jbibe
Premium,MVM
join:2001-02-22
4 edits | Re: FreeRADIUS/WinXP Authentication Setup said by DrTCP  :
However, it might interact with the existing openssl installed on my system.
Alan DeKok, one of the lead designers of FreeRADIUS, is always commenting in the FreeRADIUS mail list about the Linker linking to the wrong version when you have two versions of OpenSSL on your computer. When users encounter a segmentation fault and they have two versions of OpenSSL installed, his usual recommendation is to include the --disable-shared option when building the server. I have never experimented with this option, so I can't comment on its effectiveness.
quote:
When openssl is installed under /usr/local/openssl the uninstallation is darn easy  You do not have to hunt individual files among others.
I love the ability to remove all the installed information with a single command.
Edit: Alan DeKok's suggestion to add the --disable-shared option works. I installed a second FreeRADIUS server, using openssl-SNAP-20040202 and freeradius-snapshot-20040205. I selected these versions because they would probably fail to operate properly. This time I used the OpenSSL recommended config commands as follows:
./config shared --prefix=/usr/local --openssldir=/usr/local/opensnap
make
make install
Then I installed FreeRADIUS using these commands:
./configure --with-openssl-includes=/usr/local/includes/openssl \
--with-openssl-libraries=/usr/local/lib \
--prefix=/usr/local/radsnap
make
make install
After configuring the server, I started the new server in the debug mode. No trouble was encountered until the WinXP client tried to connect. During the authentication, the server crashed with a segmentation error.
I went back, added the --disable-shared option to the ./configure, and ran ./configure, make, and make install again. Once this change was made, the new server operated properly. It authenticates TLS and PEAP with WinXP clients.
I now have two working FreeRADIUS servers on my RH computer. |
