Bug 1031035

Summary: Remove radeapclient
Product: Red Hat Enterprise Linux 7 Reporter: David Spurek <dspurek>
Component: freeradiusAssignee: John Dennis <jdennis>
Status: CLOSED CURRENTRELEASE QA Contact: Eduard Benes <ebenes>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.0CC: dpal, dspurek, ebenes, jdennis, ksrot, pkis
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: freeradius-3.0.0-4.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-13 11:50:39 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1000455    

Description David Spurek 2013-11-15 14:05:58 UTC 
Description of problem:
missing radeapclient, 'radtest -4 -t eap-md5 ...' fails due this problem 

Version-Release number of selected component (if applicable):
freeradius-3.0.0-2.el7

How reproducible:
always

Steps to Reproduce:
1.start freeradius server
2.radtest -4 -t eap-md5 ..
3.

Actual results:
radtest: No 'radeapclient' program was found.  Cannot perform EAP-MD5.

Expected results:
command should pass

Additional info:
Comment 2 John Dennis 2013-11-20 20:20:07 UTC 
Status update:

I have determined the following:

1) radeapclient is not in the utils package because it's not installed by the upstream build

2) the upstream build does not install it because it's not built

3) it's not built because it won't compile

4) it's been hacked on to bring it into line with the 3.0 source code, but is still far from being being ported correctly.

I pinged upstream with respect to this and got this reply:

-------------------------------------------------------------------------
  It isn't in 3.0 because the build fails.  If the fix was easy, we
would have fixed it, and put it into 3.0.

  As always, patches are welcome.

  Though to be honest, it's probably better to fix radclient to do
EAP-MD5 and EAP-MSCHAP.  There's no reason for it to do more than that.
 eapol_test works better.  And there are few reasons to have two RADIUS
clients in the server source.
-------------------------------------------------------------------------

I conclude radeapclient should be replaced by eapol_test, but there are a few issues.

1) radtest depends on radeapclient, radtest is used by our RHTS tests. Therefore radtest must be modified either to use eapol_test or generate an error if one tries to perform eap testing with radtest. radtest is perhaps an ill conceived test tool (another topic).

2) eapol_test is not part of the freeradius package, it's part of the wpa_supplicant but is not built and included in the wpa_supplicant RPM (see below for important update). Some of the existing RHTS tests download the wpa_package and build the eapol_test utilitiy (an expensive and time consuming operation per test).

3) The lack of eapol_test in wpa_supplicant was filed as bug against RHEL-5 in this bug #638218 which is now closed as WONTFIX. However as I note in comment https://bugzilla.redhat.com/show_bug.cgi?id=638218#c12

--------------------------------------------------------------------------

FWIW, eapol_test is currently being built in the 2.x versions now in RHEL-7 and Fedora >= 19

Looks like this fix was introduced with this changelog entry

 Wed Jul 10 2013 Dan Williamsw <dcbw> - 1:2.0-5
- Build and package eapol_test (rh #638218)

Note it references this bug, but this bug is closed as WONTFIX, but this bug is against RHEL-5.

Summary, for those looking for eapol_test, it is now in Fedora >= 19 and will appear in RHEL-7.
-----------------------------------------------------------------------------

Therefore for RHEL-7 testing (which is the subject of this bug the availability of eapol_test is a non-issue, RHTS can just depend on the wpa_supplicant package in RHEL-7.

============================================================================

I have a working replacement for the eap-md5 test case using eapol_test instead of the legacy radeaplient (just finished sorting out why eapol_test thought the eapmd5 failed when it was actually successful, one has to tell eapol_test not to expect MPPE keys).

In summary I've diagnosed the issues and have a proof-of-concept (POC) workaround which I believe should be incorporated into the RHTS tests. I believe I also will need to provide 1 additional eapol_test config file for one other eap method used by radtest.

I still need to go through all the RHTS tests and see what needs updating and I still need to fix radtest in some fashion. Also the current freeradius package installs the radeapclient man page despite the fact it's not present, this also needs fixing.

My plan is to leave it up to QE to figure out how to version their tests (testing FR3.x won't be the same as testing FR2.x). Fortunately eapol_test appears in a supported package simultaneously with FR3.x in both Fedora and RHEL. I will provide suggested fixes for RHTS tests but let the QE team integrate those changes since they are more knowledgeable about their needs and the contraints the tests must operate under.
Comment 9 Ludek Smid 2014-06-13 11:50:39 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.