Date: Thu, 7 Jan 2010 11:19:03 -0500 From: Nick Rogers <ncrogers@gmail.com> To: freebsd-ports@freebsd.org Subject: freeradius-2.1.6 + perl-5.8.9_3 + perl hook problem Message-ID: <147432021001070819g5628ca8bh1fc4fb7c5e0e5b9e@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
I started a thread discussing a similar problem a few days ago but I would like to repost a more concise statement and a way to replicate easily. There seems to be some kind of shared library linking issue between the freeradius2 and perl packages compiled from RELEASE_8_0 ports tree branch. If one tries to use freeradius in conjunction with a perl hook (script) for authentication, and the perl script requires a perl module relying on a compiled shared object file (e.g., IO), then freeradius will fail to load the perl script and throws errors. Below is a dump that should make it easy to replicate the problem. This was done after freshly installing 8.0-RELEASE-i386 onto a system from the official ISO. Note that I have also tried to compile the ports myself and run into the same problem on i386 and amd64 architectures. I am going to try and compile the ports using portupgrade as suggested by someone on this list and see if that changes anything. Any further help would be greatly appreciated. Thanks! # uname -a FreeBSD 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:48:17 UTC 2009 root@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 # # pkg_info # # # pkg_add -r freeradius Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.0-release/Latest/freeradius.tbz... Done. Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.0-release/All/python26-2.6.2_3.tbz... Done. ==== Note that some of the standard modules are provided as separate ports since they require extra dependencies: bsddb databases/py-bsddb gdbm databases/py-gdbm sqlite3 databases/py-sqlite3 tkinter x11-toolkits/py-tkinter Install them as needed. ==== Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.0-release/All/perl-5.8.9_3.tbz... Done. Removing stale symlinks from /usr/bin... Skipping /usr/bin/perl Skipping /usr/bin/perl5 Done. Creating various symlinks in /usr/bin... Symlinking /usr/local/bin/perl5.8.9 to /usr/bin/perl Symlinking /usr/local/bin/perl5.8.9 to /usr/bin/perl5 Done. Cleaning up /etc/make.conf... Done. Spamming /etc/make.conf... Done. Cleaning up /etc/manpath.config... Done. Spamming /etc/manpath.config... Done. Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.0-release/All/libltdl-2.2.6a.tbz... Done. Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.0-release/All/gdbm-1.8.3_3.tbz... Done. Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.0-release/All/libiconv-1.13.1.tbz... Done. Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.0-release/All/gettext-0.17_1.tbz... Done. Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.0-release/All/gmake-3.81_3.tbz... Done. ===> Created group freeradius ===> Created user freeradius ===> Setting user and group in radiusd.conf ===> Bootstrapping default certificates, please wait... ===> Adjusting ownership of directory /usr/local/etc/raddb ===> Adjusting ownership of directory /var/log/radacct ===> Adjusting ownership of directory /var/run/radiusd ===> Adjusting ownership of /var/log/radius.log ===> Adjusting ownership of /var/log/radutmp ===> Adjusting ownership of /var/log/radwtmp ===> Updating libdir in /usr/local/etc/raddb/radiusd.conf =============================================================================== To enable FreeRADIUS, put the following line in /etc/rc.conf radiusd_enable="YES" The sample configuration can be found at /usr/local/share/examples/freeradius/raddb If you are upgrading FreeRADIUS, you are advised to use this as a reference for updating your configuration. FreeRADIUS will look for its configuration directory at /usr/local/etc/raddb by default. If you did not already have a configuration at this location, the sample configuration has been copied to this location and has been bootstrapped. If you wish to point FreeRADIUS to a configuration at a different location, put the following line in /etc/rc.conf radiusd_flags="-d /path/to/raddb" To start the server in normal (daemon) mode, run: /usr/local/etc/rc.d/radiusd start and to stop the server, run: /usr/local/etc/rc.d/radiusd stop To start the server in debugging mode, run: /usr/local/etc/rc.d/radiusd debug You are advised to make cautious changes to the configuration, and to test frequently, using debugging mode where necessary. Try to resist the temptation to disable or delete things that you don't understand - you may well break things! The documentation has been installed at /usr/local/share/doc/freeradius Useful configuration advice can be found in the FreeRADIUS Wiki at http://wiki.freeradius.org =============================================================================== # # pkg_info en-freebsd-doc-20090913 Documentation from the FreeBSD Documentation Project freeradius-2.1.6 A free RADIUS server implementation gdbm-1.8.3_3 The GNU database manager gettext-0.17_1 GNU gettext package gmake-3.81_3 GNU version of 'make' utility libiconv-1.13.1 A character set conversion library libltdl-2.2.6a System independent dlopen wrapper perl-5.8.9_3 Practical Extraction and Report Language python26-2.6.2_3 An interpreted object-oriented programming language # # cat /usr/local/etc/raddb/radiusd.conf user = freeradius group = freeradius raddbdir = /usr/local/etc/raddb logdir = /var/log libdir = /usr/local/lib pidfile = /var/run/radiusd/radiusd.pid prefix = /usr/local exec_prefix = ${prefix} localstatedir = /var sbindir = ${exec_prefix}/sbin radacctdir = ${logdir}/radacct confdir = ${raddbdir} run_dir = ${localstatedir}/run/radiusd log_file = /var/log/radius.log