<meta charset="utf-8"><span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; border-collapse: collapse; "><div><span style="font-family: arial, sans-serif; font-size: 13px; border-collapse: collapse; "><div>
I'm having problems getting the latest FreeBSD port of freeradius2 to work with a perl hook that requires the IO perl module. I realize this is likely a FreeBSD ports compilation problem but I am hoping someone here can shed some light.</div>
<div><br></div><div>There seems to be some kind of shared library linking issue between the freeradius2 and perl packages compiled from RELEASE_8_0 ports tree branch. If one tries to use <span style="background-color: rgb(255, 255, 204); ">freeradius</span> in conjunction with a perl hook (script) for authentication, and the perl script requires a perl module relying on a compiled shared object file (e.g., IO), then <span style="background-color: rgb(255, 255, 204); ">freeradius</span> will fail to load the perl script and throws errors.</div>
<div><br></div><div>Below is a dump that should make it easy to replicate the problem. This was done after freshly installing 8.0-RELEASE-i386 onto a system from the official ISO.</div><div><br></div><div>Note that I have also tried to compile the ports myself and run into the same problem on i386 and amd64 architectures. I am going to try and compile the ports using portupgrade as suggested by someone on this list and see if that changes anything. Any further help would be greatly appreciated. Thanks!</div>
<div><br></div></span></div><div># uname -a</div><div>FreeBSD 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:48:17 UTC 2009 root@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386</div><div># pkg_info</div>
<div>#</div><div>#</div><div># pkg_add -r freeradius</div><div>Fetching <a href="ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.0-release/Latest/freeradius.tbz." target="_blank" style="color: rgb(42, 93, 176); ">ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.0-release/Latest/freeradius.tbz.</a>.. Done.</div>
<div>Fetching <a href="ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.0-release/All/python26-2.6.2_3.tbz." target="_blank" style="color: rgb(42, 93, 176); ">ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.0-release/All/python26-2.6.2_3.tbz.</a>.. Done.</div>
<div><br></div><div>====</div><div>Note that some of the standard modules are provided as separate</div><div>ports since they require extra dependencies:</div><div><br></div><div>bsddb databases/py-bsddb</div><div>
gdbm databases/py-gdbm</div><div>sqlite3<span style="white-space: pre; "> </span>databases/py-sqlite3</div><div>tkinter x11-toolkits/py-tkinter</div><div><br></div><div>Install them as needed.</div><div>
====</div><div><br></div><div>Fetching <a href="ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.0-release/All/perl-5.8.9_3.tbz." target="_blank" style="color: rgb(42, 93, 176); ">ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.0-release/All/perl-5.8.9_3.tbz.</a>.. Done.</div>
<div>Removing stale symlinks from /usr/bin...</div><div> Skipping /usr/bin/perl</div><div> Skipping /usr/bin/perl5</div><div>Done.</div><div>Creating various symlinks in /usr/bin...</div><div> Symlinking /usr/local/bin/perl5.8.9 to /usr/bin/perl</div>
<div> Symlinking /usr/local/bin/perl5.8.9 to /usr/bin/perl5</div><div>Done.</div><div>Cleaning up /etc/make.conf... Done.</div><div>Spamming /etc/make.conf... Done.</div><div>Cleaning up /etc/manpath.config... Done.</div>
<div>Spamming /etc/manpath.config... Done.</div><div>Fetching <a href="ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.0-release/All/libltdl-2.2.6a.tbz." target="_blank" style="color: rgb(42, 93, 176); ">ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.0-release/All/libltdl-2.2.6a.tbz.</a>.. Done.</div>
