linker wants to achive the same > result, forcing it to use the version of openssl in /usr/local/lib > > > -- > REALITY.SYS not found: Universe halted. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Rafiqul Ahsan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.0.5 on Solaris with openssl 0.9.8h
Hi Alan, and All, Well, I believe I have linked Freeradius 2.0.5 with the right openssl (0.9.8h) now by adding below env variables(my build logs also says that linked with -L/usr/local/ssl/lib). However I still see the same error while using sha256 encryption algorithm with RSA 2048 key. I sent this query to openssl maillist, they are sending me back to you (freeradius folks) to verify whether Freeradius supports sha2, sha256 etc. (I hoped that below patch would allow, but no luck). CFLAGS=-I/usr/local/ssl/include/openssl CPPFLAGS=-I/usr/local/ssl/include/openssl LDFLAGS=-L/usr/local/ssl/lib export CFLAGS CPPFLAGS LDFLAGS And earlier I added below two patches to Freeradius: --- freeradius-1.1.7/configure +++ freeradius-1.1.7-new/configure @@ -20552,7 +20552,7 @@ echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS -LIBS="-lssl $LIBS" +LIBS="-lssl -lcrypto -ldl $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF @@ -20617,8 +20617,7 @@ if test "x$OPENSSL_LIB_DIR" != "x"; then OPENSSL_LIBS="-L$OPENSSL_LIB_DIR" fi - OPENSSL_LIBS="$OPENSSL_LIBS -lcrypto -lssl -lcrypto" - + OPENSSL_LIBS="$OPENSSL_LIBS -lcrypto -lssl -lcrypto -ldl" fi diff -Naur freeradius-1.1.7-mod/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c freeradius-1.1.7/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c --- freeradius-1.1.7-mod/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c 2007-04-20 14:58:46.0 +0300 +++ freeradius-1.1.7/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c @@ -292,6 +292,7 @@ */ SSL_library_init(); SSL_load_error_strings(); + OpenSSL_add_all_digests(); meth = TLSv1_method(); ctx = SSL_CTX_new(meth); On 8/14/08, Alan DeKok <[EMAIL PROTECTED]> wrote: > Rafiqul Ahsan wrote: > > I tried to install the openssl from Sunware, but it installs at > > /usr/local/ssl directory. Somehow (could not figure out how) the > > freeradius build process linking with the Solaris prebuilt openssl > > library at /usr/sfw.. > > Because that's what the linker on Solaris does. Go read it's > documentation to see how to configure it to do what you want. This > isn't a FreeRADIUS question. > > > I would like to change configuration the linker to prefer one version > > (0.9.8)over the other (0.9.7 is prebuilt comes with Solaris).. also to > > include references to prefer one over other...But I don;t know where > > to change.I looked at Configure, Makefilebut cannot seem to find > > where it was configured that. Can you please help ? > > Maybe the Solaris linker documentation will help? > > Heck, if you're building as root, just do "chmod a-rwx /usr/sfw", > build FreeRADIUS, and then do "chmod a+rx /usr/sqf". That should solve > it. i.e. This is pretty much a Unix 101 question... > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Rafiqul Ahsan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.0.5 on Solaris with openssl 0.9.8h
I tried to install the openssl from Sunware, but it installs at /usr/local/ssl directory. Somehow (could not figure out how) the freeradius build process linking with the Solaris prebuilt openssl library at /usr/sfw.. I would like to change configuration the linker to prefer one version (0.9.8)over the other (0.9.7 is prebuilt comes with Solaris).. also to include references to prefer one over other...But I don;t know where to change.I looked at Configure, Makefilebut cannot seem to find where it was configured that. Can you please help ? Thanks On 8/13/08, Alan DeKok <[EMAIL PROTECTED]> wrote: > Rafiqul Ahsan wrote: > > I am facing some challenges on building Freeradius 2.0.5 (Solaris OS) > > with openssl version 0.9.8h. The Solaris 10 come with prebuilt openssl > > version, and found at /usr/sfw/bin/openssl, version 0.9.7d. Prior to > > building freeradius I built newer version openssl (v.0.9.8h) located > > in /usr/local/ssl. here are the two openssl version now I have in my > > Solaris. > > Why not just install the OpenSSL from sunfreeware? They have a > package pre-built... > > > When I built Freeradius 2.0.5 (I simply executed three comands, > > ./configure make and make install) , I was expecting that it would > > build with my desired openssl version. > > Why? How does it know what you desire? Did you configure the linker > to prefer one version over the other? Did you configure the C "include" > references to prefer one over the other? > > > this. I sent openssl community this question, they wanted me to verify > > whether I actualy built the freeradius with this new openssl version. > > Well... of course. > > > I am not able to understand what library it is actually built with, > > because I could not figure out from build log, nor the configure. But > > if I use the configure options as below, I see a rolling error (that > > telling me that I must not have built the freeradius with openssl > > 0.9.8h ?) : > > No idea. > ... > > Text relocation remains referenced > > against symbol offset in file > >0x0 > > /usr/local/ssl/lib/libssl.a(ssl_lib.o) > > That's a fairly useless error. Are you sure that the libssl.a file is > really a library, and not something else? > > Alan DEKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Rafiqul Ahsan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
2.0.5 on Solaris with openssl 0.9.8h
