Subject: problems with freeradius 1.0.1 & ldap on 1.6.2_STABLE/2.0RC4
To: None <tech-pkg@netbsd.org, netbsd-help@netbsd.org>
From: Dave Tyson <Dave.Tyson@liverpool.ac.uk>
List: netbsd-help
Date: 11/10/2004 11:48:52
Has anyone else experienced any problems with the latest freeradius
1.0.1nb3 (pkgsrc CVS a couple of days ago) and ldap.

Setting PKG_OPTIONS.freeradius=ldap in /etc/mk.conf under 2.0 RC4
and compiling the source works fine - the are a few warnings when
the rlm_ldap module is built, but everything looks OK.

Running radiusd with the debug option and doing a lookup using
radtest results in it crashing with a thread error:

--- Walking the entire request list ---
Waking up in 31 seconds...
Threads: total/active/spare threads = 5/0/5
Thread 1 got semaphore
Thread 1 handling request 0, (1 handled so far)
        User-Name = "testuser"
        User-Password = "secret"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 8212
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 0
    users: Matched DEFAULT at 152
  modcall[authorize]: module "files" returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for testuser
radius_xlat:  '(&(objectClass=User)(cn=testuser))'
radius_xlat:  'o=uol'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldap3.liv.ac.uk:389, authentication 0
rlm_ldap: bind as / to ldap3.liv.ac.uk:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in o=uol, with filter (&(objectClass=User)(cn=testus
er))
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user testuser authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 0
modcall: group authorize returns ok for request 0
  rad_check_password:  Found Auth-Type System
auth: type "System"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
radiusd: Error detected by libpthread: Invalid mutex.
Detected by file "/usr/src/lib/libpthread/pthread_mutex.c", line 317, function "
pthread_mutex_unlock".
See pthread(3) for information.
Abort

The situation under 1.6.2_STABLE is similar, although when the package comes
to compiling rlm_ldap it complains:

Making static dynamic in rlm_ldap...
gmake[6]: Entering directory `/usr/pkgsrc/net/freeradius/work/freeradius-1.0.1/s
rc/modules/rlm_ldap'
gcc  -O2 -I/usr/pkg/include -I/usr/include -DOPENSSL_NO_KRB5   -Wall -D_GNU_SOUR
CE -g -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict
-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -W -Wre
dundant-decls -Wundef  -I../../include -DHAVE_LDAP_START_TLS -DHAVE_LDAP_INITIAL
IZE -DHAVE_LDAP_INT_TLS_CONFIG -c rlm_ldap.c -o rlm_ldap.o
rlm_ldap.c:182: pthread.h: No such file or directory
gmake[6]: *** [rlm_ldap.o] Error 1

Interestingly /usr/pkg/include/pthread.h DOES exist (The build installs pth)
and cd'ing into the directory and doing a gmake actually completes the
compile etc with similar warnings as the 2.0RC4 build. It is then possible
to finish the installation.

However the resulting objects still croak:

rad_recv: Access-Request packet from host 127.0.0.1:65405, id=41, length=58
        User-Name = "testuser"
        User-Password = "secret"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 1812
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 0
    users: Matched DEFAULT at 152
  modcall[authorize]: module "files" returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for testuser
radius_xlat:  '(&(objectClass=User)(cn=testuser))'
radius_xlat:  'o=uol'
rlm_ldap: ldap_get_conn: Checking Id: 0
/usr/pkg/lib/rlm_ldap-1.0.1.so: Undefined PLT symbol "pthread_mutex_trylock" (symnum = 91)

So we are a bit stuffed at this point. Anyone have any clues as to how to
get out of this mess? I would prefer to run 2.0 rather than 1.6.2, however
any system that worked would do. I don't really want to have to dig out some
FreeBSD CD's as everything else here runs on NetBSD just fine...

TIA,
Dave

I have the full build messages/debugging output if needed :-)

--
=====================================================================
Computing Services Dept         Phone/Fax: 0151-794-3731/3759
The University of Liverpool     Email: dtyson@liv.ac.uk
Chadwick Tower, Peach Street    WWW:   http://www.liv.ac.uk/~dtyson
Liverpool L69 7ZF               Open Source O/S: www.netbsd.org
=====================================================================