<div>Fetching <a href="ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.0-release/All/gdbm-1.8.3_3.tbz." target="_blank" style="color: rgb(42, 93, 176); ">ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.0-release/All/gdbm-1.8.3_3.tbz.</a>.. Done.</div>
<div>Fetching <a href="ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.0-release/All/libiconv-1.13.1.tbz." target="_blank" style="color: rgb(42, 93, 176); ">ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.0-release/All/libiconv-1.13.1.tbz.</a>.. Done.</div>
<div>Fetching <a href="ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.0-release/All/gettext-0.17_1.tbz." target="_blank" style="color: rgb(42, 93, 176); ">ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.0-release/All/gettext-0.17_1.tbz.</a>.. Done.</div>
<div>Fetching <a href="ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.0-release/All/gmake-3.81_3.tbz." target="_blank" style="color: rgb(42, 93, 176); ">ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.0-release/All/gmake-3.81_3.tbz.</a>.. Done.</div>
<div>===> Created group freeradius</div><div>===> Created user freeradius</div><div>===> Setting user and group in radiusd.conf</div><div>===> Bootstrapping default certificates, please wait...</div><div>===> Adjusting ownership of directory /usr/local/etc/raddb</div>
<div>===> Adjusting ownership of directory /var/log/radacct</div><div>===> Adjusting ownership of directory /var/run/radiusd</div><div>===> Adjusting ownership of /var/log/radius.log</div><div>===> Adjusting ownership of /var/log/radutmp</div>
<div>===> Adjusting ownership of /var/log/radwtmp</div><div>===> Updating libdir in /usr/local/etc/raddb/radiusd.conf</div><div><br></div><div>===============================================================================</div>
<div><br></div><div>To enable FreeRADIUS, put the following line in /etc/rc.conf</div><div><br></div><div>radiusd_enable="YES"</div><div><br></div><div><br></div><div>The sample configuration can be found at</div>
<div>/usr/local/share/examples/freeradius/raddb</div><div><br></div><div>If you are upgrading FreeRADIUS, you are advised to use this as a reference</div><div>for updating your configuration.</div><div><br></div><div><br>
</div><div>FreeRADIUS will look for its configuration directory at</div><div>/usr/local/etc/raddb by default.</div><div><br></div><div>If you did not already have a configuration at this location, the sample</div><div>configuration has been copied to this location and has been bootstrapped.</div>
<div><br></div><div><br></div><div>If you wish to point FreeRADIUS to a configuration at a different</div><div>location, put the following line in /etc/rc.conf</div><div><br></div><div>radiusd_flags="-d /path/to/raddb"</div>
<div><br></div><div><br></div><div>To start the server in normal (daemon) mode, run:</div><div><br></div><div>/usr/local/etc/rc.d/radiusd start</div><div><br></div><div>and to stop the server, run:</div><div><br></div><div>
/usr/local/etc/rc.d/radiusd stop</div><div><br></div><div><br></div><div>To start the server in debugging mode, run:</div><div><br></div><div>/usr/local/etc/rc.d/radiusd debug</div><div><br></div><div><br></div><div>You are advised to make cautious changes to the configuration, and to test</div>
<div>frequently, using debugging mode where necessary. Try to resist the</div><div>temptation to disable or delete things that you don't understand - you may</div><div>well break things!</div><div><br></div><div>The documentation has been installed at /usr/local/share/doc/freeradius</div>
<div><br></div><div>Useful configuration advice can be found in the FreeRADIUS Wiki at</div><div><a href="http://wiki.freeradius.org" target="_blank" style="color: rgb(42, 93, 176); ">http://wiki.freeradius.org</a></div><div>
