TTLS Issue after Ubuntu upgrade
Alan DeKok
aland at deployingradius.com
Mon Mar 7 19:49:12 CET 2016
On Mar 7, 2016, at 1:29 PM, Arjan Sinnige <a.sinnige at sae.edu> wrote:
>
> Hi all,
>
> For months I had a working server on Ubuntu 14.10 with a build from source freeradius 2.2.9.
> As Ubuntu 14.10 was running out of support, I decided to upgrade.
>
> As openSSL version was changed I had to rebuild freeradius from source again.
> I stumbled into 2 issues during the build :
> - I had to disable ikev2 in debian/rules with --without-rlm_eap_ikev2 because it would not finish the build with it.
> - I had to disable iodbc in debian/rules with --without-rlm_sql_iodbc because it would not finish the build with it.
> As I am running LDAP as backend the second I could care less about but the first gave me a few frowns.
That's weird. What were the build errors?
In any case... you don't need those modules, so it's OK to disable them.
> Now when clients try to connect, most of them succeed (probably because they are using TLS / PEAP ) but I had a few apple products that would not connect. Some IOS and some versions of OSX. All PCs were ok, android were ok etc..
Blame OpenSSL. :( They've managed to release a number of broken versions, and they've changed their internal API.
You'll need to get the v2.x.x branch from github. It has a fix.
https://github.com/FreeRADIUS/freeradius-server/archive/v2.x.x.zip
Alan DeKok.
More information about the Freeradius-Users
mailing list