Comiling for use with Oracle
Brian Atkins
batkins at tlcdelivers.com
Thu Feb 8 16:58:01 CET 2007
Just curious what the minimum modules required to use Freeradius to
authenticate (not sure if that is the correct terminology) from and
Oracle DB. Keep in mind that I am only planning on querying the DB and
not updating or inserting information for accounting purposes. However,
I wouldn't rule out using a text file (radutmp, I think) for accounting
purposes, though.
I have been trying to compile it using the following:
# ORACLE_HOME=/cygdrive/d/oracle/ora92; export ORACLE_HOME
# cd freeradius-1.1.4
# ./configure
Which generates an error:
rlm_perl.c: In function `rlm_perl_get_handles':
rlm_perl.c:226: warning: cast to pointer from integer of different size
rlm_perl.c: At top level:
rlm_perl.c:614: error: external linkage required for symbol
'XS_radiusd_radlog' because of 'dllexport' attribute.
I have also used:
# ./configure --without-rlm_perl
Which appear to compile successfully, but I get a lot of errors about
missing modules and/or libraries.
# ./radiusd.exe -X
...
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
radiusd.conf[10] Failed to link to module 'rlm_sql': No such file or
directory
radiusd.conf[1850] Unknown module "sql".
radiusd.conf[1779] Failed to parse authorize section.
I know I have a library linking issue, but I read the <a
href="http://wiki.freeradius.org/index.php/FAQ#It_says_.22Could_not_link_..._file_not_found.22.2C_what_do_I_do.3F">FAQs
</a> and attempted to resolve them using the methods mentioned. I get no
errors during the configure for sql modules (other than mysql, but I'm
not trying to compile support for that anyway). Since I'm using the
Oracle libs to create the Oracle modules, I don't *think* I should
disable shared libraries. ... Or should I?
I've also tried setting:
LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/cygdrive/d/oracle/ora92/oci/lib:/cygdrive/d/oracle/ora92/lib
Without good results. I also do not have ld.conf nor ldconfig on the
system (Cygwin), but I have read elsewhere that neither of them should
be required.
I realize that this is not necessarily an issue with Freeradius.
Although I am having trouble compiling from source, I can install the
.NET version and run without issue. From my understanding, both are
basically the same, just .NET has had changes made to deal with the
different path structure in Cygwin.
I saw a lot of old posts (<2003) that dealt with similar issues, but on
much older versions (Oracle 8 and Freeradius .1 - .3).
Help, insight, thoughts are all appreciated. Attached below is my
somewhat hacked up conf files. Sorry for the long post.
Thanks,
Brian
RADIUSD.CONF
------------
prefix = /usr/local
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = ${prefix}/var
sbindir = ${exec_prefix}/sbin
logdir = ${localstatedir}/log/radius
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
certsdir = ${sysconfdir}/raddb/certs/FreeRADIUS.net/DemoCerts
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/radiusd
log_file = ${logdir}/radius.log
libdir = ${exec_prefix}/lib
pidfile = ${run_dir}/radiusd.pid
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 1024
bind_address = *
port = 0
hostname_lookups = no
allow_core_dumps = no
regular_expressions = no
extended_expressions = no
log_stripped_names = no
log_auth = no
log_auth_badpass = no
log_auth_goodpass = no
usercollide = no
lower_user = no
lower_pass = no
nospace_user = no
nospace_pass = no
checkrad = ${sbindir}/checkrad
security {
max_attributes = 200
reject_delay = 1
status_server = no
}
proxy_requests = yes
$INCLUDE ${confdir}/proxy.conf
$INCLUDE ${confdir}/clients.conf
snmp = no
$INCLUDE ${confdir}/snmp.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
modules {
files {
}
detail {
detailfile =
${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
detailperm = 0600
}
$INCLUDE ${confdir}/oraclesql.conf
radutmp {
filename = ${logdir}/radutmp
username = %{User-Name}
case_sensitive = yes
check_with_nas = yes
perm = 0600
callerid = "no"
}
radutmp sradutmp {
filename = ${logdir}/sradutmp
perm = 0644
callerid = "no"
}
attr_filter {
attrsfile = ${confdir}/attrs
}
counter daily {
filename = ${raddbdir}/db.daily
key = User-Name
count-attribute = Acct-Session-Time
reset = daily
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
allowed-servicetype = Framed-User
cache-size = 5000
}
always fail {
rcode = fail
}
always reject {
rcode = reject
}
always ok {
rcode = ok
simulcount = 0
mpp = no
}
digest {
}
}
instantiate {
}
authorize {
sql
}
authenticate {
}
preacct {
}
accounting {
sql
}
session {
}
post-auth {
}
pre-proxy {
}
post-proxy {
}
CLIENTS.CONF:
-------------
client 127.0.0.1 {
secret = testing123
shortname = localhost
}
client 10.10.58.106 {
secret = My_Secret
shortname = Some_Server
}
ORACLESQL.CONF
--------------
sql {
driver = "rlm_sql_oracle"
server = "localhost"
login = "my_account"
password = "my_password"
radius_db = "(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP) \
(HOST=localhost)(PORT=1521))(CONNECT_DATA=(SID=L9D1)))"
acct_table1 = "radacct"
acct_table2 = "radacct"
authcheck_table = "itagency"
authreply_table = "radreply"
deletestalesessions = yes
sqltrace = no
sqltracefile = ${logdir}/sqltrace.sql
num_sql_socks = 5
connect_failure_retry_delay = 60
sql_user_name = "%{User-Name}"
authorize_check_query = "select 1 as ID, barcode AS username, \
'Password' as attribute, pin as value, '==' as op from \
itagency where barcode = '%{SQL-User-Name}' and \
blockstatus is null"
authorize_reply_query = "SELECT id,UserName,Attribute,Value,op \
FROM ${authreply_table} WHERE Username = \
'%{SQL-User-Name}' ORDER BY id"
}
More information about the Freeradius-Users
mailing list