<br></div><div>===============================================================================</div><div><br></div><div><br></div><div># </div><div># pkg_info</div><div>en-freebsd-doc-20090913 Documentation from the FreeBSD Documentation Project</div>
<div>freeradius-2.1.6 A free RADIUS server implementation</div><div>gdbm-1.8.3_3 The GNU database manager</div><div>gettext-0.17_1 GNU gettext package</div><div>gmake-3.81_3 GNU version of 'make' utility</div>
<div>libiconv-1.13.1 A character set conversion library</div><div>libltdl-2.2.6a System independent dlopen wrapper</div><div>perl-5.8.9_3 Practical Extraction and Report Language</div><div>python26-2.6.2_3 An interpreted object-oriented programming language</div>
<div><br></div><div># </div><div># cat /usr/local/etc/raddb/radiusd.conf</div><div>user = freeradius</div><div>group = freeradius</div><div>raddbdir = /usr/local/etc/raddb</div><div>logdir = /var/log</div><div>libdir = /usr/local/lib</div>
<div>pidfile = /var/run/radiusd/radiusd.pid</div><div>prefix = /usr/local</div><div>exec_prefix = ${prefix}</div><div>localstatedir = /var</div><div>sbindir = ${exec_prefix}/sbin</div><div>radacctdir = ${logdir}/radacct</div>
<div>confdir = ${raddbdir}</div><div>run_dir = ${localstatedir}/run/radiusd</div><div>log_file = /var/log/radius.log</div><div>log_destination = files</div><div>max_request_time = 30</div><div>delete_blocked_requests = no</div>
<div>cleanup_delay = 5</div><div>max_requests = 256</div><div><br></div><div>listen {</div><div> ipaddr = *</div><div> port = 1812</div><div> type = auth</div><div>}</div><div><br></div><div>listen {</div><div> ipaddr = *</div>
<div> port = 1813</div><div> type = acct</div><div>}</div><div><br></div><div>hostname_lookups = no</div><div>allow_core_dumps = no</div><div>regular_expressions = yes</div><div>extended_expressions = yes</div><div>
log_stripped_names = no</div><div>log_auth = yes</div><div>log_auth_badpass = no</div><div>log_auth_goodpass = no</div><div>usercollide = no</div><div>lower_user = no</div><div>lower_pass = no</div><div>nospace_user = no</div>
<div>nospace_pass = no</div><div>checkrad = ${sbindir}/checkrad</div><div>proxy_requests = no</div><div>snmp = no</div><div><br></div><div>security {</div><div> max_attributes = 200</div><div> reject_delay = 1</div>
<div> status_server = no</div><div>}</div><div><br></div><div>thread pool {</div><div> start_servers = 1</div><div> max_servers = 16</div><div> min_spare_servers = 0</div><div> max_spare_servers = 5</div><div>
max_requests_per_server = 0</div><div>}</div><div><br></div><div>modules {</div><div> perl {</div><div> module = /tmp/freeradius_hook</div><div> }</div><div> </div><div> detail {</div><div> detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d</div>
<div> detailperm = 0644</div><div> }</div><div><br></div><div> acct_unique {</div><div> key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"</div><div> }</div><div>
<br></div><div> eap {</div><div> default_eap_type = peap</div><div> timer_expire = 60</div><div> ignore_unknown_eap_types = no</div><div><br></div><div> # Generic Token Card.</div><div>
#</div><div> # Currently, this is only permitted inside of EAP-TTLS,</div><div> # or EAP-PEAP. The module "challenges" the user with</div><div> # text, and the response from the user is taken to be</div>
<div> # the User-Password.</div><div> #</div><div> # Proxying the tunneled EAP-GTC session is a bad idea,</div><div> # the users password will go over the wire in plain-text,</div><div> # for anyone to see.</div>
<div> #</div><div> gtc {</div><div> challenge = "Password: "</div><div> auth_type = perl</div><div> }</div><div><br></div><div> tls {</div><div> private_key_password =</div>
<div> private_key_file = /etc/ssl/server.key</div><div> certificate_file = /etc/ssl/server.crt</div><div> CA_file = /etc/ssl/server.crt</div><div> dh_file = /usr/local/etc/raddb/dhparam</div>
<div> random_file = /space/rxg/rxgd/bin/random</div><div> }</div><div><br></div><div> ttls {</div><div> default_eap_type = gtc</div><div> copy_request_to_tunnel = yes</div><div>
