FreeRADIUS w/ TKIP, PEAP, EAP, MS-CHAP v2 - relocation error
We are using FreeRADIUS version 1.0.2 with OpenSSL version 0.96. The client supplicant is WinXP SP2 with WPA TKIP, PEAP and EAP MS-CHAP v2 configured. The NAS is a Symbol WS5100 WLAN switch configured to use RADIUS, TKIP and PEAP. We configured RADIUS and it starts (in debug mode) and we are able login to the server with test client software using raduser and shared secret password. On the XP client we are able to enter credentials (raduser and shared secret) and the Symbol switch receives and forwards the request to the RADIUS server with the following error in the switch log file: "failed 802.1x authentication for BSS " Then RADIUS stops with the following error: radiusd: relocation error: /usr/lib/freeradius/rlm_eap_tls-1.0.2.so: undefined symbol: SSL_set_msg_callback We understand that the version of openSSL may be out of date but we can't upgrade due to other issues and dependancies. Any help or suggestions is greatly appreciated. Below is the complete startup in debug mode with error listed above at the end. Thanks again. John ========== Complete RADIUS startup below ======================== rad_recv: Access-Request packet from host 10.203.10.51:10369, id=123, length=140 User-Name = "raduser" NAS-IP-Address = 10.203.10.51 Called-Station-Id = "00:A0:F8:6E:1E:10" Calling-Station-Id = "00:05:4E:4F:2B:23" NAS-Identifier = "swdevlab_5100_1" NAS-Port = 29 Framed-MTU = 1000 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0201000c0172616475736572 Message-Authenticator = 0xabd78f651fd43d26ca7a7707c1a4f402 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "raduser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 1 length 12 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry raduser at line 75 modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns updated for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls radiusd: relocation error: /usr/lib/freeradius/rlm_eap_tls-1.0.2.so: undefined symbol: SSL_set_msg_callback ========================== end ================================= John Metcalfe, Jr. IT Specialist - AIS IBM Business Consulting Services, Public Sector Telephone: 240-396-5305 email: metcalfej@us.ibm.com
John Metcalfe <metcalfej@us.ibm.com> wrote:
/usr/lib/freeradius/rlm_eap_tls-1.0.2.so: undefined symbol: SSL_set_msg_callback
You have two versions of OpenSSL installed on your system. One that you used to build FreeRADIUS, and another that your dynamic linker finds at run-time. The versions are incompatible.
We understand that the version of openSSL may be out of date but we can't upgrade due to other issues and dependancies. Any help or suggestions is greatly appreciated.
It's not an "out of date" issue. It's that you have *two* OpenSSL versions installed. Force the server to link at run time with the version you used to build it, and it will work. Alan DeKok.
participants (2)
-
Alan DeKok -
John Metcalfe