Alan, and all , I am facing some challenges on building Freeradius 2.0.5 (Solaris OS) with openssl version 0.9.8h. The Solaris 10 come with prebuilt openssl version, and found at /usr/sfw/bin/openssl, version 0.9.7d. Prior to building freeradius I built newer version openssl (v.0.9.8h) located in /usr/local/ssl. here are the two openssl version now I have in my Solaris. bash-3.00# openssl version OpenSSL 0.9.8h 28 May 2008 bash-3.00# /usr/sfw/bin/openssl version OpenSSL 0.9.7d 17 Mar 2004 (+ security patches to 2006-09-29) When I built Freeradius 2.0.5 (I simply executed three comands, ./configure make and make install) , I was expecting that it would build with my desired openssl version. Aparantly, I found that certain has algorithm (sha256) is not supporting when I work with freeradius (I mean with SSL version that it was built with). However openssl version 0.9.8h should support this. I sent openssl community this question, they wanted me to verify whether I actualy built the freeradius with this new openssl version. I am not able to understand what library it is actually built with, because I could not figure out from build log, nor the configure. But if I use the configure options as below, I see a rolling error (that telling me that I must not have built the freeradius with openssl 0.9.8h ?) : ... (see portion of my out when I executed make, after ./configure ./configure \ --prefix=/usr/local/freeradius \ --with-openssl=yes \ --with-openssl-dir=/usr/local/ssl \ --with-openssl-includes=/usr/local/ssl/include \ --with-openssl-libraries=/usr/local/ssl/lib ) RB5 -c peap.c -o peap.o >/dev/null 2>&1 /export/home/dev/freeradius-server-2.0.5/libtool --mode=link gcc -release 2.0.5 \ -module -export-dynamic -o rlm_eap_peap.la \ -rpath /usr/local/lib rlm_eap_peap.lo peap.lo rlm_eap_peap.c peap.c /export/home/dev/f radius-server-2.0.5/src/lib/libfreeradius-radius.la ../../libeap/libfreeradius-eap.la usr/local/ssl/lib -lcrypto -lssl -lcrypto -ldl -lnsl -lresolv -lsocket -lposix4 -lpth d gcc -shared -Wl,-h -Wl,rlm_eap_peap-2.0.5.so -o .libs/rlm_eap_peap-2.0.5.so .libs/rlm p_peap.o .libs/peap.o -R/export/home/dev/freeradius-server-2.0.5/src/lib/.libs -R/exp /home/dev/freeradius-server-2.0.5/src/modules/rlm_eap/libeap/.libs -R/usr/local/lib -L port/home/dev/freeradius-server-2.0.5/src/lib/.libs /export/home/dev/freeradius-server 0.5/src/lib/.libs/libfreeradius-radius.so ../../libeap/.libs/libfreeradius-eap.so -L/u local/ssl/lib -lssl -lcrypto -ldl -lnsl -lresolv -lsocket -lposix4 -lpthread -lc Text relocation remains referenced against symbol offset in file 0x0 /usr/local/ssl/lib/libssl.a(ssl_lib.o) 0x4 /usr/local/ssl/lib/libssl.a(ssl_lib.o) 0x8 /usr/local/ssl/lib/libssl.a(ssl_lib.o) 0xc /usr/local/ssl/lib/libssl.a(ssl_lib.o) 0x10 /usr/local/ssl/lib/libssl.a(ssl_lib.o) 0x14 /usr/local/ssl/lib/libssl.a(ssl_lib.o) 0x18 /usr/local/ssl/lib/libssl.a(ssl_lib.o) 0x1c /usr/local/ssl/lib/libssl.a(ssl_lib.o) 0x20 /usr/local/ssl/lib/libssl.a(ssl_lib.o) 0x24 /usr/local/ssl/lib/libssl.a(ssl_lib.o) 0x28 /usr/local/ssl/lib/libssl.a(ssl_lib.o) 0x2c /usr/local/ssl/lib/libssl.a(ssl_lib.o) 0x30 /usr/local/ssl/lib/libssl.a(ssl_lib.o) 0x34 /usr/local/ssl/lib/libssl.a(ssl_lib.o) 0x38 /usr/local/ssl/lib/libssl.a(ssl_lib.o) 0x3c /usr/local/ssl/lib/libssl.a(ssl_lib.o) 0x40 /usr/local/ssl/lib/libssl.a(ssl_lib.o) On 8/7/08, Rafiqul Ahsan <[EMAIL PROTECTED]> wrote: > I changed the Makefile for random file creation step (as a fix for my > earlier posted error)... > > This is what I found at Makefile : > > random: >@if [ -e /dev/urandom ] ; then \ >dd if=/dev/urandom of=./random count=10 >/dev/null 2>&1; \ >else \ >date > ./random; \ >fi > > I Changed to ... > > random > date > ./random; > > That solved my earlier problem, and now my server is listening. > > Thanks, > Rafi > > > > > > > > On 8/7/08, Rafiqul Ahsan <[EMAIL PROTECTED]> wrote: > > I see below error when I execute bootstrap > > > > bash-3.00# /usr/local/etc/raddb/certs/bootstrap > > ... > > make: Nothing to be done for `ca'. > > make: Nothing to be done for `server'. > > make: `dh' is up to date. > > /bin/sh: test: argument expected > > make: *** [random] Erro
Re: 2.0.5 on Solaris, openssl 0.9.8h ---> does support sha256 ?
Alan, Never mind. I got this fixed by going through the source code and found that the function does only few checkings, like certs path where I found the issues. Thanks, again and hope that this patch I applied will help to support sha256-rsa Thanks Rafi On 8/9/08, Rafiqul Ahsan <[EMAIL PROTECTED]> wrote: > I saw this error (rlm_eap: SSL error error:02001002:system > library:fopen:No such file or directory) before I had applied the > patches (openSSL_add_all_digests() at rlm_eap_tls.c, and LIBS, > OPENSSL_LIBS at configure as I have indicated in my last email). After > the patches, the make and make install succeded but I ./radiusd -X > giving me symbol reference error. > > On 8/9/08, Alan DeKok <[EMAIL PROTECTED]> wrote: > > Rafiqul Ahsan wrote: > > > I have tested authentication works with my existing certs. When I load > > > the new certs (sha256), and I see below error at "radiusd -X" > > > I am using FreeeRadius 2.0.5, openssl 0.9.8h, OS Solaris. > > ... > > > rlm_eap: SSL error error:02001002:system library:fopen:No such file or > > directory > > > rlm_eap_tls: Error reading Trusted root CA list > > /usr/local/etc/raddb/certs/wmaxf > > > orum/sam-cacert.pem > > > > What part of that message is unclear? > > > > > > > Is there any known patch for this to support advance encryption...I > > > believe I saw somewhere in web that 1.1.7 has this patch, how about > > > 2.0.5 ? > > > > What do you mean, "advance encryption"? > > I meant whether 2.0.5 supports sha256-rsa (cryptographic algorithms) or not. > > > > Alan DeKok. > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > -- > Rafiqul Ahsan > -- Rafiqul Ahsan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.0.5 on Solaris, openssl 0.9.8h ---> does support sha256 ?
