TTLS Issue after Ubuntu upgrade

Alan DeKok aland at deployingradius.com
Mon Mar 7 19:49:12 CET 2016


On Mar 7, 2016, at 1:29 PM, Arjan Sinnige <a.sinnige at sae.edu> wrote:
> 
> Hi all,
> 
> For months I had a working server on Ubuntu 14.10 with a build from source freeradius 2.2.9.
> As Ubuntu 14.10 was running out of support, I decided to upgrade.
> 
> As openSSL version was changed I had to rebuild freeradius from source again.
> I stumbled into 2 issues during the build :
> - I had to disable ikev2 in debian/rules with --without-rlm_eap_ikev2 because it would not finish the build with it.
> - I had to disable iodbc in debian/rules with --without-rlm_sql_iodbc because it would not finish the build with it.
> As I am running LDAP as backend the second I could care less about but the first gave me a few frowns.

  That's weird.  What were the build errors?

  In any case... you don't need those modules, so it's OK to disable them.

> Now when clients try to connect, most of them succeed (probably because they are using TLS / PEAP ) but I had a few apple products that would not connect. Some IOS and some versions of OSX. All PCs were ok, android were ok etc..

  Blame OpenSSL.  :(  They've managed to release a number of broken versions, and they've changed their internal API.

  You'll need to get the v2.x.x branch from github.  It has a fix.

https://github.com/FreeRADIUS/freeradius-server/archive/v2.x.x.zip

  Alan DeKok.




More information about the Freeradius-Users mailing list