use_tunneled_reply = yes</div><div> }</div><div><br></div><div> peap {</div><div> default_eap_type = gtc</div><div> copy_request_to_tunnel = yes</div><div> use_tunneled_reply = yes</div>
<div> }</div><div> }</div><div><br></div><div> radutmp {</div><div> filename = ${logdir}/radutmp</div><div> username = %{User-Name}</div><div> case_sensitive = yes</div><div> check_with_nas = yes</div>
<div> callerid = "yes"</div><div> }</div><div><br></div><div> radutmp sradutmp {</div><div> filename = ${logdir}/sradutmp</div><div> perm = 0644</div><div> callerid = "no"</div>
<div> }</div><div><br></div><div> attr_filter {</div><div> attrsfile = ${confdir}/attrs</div><div> }</div><div><br></div><div> counter daily {</div><div> filename = ${raddbdir}/db.daily</div><div>
key = User-Name</div><div> count-attribute = Acct-Session-Time</div><div> reset = daily</div><div> counter-name = Daily-Session-Time</div><div> check-name = Max-Daily-Session</div><div>
allowed-servicetype = Framed-User</div><div> cache-size = 5000</div><div> }</div><div><br></div><div> preprocess {</div><div> huntgroups = ${confdir}/huntgroups</div><div> hints = ${confdir}/hints</div>
<div> with_ascend_hack = no</div><div> ascend_channels_per_line = 23</div><div> with_ntdomain_hack = no</div><div> with_specialix_jetstream_hack = no</div><div> with_cisco_vsa_hack = no</div>
<div> }</div><div>}</div><div><br></div><div>authorize {</div><div> preprocess</div><div> eap</div><div> perl</div><div>}</div><div><br></div><div>authenticate {</div><div> Auth-Type PERL {</div><div> perl</div>
<div> }</div><div> eap</div><div>}</div><div><br></div><div>preacct {</div><div> preprocess</div><div> acct_unique</div><div>}</div><div><br></div><div>accounting {</div><div> detail</div><div> radutmp</div>
<div> perl</div><div>}</div><div><br></div><div>session {</div><div> radutmp</div><div>}</div><div><br></div><div># </div><div># </div><div># cat /tmp/freeradius_hook</div><div>#!/usr/bin/perl</div><div><br></div><div>
use strict;</div><div>use diagnostics;</div><div><br></div><div>use IO ();</div><div><br></div><div># </div><div># </div><div># perl /tmp/freeradius_hook </div><div># </div><div># radiusd -X</div><div>FreeRADIUS Version 2.1.6, for host i386-portbld-freebsd8.0, built on Oct 23 2009 at 17:50:57</div>
<div>Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. </div><div>There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A </div><div>PARTICULAR PURPOSE. </div><div>You may redistribute copies of FreeRADIUS under the terms of the </div>
<div>GNU General Public License v2. </div><div>Starting - reading configuration files ...</div><div>including configuration file /usr/local/etc/raddb/radiusd.conf</div><div>group = freeradius</div><div>user = freeradius</div>
<div>including dictionary file /usr/local/etc/raddb/dictionary</div><div>main {</div><div><span style="white-space: pre; "> </span>prefix = "/usr/local"</div><div><span style="white-space: pre; "> </span>localstatedir = "/var"</div>
<div><span style="white-space: pre; "> </span>logdir = "/var/log"</div><div><span style="white-space: pre; "> </span>libdir = "/usr/local/lib"</div><div><span style="white-space: pre; "> </span>radacctdir = "/var/log/radacct"</div>
<div><span style="white-space: pre; "> </span>hostname_lookups = no</div><div><span style="white-space: pre; "> </span>max_request_time = 30</div><div><span style="white-space: pre; "> </span>cleanup_delay = 5</div><div><span style="white-space: pre; "> </span>max_requests = 256</div>
<div><span style="white-space: pre; "> </span>allow_core_dumps = no</div><div><span style="white-space: pre; "> </span>pidfile = "/var/run/radiusd/radiusd.pid"</div><div><span style="white-space: pre; "> </span>checkrad = "/usr/local/sbin/checkrad"</div>