I saw this error (rlm_eap: SSL error error:02001002:system library:fopen:No such file or directory) before I had applied the patches (openSSL_add_all_digests() at rlm_eap_tls.c, and LIBS, OPENSSL_LIBS at configure as I have indicated in my last email). After the patches, the make and make install succeded but I ./radiusd -X giving me symbol reference error. On 8/9/08, Alan DeKok <[EMAIL PROTECTED]> wrote: > Rafiqul Ahsan wrote: > > I have tested authentication works with my existing certs. When I load > > the new certs (sha256), and I see below error at "radiusd -X" > > I am using FreeeRadius 2.0.5, openssl 0.9.8h, OS Solaris. > ... > > rlm_eap: SSL error error:02001002:system library:fopen:No such file or > directory > > rlm_eap_tls: Error reading Trusted root CA list > /usr/local/etc/raddb/certs/wmaxf > > orum/sam-cacert.pem > > What part of that message is unclear? > > > > Is there any known patch for this to support advance encryption...I > > believe I saw somewhere in web that 1.1.7 has this patch, how about > > 2.0.5 ? > > What do you mean, "advance encryption"? I meant whether 2.0.5 supports sha256-rsa (cryptographic algorithms) or not. > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Rafiqul Ahsan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.0.5 on Solaris, openssl 0.9.8h ---> does support sha256 ?
Hi Alan, I have applied below two patches (as I have seen somebody posted for freeradius 1.1.7) for freeradius 2.0.5 supporting sha256-rsa (the patches listed below as 1, and 2). After ./configure, make clean, make, and make install I ran ./radiusd -X, but getting symbol reference error as per below log (I have not rebuilt openssl): tls { rsa_key_exchange = yes dh_key_exchange = no rsa_key_length = 1024 dh_key_length = 1024 verify_depth = 2 pem_file_type = yes private_key_file = "/usr/local/etc/raddb/certs/server_pvt.pem" certificate_file = "/usr/local/etc/raddb/certs/server_cert.pem" CA_file = "/usr/local/etc/raddb/certs/ServerRootCA.pem" dh_file = "/usr/local/etc/raddb/certs/DH" random_file = "/usr/local/etc/raddb/certs/random" fragment_size = 1024 include_length = yes check_crl = no } ld.so.1: radiusd: fatal: relocation error: file /usr/local/lib/rlm_eap_tls-2.0.5.so: symbol openSSL_add_all_digests: referenced symbol not found Killed 1. freeradius-1.1.7/configure -LIBS="-lssl $LIBS" +LIBS="-lssl -lcrypto -ldl $LIBS" - OPENSSL_LIBS="$OPENSSL_LIBS -lcrypto -lssl -lcrypto" + OPENSSL_LIBS="$OPENSSL_LIBS -lcrypto -lssl -lcrypto -ldl" 2. freeradius-1.1.7/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c SSL_library_init(); SSL_load_error_strings(); + OpenSSL_add_all_digests(); meth = TLSv1_method(); ctx = SSL_CTX_new(meth); Can you please help ? -- Rafiqul Ahsan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.0.5 on Solaris, openssl 0.9.8h ---> does support sha256 ?
I have tested authentication works with my existing certs. When I load the new certs (sha256), and I see below error at "radiusd -X" I am using FreeeRadius 2.0.5, openssl 0.9.8h, OS Solaris. Is there any known patch for this to support advance encryption...I believe I saw somewhere in web that 1.1.7 has this patch, how about 2.0.5 ? Thanks for your thoughts, Rafi tls { rsa_key_exchange = yes dh_key_exchange = no rsa_key_length = 1024 dh_key_length = 1024 verify_depth = 2 pem_file_type = yes private_key_file = "/usr/local/etc/raddb/certs/wmxforum/xohm.com3.pvt.pe m" certificate_file = "/usr/local/etc/raddb/certs/wmxforum/xohm.com3.pem" CA_file = "/usr/local/etc/raddb/certs/wmaxforum/sam-cacert.pem" dh_file = "/usr/local/etc/raddb/certs/wmxforum/DH" random_file = "/usr/local/etc/raddb/certs/wmxforum/random" fragment_size = 1024 include_length = yes check_crl = no } rlm_eap: SSL error error:02001002:system library:fopen:No such file or directory rlm_eap_tls: Error reading Trusted root CA list /usr/local/etc/raddb/certs/wmaxf orum/sam-cacert.pem rlm_eap: Failed to initialize type tls /usr/local/etc/raddb/eap.conf[3]: Instantiation failed for module "eap" /usr/local/etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module "eap ". /usr/local/etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing authenticat e section. } } Errors initializing modules On 8/7/08, Rafiqul Ahsan <[EMAIL PROTECTED]> wrote: > I changed the Makefile for random file creation step (as a fix for my > earlier posted error)... > > This is what I found at Makefile : > > random: >@if [ -e /dev/urandom ] ; then \ >dd if=/dev/urandom of=./random count=10 >/dev/null 2>&1; \ >else \ >date > ./random; \ >fi > > I Changed to ... > > random > date > ./random; > > That solved my earlier problem, and now my server is listening. > > Thanks, > Rafi > > > > > > > > On 8/7/08, Rafiqul Ahsan <[EMAIL PROTECTED]> wrote: > > I see below error when I execute bootstrap > > > > bash-3.00# /usr/local/etc/raddb/certs/bootstrap > > ... > > make: Nothing to be done for `ca'. > > make: Nothing to be done for `server'. > > make: `dh' is up to date. > > /bin/sh: test: argument expected > > make: *** [random] Error 1 > > > > On 8/7/08, Alan DeKok <[EMAIL PROTECTED]> wrote: > > > Rafiqul Ahsan wrote: > > > > Thanks, I was able to build freeradius 2.0.5 on Solaris 10. However, > > > > server is not running, and I see below error when I run "radiusd -X". > > > > Here is the output. > > > ... > > > > make_cert_command = "/usr/local/etc/raddb/certs/bootstrap" > > > >} > > > > Exec-Program output: > > > > > > It's trying to run the bootstrap command. It's not working. > > > > > > Run the bootstrap command by hand, and then re-start the server. > > > > > > Alan DeKok. > > > - > > > List info/subscribe/unsubscribe? See > > > http://www.freeradius.org/list/users.html > > > > > > > > > -- > > Rafiqul Ahsan > > > > > -- > Rafiqul Ahsan > -- Rafiqul Ahsan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.0.5 on Solaris
