Debian 12 libldap\GnuTLS when using NetworkRadius packages
Alan DeKok
aland at deployingradius.com
Sat Feb 15 17:19:27 UTC 2025
On Feb 15, 2025, at 12:11 PM, Alexey D. Filimonov <alexey at filimonic.net> wrote:
>
> When installing freeRADIUS from NetworkRadius to Debian 12, I get this warning:
>
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> !! libldap is using GnuTLS, while FreeRADIUS is using OpenSSL
> !! There may be random issues with TLS connections due to this conflict.
> !! The server may also crash.
> !! See https://wiki.freeradius.org/modules/Rlm_ldap for more information.
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>
> Any suggestions where to get \ how to build libldap for debian linked to OpenSSL ?
https://ltb-project.org/download.html
The underlying issue is that GnuTLS and OpenSSL are not compatible. An application has to be linked to only one at a time, and can't link to both.
Since GnuTLS is lacking may features which OpenSSL has, FreeRADIUS can't switch to using GnuTLS. It might be possible (perhaps) to hack it so that it builds with GnuTLS, and simply discards any features which aren't supported. But that would be a lot of work. It could also make FreeRADIUS incompatible with many EAP implementations.
The much simpler approach is to just switch to a version of libldap which uses OpenSSL.
Alan DeKok.
More information about the Freeradius-Users
mailing list