Subject: Re: problems with freeradius 1.0.1 & ldap on 1.6.2_STABLE/2.0RC4
To: Dave Tyson <Dave.Tyson@liverpool.ac.uk>
From: Adrian Portelli <adrianp@netbsd.org>
List: tech-pkg
Date: 11/10/2004 13:52:15
Hi Dave,

I'm currently trying to set aside some time to look at this package as 
another user is having problems with it as well on an un-related issue 
(PR #28095).  I'll have a look at your LDAP at the same time.

adrian.

Dave Tyson wrote:

> Has anyone else experienced any problems with the latest freeradius
> 1.0.1nb3 (pkgsrc CVS a couple of days ago) and ldap.
> 
> Setting PKG_OPTIONS.freeradius=ldap in /etc/mk.conf under 2.0 RC4
> and compiling the source works fine - the are a few warnings when
> the rlm_ldap module is built, but everything looks OK.
> 
> Running radiusd with the debug option and doing a lookup using
> radtest results in it crashing with a thread error:
> 
> --- Walking the entire request list ---
> Waking up in 31 seconds...
> Threads: total/active/spare threads = 5/0/5
> Thread 1 got semaphore
> Thread 1 handling request 0, (1 handled so far)
>         User-Name = "testuser"
>         User-Password = "secret"
>         NAS-IP-Address = 255.255.255.255
>         NAS-Port = 8212
>   Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 0
>   modcall[authorize]: module "preprocess" returns ok for request 0
>   modcall[authorize]: module "chap" returns noop for request 0
>   modcall[authorize]: module "mschap" returns noop for request 0
>     rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
>     rlm_realm: No such realm "NULL"
>   modcall[authorize]: module "suffix" returns noop for request 0
>   rlm_eap: No EAP-Message, not doing EAP
>   modcall[authorize]: module "eap" returns noop for request 0
>     users: Matched DEFAULT at 152
>   modcall[authorize]: module "files" returns ok for request 0
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for testuser
> radius_xlat:  '(&(objectClass=User)(cn=testuser))'
> radius_xlat:  'o=uol'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: attempting LDAP reconnection
> rlm_ldap: (re)connect to ldap3.liv.ac.uk:389, authentication 0
> rlm_ldap: bind as / to ldap3.liv.ac.uk:389
> rlm_ldap: waiting for bind result ...
> rlm_ldap: Bind was successful
> rlm_ldap: performing search in o=uol, with filter (&(objectClass=User)(cn=testus
> er))
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user testuser authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
>   modcall[authorize]: module "ldap" returns ok for request 0
> modcall: group authorize returns ok for request 0
>   rad_check_password:  Found Auth-Type System
> auth: type "System"
>   Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 0
> radiusd: Error detected by libpthread: Invalid mutex.
> Detected by file "/usr/src/lib/libpthread/pthread_mutex.c", line 317, function "
> pthread_mutex_unlock".
> See pthread(3) for information.
> Abort
> 
> The situation under 1.6.2_STABLE is similar, although when the package comes
> to compiling rlm_ldap it complains:
> 
> Making static dynamic in rlm_ldap...
> gmake[6]: Entering directory `/usr/pkgsrc/net/freeradius/work/freeradius-1.0.1/s
> rc/modules/rlm_ldap'
> gcc  -O2 -I/usr/pkg/include -I/usr/include -DOPENSSL_NO_KRB5   -Wall -D_GNU_SOUR
> CE -g -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict
> -prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -W -Wre
> dundant-decls -Wundef  -I../../include -DHAVE_LDAP_START_TLS -DHAVE_LDAP_INITIAL
> IZE -DHAVE_LDAP_INT_TLS_CONFIG -c rlm_ldap.c -o rlm_ldap.o
> rlm_ldap.c:182: pthread.h: No such file or directory
> gmake[6]: *** [rlm_ldap.o] Error 1
> 
> Interestingly /usr/pkg/include/pthread.h DOES exist (The build installs pth)
> and cd'ing into the directory and doing a gmake actually completes the
> compile etc with similar warnings as the 2.0RC4 build. It is then possible
> to finish the installation.
> 
> However the resulting objects still croak:
> 
> rad_recv: Access-Request packet from host 127.0.0.1:65405, id=41, length=58
>         User-Name = "testuser"
>         User-Password = "secret"
>         NAS-IP-Address = 255.255.255.255
>         NAS-Port = 1812
>   Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 0
>   modcall[authorize]: module "preprocess" returns ok for request 0
>   modcall[authorize]: module "chap" returns noop for request 0
>   modcall[authorize]: module "mschap" returns noop for request 0
>     rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
>     rlm_realm: No such realm "NULL"
>   modcall[authorize]: module "suffix" returns noop for request 0
>   rlm_eap: No EAP-Message, not doing EAP
>   modcall[authorize]: module "eap" returns noop for request 0
>     users: Matched DEFAULT at 152
>   modcall[authorize]: module "files" returns ok for request 0
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for testuser
> radius_xlat:  '(&(objectClass=User)(cn=testuser))'
> radius_xlat:  'o=uol'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> /usr/pkg/lib/rlm_ldap-1.0.1.so: Undefined PLT symbol "pthread_mutex_trylock" (symnum = 91)
> 
> So we are a bit stuffed at this point. Anyone have any clues as to how to
> get out of this mess? I would prefer to run 2.0 rather than 1.6.2, however
> any system that worked would do. I don't really want to have to dig out some
> FreeBSD CD's as everything else here runs on NetBSD just fine...
> 
> TIA,
> Dave
> 
> I have the full build messages/debugging output if needed :-)
> 
> --
> =====================================================================
> Computing Services Dept         Phone/Fax: 0151-794-3731/3759
> The University of Liverpool     Email: dtyson@liv.ac.uk
> Chadwick Tower, Peach Street    WWW:   http://www.liv.ac.uk/~dtyson
> Liverpool L69 7ZF               Open Source O/S: www.netbsd.org
> =====================================================================
> 
>