I changed the Makefile for random file creation step (as a fix for my earlier posted error)... This is what I found at Makefile : random: @if [ -e /dev/urandom ] ; then \ dd if=/dev/urandom of=./random count=10 >/dev/null 2>&1; \ else \ date > ./random; \ fi I Changed to ... random date > ./random; That solved my earlier problem, and now my server is listening. Thanks, Rafi On 8/7/08, Rafiqul Ahsan <[EMAIL PROTECTED]> wrote: > I see below error when I execute bootstrap > > bash-3.00# /usr/local/etc/raddb/certs/bootstrap > ... > make: Nothing to be done for `ca'. > make: Nothing to be done for `server'. > make: `dh' is up to date. > /bin/sh: test: argument expected > make: *** [random] Error 1 > > On 8/7/08, Alan DeKok <[EMAIL PROTECTED]> wrote: > > Rafiqul Ahsan wrote: > > > Thanks, I was able to build freeradius 2.0.5 on Solaris 10. However, > > > server is not running, and I see below error when I run "radiusd -X". > > > Here is the output. > > ... > > > make_cert_command = "/usr/local/etc/raddb/certs/bootstrap" > > >} > > > Exec-Program output: > > > > It's trying to run the bootstrap command. It's not working. > > > > Run the bootstrap command by hand, and then re-start the server. > > > > Alan DeKok. > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > -- > Rafiqul Ahsan > -- Rafiqul Ahsan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.0.5 on Solaris
I see below error when I execute bootstrap bash-3.00# /usr/local/etc/raddb/certs/bootstrap ... make: Nothing to be done for `ca'. make: Nothing to be done for `server'. make: `dh' is up to date. /bin/sh: test: argument expected make: *** [random] Error 1 On 8/7/08, Alan DeKok <[EMAIL PROTECTED]> wrote: > Rafiqul Ahsan wrote: > > Thanks, I was able to build freeradius 2.0.5 on Solaris 10. However, > > server is not running, and I see below error when I run "radiusd -X". > > Here is the output. > ... > > make_cert_command = "/usr/local/etc/raddb/certs/bootstrap" > >} > > Exec-Program output: > > It's trying to run the bootstrap command. It's not working. > > Run the bootstrap command by hand, and then re-start the server. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Rafiqul Ahsan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.0.5 on Solaris
type = "auth" secret = "testing123" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: Instantiating modules instantiate { Module: Linked to module rlm_exec Module: Instantiating exec exec { wait = no input_pairs = "request" shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating expr Module: Linked to module rlm_expiration Module: Instantiating expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: Loading Virtual Servers server inner-tunnel { modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating pap pap { encryption_scheme = "auto" auto_header = no } Module: Linked to module rlm_chap Module: Instantiating chap Module: Linked to module rlm_mschap Module: Instantiating mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = no } Module: Linked to module rlm_unix Module: Instantiating unix unix { radwtmp = "/usr/local/var/log/radius/radwtmp" } Module: Linked to module rlm_eap Module: Instantiating eap eap { default_eap_type = "md5" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = "/usr/local/etc/raddb/certs/server.pem" certificate_file = "/usr/local/etc/raddb/certs/server.pem" CA_file = "/usr/local/etc/raddb/certs/ca.pem" private_key_password = "whatever" dh_file = "/usr/local/etc/raddb/certs/dh" random_file = "/usr/local/etc/raddb/certs/random" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" make_cert_command = "/usr/local/etc/raddb/certs/bootstrap" } Exec-Program output: Exec-Program: returned: 1 rlm_eap: Failed to initialize type tls /usr/local/etc/raddb/eap.conf[17]: Instantiation failed for module "eap" /usr/local/etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module "eap". /usr/local/etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing authenticate section. } } Errors initializing modules On 7/27/08, Alan DeKok <[EMAIL PROTECTED]> wrote: > Rafiqul Ahsan wrote: > > Can anyone suggest the documents/wiki for installation steps for > > Freeradius 2.0.5 on Solaris ? > > $ ./configure > $ make > $ make install > > This worked the last time I tried 2.0.5 on Solaris. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Rafiqul Ahsan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
2.0.5 on Solaris
Can anyone suggest the documents/wiki for installation steps for Freeradius 2.0.5 on Solaris ? -- Rafiqul Ahsan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP-TLS authentication error
Hi All, I am using wpa_supplicant-0.5.5 against freeradius - v1.1.3 . I am getting following error : TLS_accept:error in SSLv3 read client certificate B rlm_eap: SSL error error:0D07209B:asn1 encoding routines:ASN1_get_object:too long rlm_eap_tls: SSL_read failed inside of TLS (-1), TLS session fails. In SSL Handshake Phase In SSL Accept mode rlm_eap: SSL error error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header rlm_eap_tls: BIO_read failed inside of TLS (-1), TLS session fails. eaptls_process returned 13 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns reject for request 23 modcall: leaving group authenticate (returns reject) for request 23 auth: Failed to validate the user. Login incorrect: [rafi/] (from client 192.168.1.102 port 19801 cli ) Delaying request 23 for 2 seconds Finished request 23 Here are my configs : test.conf (wpa_supplicant config) linux:/home/admin/wpa_supplicant-0.5.5 # cat test.conf ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=wheel ap_scan=0 network={ scan_ssid=0 key_mgmt=IEEE8021X eap=TLS identity="rafi" eapol_flags=0 ca_cert="/etc/1x/eap_tls/certs/cacert.pem" client_cert="/etc/1x/eap_tls/certs/clientcert.pem" private_key="/etc/1x/eap_tls/certs/clientkey.pem" private_key_passwd="wimax