Debian 802.1x LDAP

classic Classic list List threaded Threaded
6 messages Options
| Threaded
Open this post in threaded view
|

Debian 802.1x LDAP

Cian Phillips
Greetings.

I'm trying to get a Debian (stable) box set up to authenticate users  
for our Cisco Wireless Control Software via LDAP. I have tried the  
Debian package and can get LDAP running easily. When I try to get the  
eap/tls stuff working it gives me an error about missing libraries.

rlm_eap: Failed to link EAP-Type/tls: rlm_eap_tls.so: cannot open  
shared object file: No such file or directory


I have googled this and found some messages that suggest compiling  
from source and using the --shared-disabled flag at compile time but  
I've tried building from source and can't even get LDAP working..  
each time I un-comment the ldap line from the radiusd.conf file and  
try to start using radiusd -x I get a segfault.


Ideally I would like to stick with Debian as that is what my other  
production servers are but would be willing to use something else if  
it makes easier work of this process.

If anyone has gotten Debian + 802.1x + LDAP working or even just  
802.1x + LDAP I could really use some pointers if even just to tell  
me it is or isn't possible.

Thanks in advance.

Cian Phillips

Cian Phillips
Director Network & Systems
California College of the Arts
Phone: (510) 594-3745
Cell: (510) 719-0091
Fax: (510) 594-3758
email: [hidden email]




-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Debian 802.1x LDAP

Markus Krause
Zitat von Cian Phillips <[hidden email]>:

> Greetings.
>
> I'm trying to get a Debian (stable) box set up to authenticate users
> for our Cisco Wireless Control Software via LDAP. I have tried the
> Debian package and can get LDAP running easily. When I try to get the
> eap/tls stuff working it gives me an error about missing libraries.
>
> rlm_eap: Failed to link EAP-Type/tls: rlm_eap_tls.so: cannot open
> shared object file: No such file or directory
>
>
> I have googled this and found some messages that suggest compiling
> from source and using the --shared-disabled flag at compile time but
> I've tried building from source and can't even get LDAP working..
> each time I un-comment the ldap line from the radiusd.conf file and
> try to start using radiusd -x I get a segfault.
for version v1.0.2: just add --with-rlm_eap_tls in debian/rules

 hth
  markus


>
>
> Ideally I would like to stick with Debian as that is what my other
> production servers are but would be willing to use something else if
> it makes easier work of this process.
>
> If anyone has gotten Debian + 802.1x + LDAP working or even just
> 802.1x + LDAP I could really use some pointers if even just to tell
> me it is or isn't possible.
>
> Thanks in advance.
>
> Cian Phillips
>
> Cian Phillips
> Director Network & Systems
> California College of the Arts
> Phone: (510) 594-3745
> Cell: (510) 719-0091
> Fax: (510) 594-3758
> email: [hidden email]
>
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>


--
Markus Krause                           email: [hidden email]
Computing Center                        Tel.: 089 - 89 40 85 99
Group Lottspeich / Proteomics           Fax.: 089 - 89 40 85 98

---------------------------------------------------------------------
     This message was sent using https://webmail.biochem.mpg.de
If you encounter any problems please report to [hidden email]

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Debian 802.1x LDAP

Kris Benson
In reply to this post by Cian Phillips
FreeRadius users mailing list <[hidden email]> on
August 15, 2005 at 23:40 -0800 wrote:
>rlm_eap: Failed to link EAP-Type/tls: rlm_eap_tls.so: cannot open  
>shared object file: No such file or directory
>
>I have googled this and found some messages that suggest compiling  
>from source and using the --shared-disabled flag at compile time but  
>I've tried building from source and can't even get LDAP working..  
>each time I un-comment the ldap line from the radiusd.conf file and  
>try to start using radiusd -x I get a segfault.

Hi Cian,

Make sure you have done this:
apt-get install libssl-dev
apt-get install libldap2
apt-get install libldap2-dev
apt-get install libmysqlclient14
apt-get install libmysqlclient14-dev
apt-get install slapd
apt-get install ldap-utils
apt-get install db4.2-util

after those packages are all installed, try compiling again.  If that
doesn't work, let me know and I can help you further -- this is where I
solved my problem. :-)

-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince George)

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Debian 802.1x LDAP

Cian Phillips
On Aug 16, 2005, at 12:51 PM, Kris Benson wrote:

> FreeRadius users mailing list <freeradius-
> [hidden email]> on
> August 15, 2005 at 23:40 -0800 wrote:
>
>> rlm_eap: Failed to link EAP-Type/tls: rlm_eap_tls.so: cannot open
>> shared object file: No such file or directory
>>
>> I have googled this and found some messages that suggest compiling
>> from source and using the --shared-disabled flag at compile time but
>> I've tried building from source and can't even get LDAP working..
>> each time I un-comment the ldap line from the radiusd.conf file and
>> try to start using radiusd -x I get a segfault.
>>
>
> Hi Cian,
>
> Make sure you have done this:
> apt-get install libssl-dev
> apt-get install libldap2
> apt-get install libldap2-dev
> apt-get install libmysqlclient14
> apt-get install libmysqlclient14-dev
> apt-get install slapd
> apt-get install ldap-utils
> apt-get install db4.2-util
>
> after those packages are all installed, try compiling again.  If that
> doesn't work, let me know and I can help you further -- this is  
> where I
> solved my problem. :-)


Thanks Kris!

Everything appeared to compile, install and run without any errors.

If you have any tips or good links for up to date information on how  
to set freeradius up to talk to a Cisco WAP I could use the help. <grin>

Thanks again.

Cian







-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Debian 802.1x LDAP

Vladimir Vuksan
Cian Phillips wrote:

> If you have any tips or good links for up to date information on how  
> to set freeradius up to talk to a Cisco WAP I could use the help. <grin>

I have a howto on LDAP and FreeRADIUS at

http://vuksan.com/linux/dot1x/802-1x-LDAP.html

I have successfully used it for WPA with Linksys and Foundry Networks
APs. Should work with Cisco.

Vladimir



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Debian 802.1x LDAP

Kris Benson
In reply to this post by Cian Phillips
FreeRadius users mailing list <[hidden email]> on
August 16, 2005 at 18:18 -0800 wrote:
>
>Thanks Kris!
>
>Everything appeared to compile, install and run without any errors.
>
>If you have any tips or good links for up to date information on how  
>to set freeradius up to talk to a Cisco WAP I could use the help. <grin>

No problem.

Sorry, I don't have any Cisco experience -- it's a bit beyond our budget
at this point.

Now, the D-Link and Linksys $50-special AP's, that's a different story!

:-)

-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince George)

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html