FreeRADIUS w/ TKIP, PEAP, EAP, MS-CHAP v2 - relocation error

John Metcalfe metcalfej at us.ibm.com
Wed Feb 8 22:44:39 CET 2006 

We are using FreeRADIUS version 1.0.2 with OpenSSL version 0.96.  The 
client supplicant is WinXP SP2 with WPA TKIP, PEAP and EAP MS-CHAP v2 
configured.  The NAS is a Symbol WS5100 WLAN switch configured to use 
RADIUS, TKIP and PEAP.

We configured RADIUS and it starts (in debug mode) and we are able login 
to the server with test client software using raduser and shared secret 
password. 

On the XP client we are able to enter credentials (raduser and shared 
secret) and the Symbol switch receives and forwards the request to the 
RADIUS server with the following error in the switch log file: "failed 
802.1x authentication for BSS " 

Then RADIUS stops with the following error:

        radiusd: relocation error: 
/usr/lib/freeradius/rlm_eap_tls-1.0.2.so: undefined symbol: 
SSL_set_msg_callback

We understand that the version of openSSL may be out of date but we can't 
upgrade due to other issues and dependancies.  Any help or suggestions is 
greatly appreciated.

Below is the complete startup in debug mode with error listed above at the 
end. 

Thanks again. 

John

========== Complete RADIUS startup below ========================

rad_recv: Access-Request packet from host 10.203.10.51:10369, id=123, 
length=140
        User-Name = "raduser"
        NAS-IP-Address = 10.203.10.51
        Called-Station-Id = "00:A0:F8:6E:1E:10"
        Calling-Station-Id = "00:05:4E:4F:2B:23"
        NAS-Identifier = "swdevlab_5100_1"
        NAS-Port = 29
        Framed-MTU = 1000
        NAS-Port-Type = Wireless-802.11
        EAP-Message = 0x0201000c0172616475736572
        Message-Authenticator = 0xabd78f651fd43d26ca7a7707c1a4f402
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "raduser", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: EAP packet type response id 1 length 12
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 0
    users: Matched entry raduser at line 75
  modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns updated for request 0
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
radiusd: relocation error: /usr/lib/freeradius/rlm_eap_tls-1.0.2.so: 
undefined symbol: SSL_set_msg_callback

========================== end =================================

John Metcalfe, Jr.
IT Specialist - AIS
IBM Business Consulting Services, Public Sector
Telephone: 240-396-5305
email: metcalfej at us.ibm.com

More information about the Freeradius-Users mailing list