i2 test certs" } eap.conf : eap { default_eap_type = tls timer_expire = 120 ignore_unknown_eap_types = no cisco_accounting_username_bug = no md5 { } leap { } gtc { auth_type = PAP } tls { rsa_key_exchange = yes dh_key_exchange = no rsa_key_length = 1024 dh_key_length = 1024 verify_depth = 2 pem_file_type = yes private_key_password = "wimax i2 test certs" private_key_file = /usr/local/etc/raddb/certs/rafi/eap_tls_certs/serverkey.pem certificate_file = /usr/local/etc/raddb/certs/rafi/eap_tls_certs/servercert.pem CA_file = /usr/local/etc/raddb/certs/rafi/eap_tls_certs/cacert.pem dh_file = /usr/local/etc/raddb/certs/rafi/dh random_file = /usr/local/etc/raddb/certs/rafi/random fragment_size = 1024 include_length = yes check_cert_cn = %{User-Name} } } users : rafi Auth-Type := EAP -- Rafiqul Ahsan630-717-1698(h) 2120 Periwinkle Ln 630-689-1457(h) Naperville, IL 60540847-812-6176(c) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP-TTLS success
Hi all, I found the issue for below error "EAP-request timed out OR EAP-response to an unknown EAP-request" --- NAS was not responding with the state attribute received from radius server. As soon as we fixed this at NAS, it went through all the steps required to authenticate an user using TTLS-MSCHAPV2. My plaform was Solaris 10, with freeradius version 1.1.3 Thanks all for your valuable input. Rafi - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-TTLS problem at phase 1
Hello Hoercher, Please see below answers/questions (in red):ok, i played around a bit and found EAP-TTLS working with noparticular problems.On 10/21/06, Rafiqul Ahsan < [EMAIL PROTECTED]> wrote:> "testuser" User-Password := "testuser"looks ok, but I'm not absolutely sure about the quotation marks forthe username, they are not needed in any case. testuser User-Password :="testuser" I will try with only above entry in users file > the error was about no matching "anonymous_identity", and thats why I had to> have a DEFAULT entry after this with Auth-Type :=EAP. As you didn't show that error one cannot check for it's real cause.Everything else correctly configured you don't need that setting (andit might be actually wrong depending on circumstances). OK, I found some positings about username_identity_check disabling for user "anonymous"...here it is Quote I guess since somebody implemented this check, there must be some broken NASes out there... andthe attached patch fixes this situation. If user sets "username_identity_check = no" in eap section it will disable this check. The default for this setting is "yes". Unquote So, now I have added this patch to files eap.c, rlm_eap.h, and rlm_eap.c, compiled. I will test it this on monday.I am expecting this patch will lead to pass this anonymous user check phase in radius server.I will post you the result on that. Please let me know if you are aware of this. > Do you suggest any particular format of my users file ? Please note, the> phase 1 user identity is "anonymous_identity", and phase 2 user/passwd is > "testuser/testuser".I did take note. So, take an unaltered users file and just add yourline as mentioned above.Something I found in your previous post led to an failure here. Usephase2="autheap=MSCHAPV2" instead ofphase2="auth=MSCHAPV2" Not sure where we configure this phase2="autheap=MSCHAPV2" ? Are we at phase 2 yet ? I thought we have not passed the phase 1..can you pls clarify ? > modcall: entering group authenticate for request 1^M> rlm_eap: Either EAP-request timed out OR EAP-response to an unknown > EAP-request^MThat does look strange (and might indicate your real problem), if itstill persists with the suggested changes it might be useful to digfurther into that. Perhaps you could add another -x to the freeradius invocation to get timestamps on the logfile. I will test with the above patch - and see if we can pass the anonymous identity check problem. If persists - I will recompile with original files mentioned above, and test again to give you the full debug logs. Thanks Rafi regardsK. Hoercher-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-TTLS problem at phase 1
orize]: module "realmbackslash" returns noop for request 1^M rlm_realm: No '%' in User-Name = "anonymous_identity", looking up realm NULL^M rlm_realm: No such realm "NULL"^M modcall[authorize]: module "realmpercent" returns noop for request 1^M rlm_fastusers: Reloading fastusers hash^Mrlm_fastusers: File /usr/local/etc/raddb/acct_users was unchanged. Not reloading.^Mrlm_fastusers: File /usr/local/etc/raddb/users was unchanged. Not reloading.^M rlm_fastusers: checking defaults^M fastusers: Matched DEFAULT at 6^M modcall[authorize]: module "fastusers" returns updated for request 1^Mmodcall: leaving group authorize (returns updated) for request 1^M rad_check_password: Found Auth-Type EAP^Mauth: type "EAP"^M Processing the authenticate section of radiusd.conf^Mmodcall: entering group authenticate for request 1^Mrlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request^M rlm_eap: Failed in handler^M modcall[authenticate]: module "eap" returns invalid for request 1^Mmodcall: leaving group authenticate (returns invalid) for request 1^Mauth: Failed to validate the user.^M Login incorrect: [anonymous_identity/] (from client 192.168.1.102 port 19801 cli DU?I\272()^MDelaying request 1 for 2 seconds^MFinished request 1^M Going to the next request^M--- Walking the entire request list ---^MWaking up in 2 seconds...^M--- Walking the entire request list ---^MWaking up in 2 seconds...^M--- Walking the entire request list ---^M Sending Access-Reject of id 3 to 192.168.1.102 port 19801^MWaking up in 1 seconds...^M--- Walking the entire request list ---^MCleaning up request 1 ID 3 with timestamp 45394f9b^M Nothing to do. Sleeping until we see a request.