RADIUS relocation error

John Metcalfe metcalfej at us.ibm.com
Mon Feb 13 20:46:14 CET 2006 

Hello:

We are using FreeRADIUS version 1.1.02 with OpenSSL version 0.9.6g.  The 
client supplicant is WinXP SP2 with WPA TKIP, PEAP and EAP MS-CHAP v2 
configured.  The NAS is a Symbol WS5100 WLAN switch configured to use 
RADIUS, TKIP and PEAP.

We configured RADIUS and it starts (in debug mode) and we are able login 
to the server with test client software using raduser and shared secret 
password. 

On the XP client we are able to enter credentials (raduser and shared 
secret) and the Symbol switch receives and forwards the request to the 
RADIUS server with the following error in the switch log file: "failed 
802.1x authentication for BSS " 

Then RADIUS server stops with the following error:

        radiusd: relocation error: 
/usr/lib/freeradius/rlm_eap_tls-1.0.2.so: undefined symbol: 
SSL_set_msg_callback

Last week Alan said:

  You have two versions of OpenSSL installed on your system.  One that
you used to build FreeRADIUS, and another that your dynamic linker
finds at run-time.  The versions are incompatible.

Are there anny other causes for the relocation message above?  Also, how 
can we ensure we don't have two versions?  Any advice is greatly 
appreciated.  Thank you!

Here is the startup.

rad_recv: Access-Request packet from host 10.203.10.51:10666, id=222, 
length=140
        User-Name = "raduser"
        NAS-IP-Address = 
        Called-Station-Id = 
        Calling-Station-Id = 
        NAS-Identifier = 
        NAS-Port = 29
        Framed-MTU = 1000
        NAS-Port-Type = Wireless-802.11
        EAP-Message = 0x0201000c0172616475736572
        Message-Authenticator = 0x46b0bbaca854130635f0fca5647e9a45
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "raduser", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: EAP packet type response id 1 length 12
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 0
    users: Matched entry raduser at line 90
  modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns updated) for request 0
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
radiusd: relocation error: /usr/local/lib/rlm_eap_tls-1.1.0.so: undefined 
symbol: SSL_set_msg_callback



John Metcalfe, Jr.
IT Specialist - AIS
IBM Business Consulting Services, Public Sector
Telephone: 240-396-5305
email: metcalfej at us.ibm.com

More information about the Freeradius-Users mailing list