Re: FreeRADIUS/WinXP Authentication Setup

jbibe Premium,MVM join:2001-02-22 4 edits	reply to DrTCP Re: FreeRADIUS/WinXP Authentication Setup said by DrTCP : However, it might interact with the existing openssl installed on my system. Alan DeKok, one of the lead designers of FreeRADIUS, is always commenting in the FreeRADIUS mail list about the Linker linking to the wrong version when you have two versions of OpenSSL on your computer. When users encounter a segmentation fault and they have two versions of OpenSSL installed, his usual recommendation is to include the --disable-shared option when building the server. I have never experimented with this option, so I can't comment on its effectiveness. quote: When openssl is installed under /usr/local/openssl the uninstallation is darn easy You do not have to hunt individual files among others. I love the ability to remove all the installed information with a single command. Edit: Alan DeKok's suggestion to add the --disable-shared option works. I installed a second FreeRADIUS server, using openssl-SNAP-20040202 and freeradius-snapshot-20040205. I selected these versions because they would probably fail to operate properly. This time I used the OpenSSL recommended config commands as follows: ./config shared --prefix=/usr/local --openssldir=/usr/local/opensnap make make install Then I installed FreeRADIUS using these commands: ./configure --with-openssl-includes=/usr/local/includes/openssl \ --with-openssl-libraries=/usr/local/lib \ --prefix=/usr/local/radsnap make make install After configuring the server, I started the new server in the debug mode. No trouble was encountered until the WinXP client tried to connect. During the authentication, the server crashed with a segmentation error. I went back, added the --disable-shared option to the ./configure, and ran ./configure, make, and make install again. Once this change was made, the new server operated properly. It authenticates TLS and PEAP with WinXP clients. I now have two working FreeRADIUS servers on my RH computer.
	to forum · permalink · · 2004-02-06 04:48:05 ·
DrTCP Yours truly Premium,ExMod 1999-04 join:1999-11-09 Round Rock, TX 4 edits	reply to jbibe Thanks for passing the recommended way. I also appreciate all the valueable information you have collected, verified and documented here. said by jbibe : This install recommendation might prevent the problem that you have identified. Yes, it does prevent the problem that way because /lib and /bin/lib and /usr/local/lib are in the default library search path. However, it might interact with the existing openssl installed on my system. When openssl is installed under /usr/local/openssl the uninstallation is darn easy You do not have to hunt individual files among others. Well yet another way to solve this problem is by defining two environment variables (your 3rd reference). »www.impossiblereflex.com/8021x/e···TO.htm#8
	to forum · permalink · · 2004-02-05 23:22:57 ·
jbibe Premium,MVM join:2001-02-22	reply to DrTCP All of the FreeRADIUS documents recommend installing the OpenSSL files as shown in the initial post. I have always followed their advice, but it might not be the best choice. I have been reviewing the OpenSSL installation recommendations today. According to their information, the OpenSSL files are installed in /usr/local/ssl, unless the user specifies another location. In this latter case, they recommend that the user run config as follows: ./config --prefix=/usr/local --openssldir=/usr/local/openssl This installs the bin files at /usr/local/bin, the lib files at /usr/local/lib, and the include files at /usr/local/include/openssl. And it installs the OpenSSL configuration files at /usr/local/openssl. This install recommendation might prevent the problem that you have identified.
	to forum · permalink · · 2004-02-05 21:14:02 ·
No_Strings Premium,Mod join:2001-11-22 The OC	reply to DrTCP A great tip! Can you help me find the hair I pulled out trying to work around that? -- Metaphors mixed while you wait.
	to forum · permalink · · 2004-02-05 19:41:04 ·
DrTCP Yours truly Premium,ExMod 1999-04 join:1999-11-09 Round Rock, TX	reply to jbibe Regarding shared libraries: If you install openssl under /usr/local/openssl as instructed above and try to run: /usr/local/openssl/bin/openssl it might fail because of shared library not found. To solve this I've added: /usr/local/openssl/lib to the end of /etc/ld.so.conf and as root user (su - ) regenerated ld.so.cache file by executing: ldconfig -v It might also be possible to solve the library problems by creating symlinks from /usr/lib/openssl/lib/* to /lib but I've not tested it.
	to forum · permalink · · 2004-02-05 19:22:14 ·


Saturday, 05-Dec 06:55:24	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com.republican-creole page compression OFF