^Mexit^M On 10/21/06, K. Hoercher <[EMAIL PROTECTED]> wrote: Hi,as mentioned in various places in the documentation and countlesstimes on this list: On 10/21/06, Rafiqul Ahsan <[EMAIL PROTECTED]> wrote:> Here is my users file :>> "testuser" Auth-Type := EAP, User-Password := "testuser" >>> DEFAULT Auth-Type := EAPDont't set Auth-Type> Here is the radius log (only shown the failed part)>> rlm_fastusers: checking defaults^M> fastusers: Matched DEFAULT at 6^M > modcall[authorize]: module "fastusers" returns updated for request 1^M> modcall: leaving group authorize (returns updated) for request 1^M> rad_check_password: Found Auth-Type EAP^M > auth: type "EAP"^M> Processing the authenticate section of radiusd.conf^M> modcall: entering group authenticate for request 1^M> rlm_eap: Either EAP-request timed out OR EAP-response to an unknown > EAP-request^M> rlm_eap: Failed in handler^M> modcall[authenticate]: module "eap" returns invalid for request 1^M> modcall: leaving group authenticate (returns invalid) for request 1^M Thats pretty much non-informative. In case, the above fix does not yetyield the desired results, provide the full debug output.regardsK. Hoercher-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html-- Rafiqul Ahsan630-717-1698(h)2120 Periwinkle Ln 630-689-1457(h)Naperville, IL 60540847-812-6176(c) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP-TTLS problem at phase 1
Hi all, I have been trying to figure this out for couple days, but could not get any clue. My test is about authentication with EAP-TTLS/MSCHAPV2. I am using freeradius v - 1.1.3, on Solaris 10. No matter what I do, I get "rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request" at the server. Anybody can help me what went wrong ? Here is my configs..and logs (truncated) Awaits some solution... Rafi Here is my eap.conf eap { default_eap_type = ttls timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no md5 { } leap { } gtc { auth_type = PAP } tls { rsa_key_exchange = yes dh_key_exchange = no rsa_key_length = 1024 dh_key_length = 1024 verify_depth = 2 pem_file_type = yes private_key_password = "wimax i2 test certs" private_key_file = /etc/freeradius/etc/certs/key2.pem certificate_file = /etc/freeradius/etc/certs/cert2.pem CA_file = /etc/freeradius/etc/certs/cacert.pem dh_file = /etc/freeradius/etc/certs/dh random_file = /etc/freeradius/etc/certs/random fragment_size = 1024 include_length = yes check_cert_cn = %{User-Name} } ttls { default_eap_type = mschapv2 # copy_request_to_tunnel = no # use_tunneled_reply = no } peap { default_eap_type = mschapv2 # copy_request_to_tunnel = no # use_tunneled_reply = no # proxy_tunneled_request_as_eap = yes } mschapv2 { } } Here is my users file : "testuser" Auth-Type := EAP, User-Password := "testuser" DEFAULT Auth-Type := EAP Here is my supplicant config : # cat supplicant.confctrl_interface=/var/tmp/supplicant.ctleap_trace=1enableWiMAXauth=1validateFNECerts=1checkCRL=1ignoreTimeOfDay=0update_config=0data_interface=/var/tmp/supplicant_data.ctl ap_scan=0fast_reauth=1load_dynamic=/usr/lib/wpa_supplicant/eap_ttls.sonetwork={eap=TTLSeap_workaround=1anonymous_identity="anonymous_identity"ca_path="/var/tmp/truststore" ca_cert="/var/tmp/root.crt"client_cert="/var/tmp/cpe.crt"private_key="/var/tmp/key"private_key_passwd="wimax i2 test certs"phase2="auth=MSCHAPV2"} Here is the radius log (only shown the failed part) rlm_fastusers: checking defaults^M fastusers: Matched DEFAULT at 6^M modcall[authorize]: module "fastusers" returns updated for request 1^Mmodcall: leaving group authorize (returns updated) for request 1^M rad_check_password: Found Auth-Type EAP^Mauth: type "EAP"^M Processing the authenticate section of radiusd.conf^Mmodcall: entering group authenticate for request 1^M rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request^M rlm_eap: Failed in handler^M modcall[authenticate]: module "eap" returns invalid for request 1^Mmodcall: leaving group authenticate (returns invalid) for request 1^M - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: AAA configuration for given attributes - need help please !!!
The answer to that is, user will be authenticated by sending RADIUS Access Req with EAP Message, Sever will respond to the client by RADIUS Access-Challenge, EAP-TTLS Tunnel will be established (TLS handshake protocol using EAP message), EAP Message Exchange will occure (EAP-TTLS MS-CHAP-v2 authentication or any other authentication), and Server will either send RADIUS Access-Accept, or Access-Reject. The attributes will be included in the messages - my question is how to find the particular radius file where we are going to configure these attributes ? I have seen client.conf, users and radiusd.conf - not finding much...because of my lack of experiance... Hope that clarify the problem. Thanks rafi On 9/15/06, Peter Nixon <[EMAIL PROTECTED]> wrote: On Fri 15 Sep 2006 20:27, Alan DeKok wrote:> "Rafiqul Ahsan" < [EMAIL PROTECTED]> wrote:> > I am new to this AAA freeradius area, I need to configure the AAA radius> > server for following mentioned attributes according to the message,> > Access-req, Access-Accept, and Access-Challenge, and Access-Reject (pls > > see below).>> Configure the server to do... what, exactly?>> The question you're asking is the same as "how do I configure a web> server to send bold text." The answer is "huh?" Why do I have the nasty feeling that there is a university somewhere teachingAAA as a course--Peter Nixonhttp://www.peternixon.net/PGP Key: http://www.peternixon.net/public.asc-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Rafiqul Ahsan630-717-1698(h)2120 Periwinkle Ln 630-689-1457(h)Naperville, IL 60540847-812-6176(c) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
AAA configuration for given attributes - need help please !!!