<div><span style="white-space: pre; "> </span>debug_level = 0</div><div><span style="white-space: pre; "> </span>proxy_requests = no</div><div><span style="white-space: pre; "> </span>log_auth = yes</div><div><span style="white-space: pre; "> </span>log_auth_badpass = no</div>
<div><span style="white-space: pre; "> </span>log_auth_goodpass = no</div><div><span style="white-space: pre; "> </span>log_stripped_names = no</div><div> security {</div><div><span style="white-space: pre; "> </span>max_attributes = 200</div>
<div><span style="white-space: pre; "> </span>reject_delay = 1</div><div><span style="white-space: pre; "> </span>status_server = no</div><div> }</div><div>}</div><div>radiusd: #### Loading Realms and Home Servers ####</div>
<div>radiusd: #### Loading Clients ####</div><div>radiusd: #### Instantiating modules ####</div><div>radiusd: #### Loading Virtual Servers ####</div><div>server {</div><div> modules {</div><div> Module: Checking authenticate {...} for more modules to load</div>
<div> Module: Linked to module rlm_perl</div><div> Module: Instantiating perl</div><div> perl {</div><div><span style="white-space: pre; "> </span>module = "/tmp/freeradius_hook"</div><div><span style="white-space: pre; "> </span>func_authorize = "authorize"</div>
<div><span style="white-space: pre; "> </span>func_authenticate = "authenticate"</div><div><span style="white-space: pre; "> </span>func_accounting = "accounting"</div><div><span style="white-space: pre; "> </span>func_preacct = "preacct"</div>
<div><span style="white-space: pre; "> </span>func_checksimul = "checksimul"</div><div><span style="white-space: pre; "> </span>func_detach = "detach"</div><div><span style="white-space: pre; "> </span>func_xlat = "xlat"</div>
<div><span style="white-space: pre; "> </span>func_pre_proxy = "pre_proxy"</div><div><span style="white-space: pre; "> </span>func_post_proxy = "post_proxy"</div><div><span style="white-space: pre; "> </span>func_post_auth = "post_auth"</div>
<div> }</div><div>Can't load '/usr/local/lib/perl5/5.8.9/mach/auto/IO/IO.so' for module IO: /usr/local/lib/perl5/5.8.9/mach/auto/IO/IO.so: Undefined symbol "PL_sv_undef" at /usr/local/lib/perl5/5.8.9/mach/XSLoader.pm line 70.</div>
<div> at /usr/local/lib/perl5/5.8.9/mach/IO.pm line 11</div><div>Compilation failed in require at /tmp/freeradius_hook line 6.</div><div>BEGIN failed--compilation aborted at /tmp/freeradius_hook line 6 (#1)</div><div> (F) The module you tried to load failed to load a dynamic extension. This</div>
<div> may either mean that you upgraded your version of perl to one that is</div><div> incompatible with your old dynamic extensions (which is known to happen</div><div> between major versions of perl), or (more likely) that your dynamic</div>
<div> extension was built against an older version of the library that is</div><div> installed on your system. You may need to rebuild your old dynamic</div><div> extensions.</div><div> </div><div>Uncaught exception from user code:</div>
<div><span style="white-space: pre; "> </span>Can't load '/usr/local/lib/perl5/5.8.9/mach/auto/IO/IO.so' for module IO: /usr/local/lib/perl5/5.8.9/mach/auto/IO/IO.so: Undefined symbol "PL_sv_undef" at /usr/local/lib/perl5/5.8.9/mach/XSLoader.pm line 70.</div>
<div> at /usr/local/lib/perl5/5.8.9/mach/IO.pm line 11</div><div>Compilation failed in require at /tmp/freeradius_hook line 6.</div><div>BEGIN failed--compilation aborted at /tmp/freeradius_hook line 6.</div><div> at /tmp/freeradius_hook line 6</div>
<div>rlm_perl: perl_parse failed: /tmp/freeradius_hook not found or has syntax errors. </div><div>/usr/local/etc/raddb/radiusd.conf[65]: Instantiation failed for module "perl"</div><div>/usr/local/etc/raddb/radiusd.conf[169]: Failed to find module "perl".</div>
<div>/usr/local/etc/raddb/radiusd.conf[169]: Failed to parse "perl" entry.</div><div>Errors initializing modules</div><div># </div></span>