log_destination = files max_request_time = 30 delete_blocked_requests = no cleanup_delay = 5 max_requests = 256 listen { ipaddr = * port = 1812 type = auth } listen { ipaddr = * port = 1813 type = acct } hostname_lookups = no allow_core_dumps = no regular_expressions = yes extended_expressions = yes log_stripped_names = no log_auth = yes log_auth_badpass = no log_auth_goodpass = no usercollide = no lower_user = no lower_pass = no nospace_user = no nospace_pass = no checkrad = ${sbindir}/checkrad proxy_requests = no snmp = no security { max_attributes = 200 reject_delay = 1 status_server = no } thread pool { start_servers = 1 max_servers = 16 min_spare_servers = 0 max_spare_servers = 5 max_requests_per_server = 0 } modules { perl { module = /tmp/freeradius_hook } detail { detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d detailperm = 0644 } acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" } eap { default_eap_type = peap timer_expire = 60 ignore_unknown_eap_types = no # Generic Token Card. # # Currently, this is only permitted inside of EAP-TTLS, # or EAP-PEAP. The module "challenges" the user with # text, and the response from the user is taken to be # the User-Password. # # Proxying the tunneled EAP-GTC session is a bad idea, # the users password will go over the wire in plain-text, # for anyone to see. # gtc { challenge = "Password: " auth_type = perl } tls { private_key_password = private_key_file = /etc/ssl/server.key certificate_file = /etc/ssl/server.crt CA_file = /etc/ssl/server.crt dh_file = /usr/local/etc/raddb/dhparam random_file = /space/rxg/rxgd/bin/random } ttls { default_eap_type = gtc copy_request_to_tunnel = yes use_tunneled_reply = yes } peap { default_eap_type = gtc copy_request_to_tunnel = yes use_tunneled_reply = yes } } radutmp { filename = ${logdir}/radutmp username = %{User-Name} case_sensitive = yes check_with_nas = yes callerid = "yes" } radutmp sradutmp { filename = ${logdir}/sradutmp perm = 0644 callerid = "no" } attr_filter { attrsfile = ${confdir}/attrs } counter daily { filename = ${raddbdir}/db.daily key = User-Name count-attribute = Acct-Session-Time reset = daily counter-name = Daily-Session-Time check-name = Max-Daily-Session allowed-servicetype = Framed-User cache-size = 5000 } preprocess { huntgroups = ${confdir}/huntgroups hints = ${confdir}/hints with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no } } authorize { preprocess eap perl } authenticate { Auth-Type PERL { perl } eap } preacct { preprocess acct_unique } accounting { detail radutmp perl } session { radutmp } # # # cat /tmp/freeradius_hook #!/usr/bin/perl use strict; use diagnostics; use IO (); # # # perl /tmp/freeradius_hook # # radiusd -X FreeRADIUS Version 2.1.6, for host i386-portbld-freebsd8.0, built on Oct 23 2009 at 17:50:57 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /usr/local/etc/raddb/radiusd.conf group = freeradius user = freeradius including dictionary file /usr/local/etc/raddb/dictionary main { prefix = "/usr/local" localstatedir = "/var" logdir = "/var/log" libdir = "/usr/local/lib" radacctdir = "/var/log/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 256 allow_core_dumps = no pidfile = "/var/run/radiusd/radiusd.pid" checkrad = "/usr/local/sbin/checkrad" debug_level = 0 proxy_requests = no log_auth = yes log_auth_badpass = no log_auth_goodpass = no log_stripped_names = no security { max_attributes = 200 reject_delay = 1 status_server = no } } radiusd: #### Loading Realms and Home Servers #### radiusd: #### Loading Clients #### radiusd: #### Instantiating modules #### radiusd: #### Loading Virtual Servers #### server { modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_perl Module: Instantiating perl perl { module = "/tmp/freeradius_hook" func_authorize = "authorize" func_authenticate = "authenticate" func_accounting = "accounting" func_preacct = "preacct" func_checksimul = "checksimul" func_detach = "detach" func_xlat = "xlat" func_pre_proxy = "pre_proxy" func_post_proxy = "post_proxy" func_post_auth = "post_auth" } Can't load '/usr/local/lib/perl5/5.8.9/mach/auto/IO/IO.so' for module IO: /usr/local/lib/perl5/5.8.9/mach/auto/IO/IO.so: Undefined symbol "PL_sv_undef" at /usr/local/lib/perl5/5.8.9/mach/XSLoader.pm line 70. at /usr/local/lib/perl5/5.8.9/mach/IO.pm line 11 Compilation failed in require at /tmp/freeradius_hook line 6. BEGIN failed--compilation aborted at /tmp/freeradius_hook line 6 (#1) (F) The module you tried to load failed to load a dynamic extension. This may either mean that you upgraded your version of perl to one that is incompatible with your old dynamic extensions (which is known to happen between major versions of perl), or (more likely) that your dynamic extension was built against an older version of the library that is installed on your system. You may need to rebuild your old dynamic extensions. Uncaught exception from user code: Can't load '/usr/local/lib/perl5/5.8.9/mach/auto/IO/IO.so' for module IO: /usr/local/lib/perl5/5.8.9/mach/auto/IO/IO.so: Undefined symbol "PL_sv_undef" at /usr/local/lib/perl5/5.8.9/mach/XSLoader.pm line 70. at /usr/local/lib/perl5/5.8.9/mach/IO.pm line 11 Compilation failed in require at /tmp/freeradius_hook line 6. BEGIN failed--compilation aborted at /tmp/freeradius_hook line 6. at /tmp/freeradius_hook line 6 rlm_perl: perl_parse failed: /tmp/freeradius_hook not found or has syntax errors. /usr/local/etc/raddb/radiusd.conf[65]: Instantiation failed for module "perl" /usr/local/etc/raddb/radiusd.conf[169]: Failed to find module "perl". /usr/local/etc/raddb/radiusd.conf[169]: Failed to parse "perl" entry. Errors initializing modules #
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?147432021001070819g5628ca8bh1fc4fb7c5e0e5b9e>