Comiling for use with Oracle

Brian Atkins batkins at tlcdelivers.com
Thu Feb 8 16:58:01 CET 2007


Just curious what the minimum modules required to use Freeradius to 
authenticate (not sure if that is the correct terminology) from and 
Oracle DB. Keep in mind that I am only planning on querying the DB and 
not updating or inserting information for accounting purposes. However, 
I wouldn't rule out using a text file (radutmp, I think) for accounting 
purposes, though.

I have been trying to compile it using the following:

# ORACLE_HOME=/cygdrive/d/oracle/ora92; export ORACLE_HOME
# cd freeradius-1.1.4
# ./configure

Which generates an error:

rlm_perl.c: In function `rlm_perl_get_handles':
rlm_perl.c:226: warning: cast to pointer from integer of different size
rlm_perl.c: At top level:
rlm_perl.c:614: error: external linkage required for symbol 
'XS_radiusd_radlog' because of 'dllexport' attribute.

I have also used:
# ./configure --without-rlm_perl

Which appear to compile successfully, but I get a lot of errors about 
missing modules and/or libraries.

# ./radiusd.exe -X
...
radiusd:  entering modules setup
Module: Library search path is /usr/local/lib
radiusd.conf[10] Failed to link to module 'rlm_sql': No such file or 
directory
radiusd.conf[1850] Unknown module "sql".
radiusd.conf[1779] Failed to parse authorize section.

I know I have a library linking issue, but I read the <a 
href="http://wiki.freeradius.org/index.php/FAQ#It_says_.22Could_not_link_..._file_not_found.22.2C_what_do_I_do.3F">FAQs 
</a> and attempted to resolve them using the methods mentioned. I get no 
errors during the configure for sql modules (other than mysql, but I'm 
not trying to compile support for that anyway). Since I'm using the 
Oracle libs to create the Oracle modules, I don't *think* I should 
disable shared libraries. ... Or should I?

I've also tried setting:
LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/cygdrive/d/oracle/ora92/oci/lib:/cygdrive/d/oracle/ora92/lib

Without good results. I also do not have ld.conf nor ldconfig on the 
system (Cygwin), but I have read elsewhere that neither of them should 
be required.

I realize that this is not necessarily an issue with Freeradius. 
Although I am having trouble compiling from source, I can install the 
.NET version and run without issue. From my understanding, both are 
basically the same, just .NET has had changes made to deal with the 
different path structure in Cygwin.

I saw a lot of old posts (<2003) that dealt with similar issues, but on 
much older versions (Oracle 8 and Freeradius .1 - .3).

Help, insight, thoughts are all appreciated. Attached below is my 
somewhat hacked up conf files. Sorry for the long post.

Thanks,
Brian

RADIUSD.CONF
------------
prefix = /usr/local
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = ${prefix}/var
sbindir = ${exec_prefix}/sbin
logdir = ${localstatedir}/log/radius
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
certsdir = ${sysconfdir}/raddb/certs/FreeRADIUS.net/DemoCerts
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/radiusd
log_file = ${logdir}/radius.log
libdir = ${exec_prefix}/lib
pidfile = ${run_dir}/radiusd.pid
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 1024
bind_address = *
port = 0
hostname_lookups = no
allow_core_dumps = no
regular_expressions     = no
extended_expressions    = no
log_stripped_names = no
log_auth = no
log_auth_badpass = no
log_auth_goodpass = no
usercollide = no
lower_user = no
lower_pass = no
nospace_user = no
nospace_pass = no
checkrad = ${sbindir}/checkrad
security {
         max_attributes = 200
         reject_delay = 1
         status_server = no
}
proxy_requests  = yes
$INCLUDE  ${confdir}/proxy.conf
$INCLUDE  ${confdir}/clients.conf
snmp    = no
$INCLUDE  ${confdir}/snmp.conf
thread pool {
         start_servers = 5
         max_servers = 32
         min_spare_servers = 3
         max_spare_servers = 10
         max_requests_per_server = 0
}
modules {
         files {
         }
         detail {
                 detailfile = 
${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d

                 detailperm = 0600

         }
         $INCLUDE  ${confdir}/oraclesql.conf
         radutmp {
                 filename = ${logdir}/radutmp
                 username = %{User-Name}
                 case_sensitive = yes
                 check_with_nas = yes
                 perm = 0600
                 callerid = "no"
         }
         radutmp sradutmp {
                 filename = ${logdir}/sradutmp
                 perm = 0644
                 callerid = "no"
         }
         attr_filter {
                 attrsfile = ${confdir}/attrs
         }
         counter daily {
                 filename = ${raddbdir}/db.daily
                 key = User-Name
                 count-attribute = Acct-Session-Time
                 reset = daily
                 counter-name = Daily-Session-Time
                 check-name = Max-Daily-Session
                 allowed-servicetype = Framed-User
                 cache-size = 5000
         }
         always fail {
                 rcode = fail
         }
         always reject {
                 rcode = reject
         }
         always ok {
                 rcode = ok
                 simulcount = 0
                 mpp = no
         }
         digest {
         }
}
instantiate {
}
authorize {
         sql
}
authenticate {
}
preacct {
}
accounting {
         sql
}
session {
}
post-auth {
}
pre-proxy {
}
post-proxy {
}

CLIENTS.CONF:
-------------
client 127.0.0.1 {
         secret          = testing123
         shortname       = localhost
}
client 10.10.58.106 {
         secret      = My_Secret
         shortname   = Some_Server
}

ORACLESQL.CONF
--------------
sql {
         driver = "rlm_sql_oracle"
         server = "localhost"
         login = "my_account"
         password = "my_password"
         radius_db = "(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP) \ 		
		(HOST=localhost)(PORT=1521))(CONNECT_DATA=(SID=L9D1)))"
         acct_table1 = "radacct"
         acct_table2 = "radacct"
         authcheck_table = "itagency"
         authreply_table = "radreply"
         deletestalesessions = yes
         sqltrace = no
         sqltracefile = ${logdir}/sqltrace.sql
         num_sql_socks = 5
         connect_failure_retry_delay = 60
         sql_user_name = "%{User-Name}"
         authorize_check_query = "select 1 as ID, barcode AS username, \
		'Password' as attribute, pin as value, '==' as op from \
		itagency where barcode = '%{SQL-User-Name}' and \ 	
		blockstatus is null"
         authorize_reply_query = "SELECT id,UserName,Attribute,Value,op \
		FROM ${authreply_table} WHERE Username = \
		'%{SQL-User-Name}' ORDER BY id"
}



More information about the Freeradius-Users mailing list