Sunday, March 21, 2010

Misc 9

(This uses the topology found in Misc 3)
As previously mentioned, FreeRadius lacks any sort of SSL support due to licensing issues with OpenSSL. This means that EAP types such as PEAP/TLS/TTLS would not work and would be ignored in configuration files. This has been a source of great frustration for those who didn't know.

In this entry I will attempt to recompile FreeRadius to include OpenSSL. Be warned that this is only for educational purposes and is illegal for use in production environments.

First of all, make sure that the repositories are properly set up. To do this, edit /etc/apt/sources.list and add in the NUS mirror:
deb http://mirror.nus.edu.sg/Debian lenny contrib main non-free
deb-src http://mirror.nus.edu.sg/Debian lenny contrib main non-free

The deb-src entry is very important as this is what we'll need to use to get FreeRadius's source code. Now, we'll install all necessary packages for compilation of software:
apt-get install build-essentials apt-src

Now you'll have apt-src at your disposal. Apt-src allows you to quickly retrieve an application's source from a repository. Create a folder in your home directory and browse to it:
mkdir ~/build_freeradius
cd ~/build_freeradius

Now you should download the source of freeradius. To do this, do an update, then install it with apt-src:
apt-src update
apt-src install freeradius

When you do a listing of your current directory, you should see a bunch of files and a folder. Get into the debian folder like this:
cd freeradius-2.0.4+dfsg/debian

Now there's two files which we need to edit to make it work. The first file is the rules file, which tells the compiler which rules it must follow. Coincidentally, it's this file that tells the compiler that OpenSSL cannot be used on a Debian system. We must remove all such rules. To do this, edit the rules file and look for these lines:
--without-rlm_eap_tls \
--without-rlm_eap_ttls \
--without-rlm_eap_peap \
--without-openssl \

Ignore OTP and IKEv2 because they do not work for some reason. Now, edit it to reflect:
--with-rlm_eap_tls \
--with-rlm_eap_ttls \
--with-rlm_eap_peap \
--with-openssl \

Next, do a search for "openssl". You should find a chunk of code that looks like this:
for pkg in $(shell grep ^Package debian/control | awk '{print $$2}') ; d
o \
if dh_shlibdeps -p $$pkg -- -O | grep -q libssl; then \
echo "$$pkg links to openssl" ;\
exit 1 ;\
fi ;\

This is the part that restricts libssl from being installed as part of the dependencies. This is very bad, so remove the whole section.

Now edit the control file, and look for the dependency list for freeradius (should be the first line). Add in libssl-dev at the back like this:
Build-Depends: autotools-dev, debhelper (>= 6.0.7), libgdbm-dev, libiodbc2-dev, libkrb5-dev, libldap2-dev, libltdl3-dev, libmysqlclient15-dev | libmysqlclient-dev, libpam0g-dev, libpcap-dev, libperl-dev, libpq-dev, libsasl2-dev, libsnmp-dev, libtool, python-dev, libssl-dev

Now you're done, simply browse back to the ~/build_freeradius folder and type:
apt-src build freeradius

You should go through smoothly. After the whole process (which would take some time depending on the system), you should have a few deb package files in your folder. To install them all, simply type:
dpkg -i *.deb

No comments :

Post a Comment