Hi, I am new to this AAA freeradius area, I need to configure the AAA radius server for following mentioned attributes according to the message, Access-req, Access-Accept, and Access-Challenge, and Access-Reject (pls see below). Also, I looked at the configuration files at radius server like clients.conf, users, radiusd.conf - I am not sure where this attributes to configure. Could any body help me getting started with this that would be highly appreciated. Also, please comment on the VSA attribute below - I am tryign to understand on section 5.26, RFC 2865 - but not sure where to start. Your help would be highly appreciated. Below the attributes : Access Request attributes User-Name User-PasswordNAS-IPAddressNAS-PortService-TypeStateVendor-SpecificSession-TimeoutNAS-IdentifierCalled-Station-IDCalling-Station-IDNAS-Port-TypeEAP-MessageMessage-Authenticator Access-Challenge attributes Reply-MessageStateSession-TimeoutEAP-MessageMessage-Authenticator Access-Accept attributes User-NameStateService-TypeSession-TimeoutEAP-MessageVSA (Vendor Suitable Attributes)VSA ( ---)Message-Authenticator Access-Reject Attributes Reply-MessageStateSession-TimeoutEAP-MessageMessage-Authenticator Thanks Rafi - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 1.1.3 on Solaris 10 (sparc)
Hi Lin, and others It worked with the path. I am able to build, and install the free radius on Solaris 10. Thanks for your help. I am planning to add EAP-AKA on the Free radius, as I understand this does not support currently. Any idea where to start ? Thanks for your help. Rafi On 9/6/06, Lin Richardson <[EMAIL PROTECTED]> wrote: So to confirm the observations and comments above:My environment worked without any errors. The following give some detail as to why.bash-3.00# which ar/usr/ccs/bin/arbash-3.00# echo $PATH /usr/local/bin:/usr/bin:/usr/ccs/bin:/usr/sbin ar is a command line tool that is not in your path, so I guess ./configure sets it to false... and then tries to run it with the command "false".Fix your path to include the location of ar and you will probably have better results. Thanks to the others on the list for catching this detail. It may be a good idea to add to the wiki as well. Lin On 9/6/06, Rafiqul Ahsan <[EMAIL PROTECTED] > wrote: Thanks to Lin, Mercel, and Rob for your input. I am not sure about Mercel's comment on value of AR, this has been set to false in the Makefile at libltdl/ directory (where it actually fails). The question is what value should it be ? Also, Rob - when I put the /usr/ccs/bin/ on top of my PATH, it picks a make that gives me error as "make: Fatal error in reader: Makefile, line 41: Unexpected end of line seen". Wheras my earlier picks on make file from /usr/local/bin - did not give me this error. Following is the various command output FYI. Also - I could you please explain a little more on where to put this get -R/path/to/dep alongside the -L linker flags (an example would be appreciated). Is it needed to add on the Makefile on ./libltdl/ directory ? Thanks for your help. Rafi # /usr/local/bin/make -vGNU Make 3.80Copyright (C) 2002 Free Software Foundation, Inc.This is free software; see the source for copying conditions.There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.# /usr/ccs/bin/make -vmake: Warning: Ignoring DistributedMake -v optionmake: Fatal error in reader: Makefile, line 41: Unexpected end of line seen Here is my PATH (after I added /usr/ccs/bin - as suggested by Rob) # echo $PATH/usr/ccs/bin:/usr/sbin:/usr/bin:/usr/sfw/bin/:/usr/local/bin On 9/6/06, Rob Shepherd <[EMAIL PROTECTED] > wrote: [EMAIL PROTECTED] wrote:> Lin Richardson wrote: >> You should post this to thet userlist (I am cc'ing them on this>> reply). Perhaps someone there has seen the "false cru" error before... >>>> I'm no compiler guru, but google tells me that libtool may be to >> blame. I don't acutally show libtool installed on my box and don't>> know much about it.> I'm no compiler guru either, but the system appears to be missing 'ar' > (I thought I remembered 'ar' being called with options 'cru' before, and > the config.log confirms this:)For solaris...Add /usr/ccs/bin to the top of your path.In addition, as mentioned in this thread. The preferable way of satisfying run time lib dependencies on solaris is by get -R/path/to/dep alongside the -L linker flags.Rob--Rob Shepherd | Computer and Network Engineer | Technium CAST | LL57 4HJ [EMAIL PROTECTED] | 01248 675024 | 07776 210516 -List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Rafiqul Ahsan630-717-1698(h) 2120 Periwinkle Ln 630-689-1457(h)Naperville, IL 60540847-812-6176(c)-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html-- Rafiqul Ahsan630-717-1698(h)2120 Periwinkle Ln 630-689-1457(h)Naperville, IL 60540847-812-6176(c) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 1.1.3 on Solaris 10 (sparc)
Thanks to Lin, Mercel, and Rob for your input. I am not sure about Mercel's comment on value of AR, this has been set to false in the Makefile at libltdl/ directory (where it actually fails). The question is what value should it be ? Also, Rob - when I put the /usr/ccs/bin/ on top of my PATH, it picks a make that gives me error as "make: Fatal error in reader: Makefile, line 41: Unexpected end of line seen". Wheras my earlier picks on make file from /usr/local/bin - did not give me this error. Following is the various command output FYI. Also - I could you please explain a little more on where to put this get -R/path/to/dep alongside the -L linker flags (an example would be appreciated). Is it needed to add on the Makefile on ./libltdl/ directory ? Thanks for your help. Rafi # /usr/local/bin/make -vGNU Make 3.80Copyright (C) 2002 Free Software Foundation, Inc.This is free software; see the source for copying conditions.There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.# /usr/ccs/bin/make -vmake: Warning: Ignoring DistributedMake -v optionmake: Fatal error in reader: Makefile, line 41: Unexpected end of line seen Here is my PATH (after I added /usr/ccs/bin - as suggested by Rob) # echo $PATH/usr/ccs/bin:/usr/sbin:/usr/bin:/usr/sfw/bin/:/usr/local/bin On 9/6/06, Rob Shepherd <[EMAIL PROTECTED]> wrote: [EMAIL PROTECTED] wrote:> Lin Richardson wrote: >> You should post this to thet userlist (I am cc'ing them on this>> reply). Perhaps someone there has seen the "false cru" error before...>>>> I'm no compiler guru, but google tells me that libtool may be to >> blame. I don't acutally show libtool installed on my box and don't>> know much about it.> I'm no compiler guru either, but the system appears to be missing 'ar'> (I thought I remembered 'ar' being called with options 'cru' before, and > the config.log confirms this:)For solaris...Add /usr/ccs/bin to the top of your path.In addition, as mentioned in this thread. The preferable way ofsatisfying run time lib dependencies on solaris is by get -R/path/to/dep alongside the -L linker flags.Rob--Rob Shepherd | Computer and Network Engineer | Technium CAST | LL57 4HJ[EMAIL PROTECTED] | 01248 675024 | 07776 210516 -List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html-- Rafiqul Ahsan630-717-1698(h) 2120 Periwinkle Ln 630-689-1457(h)Naperville, IL 60540847-812-6176(c) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Free Radius make error with Sol10
Hi, Following error I am getting when i try to make the free radius on Solaris 10. I am following direction as stated from link http://wiki.freeradius.org/index.php/Build I installed following packages as suggested in the above link : libgcc-3.3-sol10-sparc-local.gz openssl-0.9.8b-sol10-sparc-local.gz openldap-2.3.21-sol10-sparc-local.gz And trying to build, freradius-1.1.3.tar.bz2 Using make version 3.80 Here is the sequesnce of command : ./configure ./make - and getting following error. # makemake: *** No targets specified and no makefile found. Stop.# cd# cd rafi_dir/# cd free_radius_1.1.3/# cd freeradius-1.1.3# makegmake[1]: Entering directory `/export/home/dev/rafi_dir/free_radius_1.1.3/freeradius- 1.1.3'Making all in libltdl...gmake[2]: Entering directory `/export/home/dev/rafi_dir/free_radius_1.1.3/freeradius-1.1.3/libltdl'/usr/sfw/bin//gmake all-amgmake[3]: Entering directory `/export/home/dev/rafi_dir/free_radius_1.1.3/freeradius- 1.1.3/libltdl'/bin/bash ./libtool --tag=CC --mode=link gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -no-undefined -version-info 4:4:1 -o libltdl.la -rpath /usr/local/lib ltdl.lo -ldl -lnsl -lresolv -lsocket -lposix4 -lpthreadgcc -shared -Wl,-h -Wl,libltdl.so.3 -o .libs/libltdl.so.3.1.4 .libs/ltdl.o -ldl -lnsl -lresolv -lsocket -lposix4 -lpthread -lc (cd .libs && rm -f libltdl.so.3 && ln -s libltdl.so.3.1.4 libltdl.so.3)(cd .libs && rm -f libltdl.so && ln -s libltdl.so.3.1.4 libltdl.so)false cru .libs/libltdl.a ltdl.ogmake[3]: *** [ libltdl.la] Error 1gmake[3]: Leaving directory `/export/home/dev/rafi_dir/free_radius_1.1.3/freeradius-1.1.3/libltdl'gmake[2]: *** [all] Error 2gmake[2]: Leaving directory `/export/home/dev/rafi_dir/free_radius_1.1.3/freeradius- 1.1.3/libltdl'gmake[1]: *** [common] Error 2gmake[1]: Leaving directory `/export/home/dev/rafi_dir/free_radius_1.1.3/freeradius-1.1.3'make: *** [all] Error 2Please help me figure out where do i need to look at, or any configuration that I missed ? Thanks Rafi-- Rafiqul Ahsan630-717-1698(h)2120 Periwinkle Ln 630-689-1457(h)Naperville, IL 60540847-812-6176(c) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius-1.1.2 install question on Solaris 10 (SPARC)
I am trying to install freeradius-1.1.2 on Solaris 10. I noticed that it requires to have open ssl installed on the system, and the Solaris 10 that I am working on has already installed open SSL as follows : /usr/local/ssl/lib# ls -altotal 11884drwxr-xr-x 4 root bin 512 Apr 21 09:01 .drwxr-xr-x 10 root root 512 Apr 21 09:01 ..drwxr-xr-x 2 root bin 512 Apr 21 09:01 engines -rw-r--r-- 1 root bin 2235224 Oct 15 2005 libcrypto.alrwxrwxrwx 1 root root 18 Apr 21 09:01 libcrypto.so -> libcrypto.so.0.9.8-r-xr-xr-x 1 root bin 1333832 Oct 15 2005 libcrypto.so.0.9.7-r-xr-xr-x 1 root bin 1529352 Oct 15 2005 libcrypto.so.0.9.8-rw-r--r-- 1 root bin 389692 Oct 15 2005 libssl.alrwxrwxrwx 1 root root 15 Apr 21 09:01 libssl.so -> libssl.so.0.9.8-r-xr-xr-x 1 root bin 234036 Oct 15 2005 libssl.so.0.9.7-r-xr-xr-x 1 root bin 291900 Oct 15 2005 libssl.so.0.9.8drwxr-xr-x 2 root bin 512 Apr 21 09:01 pkgconfig Also initiatially when I did ./configure - it was giving me error that the PATH was not set for gcc, cc etc. I set the path as follows : export PATH=$PATH:/usr/local/bin and then I attempetd to do make as follows : # makemake[1]: Entering directory `/export/home/lab/freeradius-1.1.2'Making all in libltdl...make[2]: Entering directory `/export/home/lab/freeradius-1.1.2/libltdl'/bin/sh ./libtool --mode=compile gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -c ltdl.cmkdir .libsgcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -c ltdl.c -fPIC -DPIC -o .libs/ltdl.loltdl.c: In function `lt_dlopenext':ltdl.c :2926: warning: unused variable `file_found'gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -c ltdl.c -o ltdl.o >/dev/null 2>&1mv -f .libs/ltdl.lo ltdl.lo/bin/sh ./libtool --mode=link gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -o libltdl.la -rpath /usr/local/lib -no-undefined -version-info 4:0:1 ltdl.lo -ldl -lnsl -lresolv -lsocket -lposix4 -lpthreadrm -fr .libs/libltdl.la .libs/libltdl.* .libs/libltdl.*/usr/ccs/bin/ld -G -z defs -h libltdl.so.3 -o .libs/libltdl.so.3.1.0 ltdl.lo -ldl -lnsl -lresolv -lsocket -lposix4 -lpthread -lc (cd .libs && rm -f libltdl.so.3 && ln -s libltdl.so.3.1.0 libltdl.so.3)(cd .libs && rm -f libltdl.so && ln -s libltdl.so.3.1.0 libltdl.so)ar cru .libs/libltdl.a ltdl.o ./libtool: ar: not found make[2]: *** [libltdl.la] Error 1make[2]: Leaving directory `/export/home/lab/freeradius-1.1.2/libltdl'make[1]: *** [common] Error 2make[1]: Leaving directory `/export/home/lab/freeradius- 1.1.2'make: *** [all] Error 2 I dont have any clue what that might be.. Can anybody help me figure out the problem ? Thanks Rafi -- Rafiqul Ahsan630-717-1698(h)2120 Periwinkle Ln 630-689-1457(h)Naperville, IL 60540847-812-6176(c) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html