From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a1) Gecko/20040520 Description of problem: The rlm_ldap module dies with a segmentation fault when used as part of FreeRADIUS when it attempts to bind to the server. When running 'radiusd -xxx -s' with openldap version openldap-2.1.22-8 (from FC1) on FC2 I receive the following: Fri May 28 09:51:52 2004 : Debug: rlm_ldap: attempting LDAP reconnection Fri May 28 09:51:52 2004 : Debug: rlm_ldap: (re)connect to rice.cake.com:636, authentication 0 Fri May 28 09:51:52 2004 : Debug: rlm_ldap: setting TLS mode to 1 Fri May 28 09:51:52 2004 : Debug: rlm_ldap: bind as cn=strongbad,o=sammich/password to rice.cake.com:636 Fri May 28 09:51:53 2004 : Debug: rlm_ldap: waiting for bind result ... Fri May 28 09:51:53 2004 : Debug: rlm_ldap: performing search in ou=ham,o=sammich, with filter cn=homestar Fri May 28 09:51:53 2004 : Debug: ldap_release_conn: Release Id: 0 Fri May 28 09:51:53 2004 : Debug: rlm_ldap: user DN: cn=homestar,ou=ham,o=sammich Fri May 28 09:51:53 2004 : Debug: rlm_ldap: (re)connect to rice.cake.com:636, authentication 1 Fri May 28 09:51:53 2004 : Debug: rlm_ldap: setting TLS mode to 1 Fri May 28 09:51:53 2004 : Debug: rlm_ldap: bind as cn=homestar,ou=ham,o=sammich/password to rice.cake.com:636 Fri May 28 09:51:53 2004 : Debug: rlm_ldap: waiting for bind result ... Fri May 28 09:51:53 2004 : Debug: rlm_ldap: user homestar authenticated succesfully When running 'radiusd -xxx -s' with openldap version openldap-2.1.29-1 (from FC2) on FC2 I receive the following: Fri May 28 10:00:00 2004 : Debug: rlm_ldap: attempting LDAP reconnection Fri May 28 10:00:00 2004 : Debug: rlm_ldap: (re)connect to rice.cake.com:636, authentication 0 Fri May 28 10:00:00 2004 : Debug: rlm_ldap: setting TLS mode to 1 Fri May 28 10:00:00 2004 : Debug: rlm_ldap: bind as cn=strongbad,o=sammich/password to rice.cake.com:636 Segmentation fault There is only one line of configuration in /etc/openldap/ldap.conf; it reads as follows: TLS_CACERT /etc/openldap/riceca Version-Release number of selected component (if applicable): openldap-2.1.29-1 How reproducible: Always Steps to Reproduce: 1. Install FC2 with freeradius and openldap 2. configure freeradius to use ldap authentication to either port 636 or 389 (i.e. this problem occurs with or without ssl 3. attempt to authenticate a user. Actual Results: segmentation fault Expected Results: user should have been properly authenticated Additional info: This problem occurs with or without using SSL; as far as I know there is absolutely no configuration for rlm_ldap when not using SSL and only the one line above for configuring the CA cert for a self signed cert. removing the version of openldap that ships with FC2 and installing the latest version for FC1 corrects the problem.
The rlm_ldap module in FreeRadius seems to needlessly link against libsasl provided by cyrus-sasl. The version of sasl that rlm_ldap links against is different from the version that OpenLDAP links against. The result is a segfault whenever certain sasl functions are used due to API differences between the two sasl library versions. As a result FreeRadius's LDAP support in Fedora Core 2 is completely broken. The upstream bug: http://bugs.freeradius.org/show_bug.cgi?id=73 The workaround that worked for me is to remove: AC_SMART_CHECK_LIB(sasl, sasl_encode) from the configure.in file for the rlm_ldap module directory and regenerate the configure script with autoconf213. This seems like an easy workaround fix to me until upstream wakes up and fixes it.
Thanks I did as outlined above in Bruce Lockes comment; intsalled the freeradius-0.9.3-4.src.rpm unpacked in /usr/src/redhat/SOURCES/freeradius-.0.9.3.tar.gz entered /usr/src/redhat/SOURCES/freeradius-0.9.3/src/modules/rlm_ldap edited configure.in as outlined above ran gmake -f Makefile.in reconfig this failed as it tried to use the -l option for autoconf-2.13 so I had to install the autoconf213 package and move autoconf temporarily and link autoconf to autoconf-2.13, then reran; removed link to autoconf-2.13 and moved the original back; there is probably a better way to do this but I don't know what it is... cd /usr/src/redhat/SOURCES/ tar cvf - freeradius-0.9.3 | gzip > freeradius-0.9.3.tar.gz cd /usr/src/redhat/SPECS rpmbuild -ba freeradius.spec cd /usr/src/redhat/RPMS/i386 rpm -ivh --force freeradius-0.9.3-4.i386.rpm also installed openldap-2.1.29-1 restarted radiusd all appears to be working well Prior to building I had to install the following packages to meet dependencies: net-snmp-utils mysql-devel postgresql-devel net-snmp-devel unixODBC-devel postgresql-libs unixODBC perl-DBD-MySQL perl-DBI mysql
Fedora Core 2 is now maintained by the Fedora Legacy project for security updates only. If this problem is a security issue, please reopen and reassign to the Fedora Legacy product. If it is not a security issue and hasn't been resolved in the current FC3 updates or in the FC4 test release, reopen and change the version to match.
Note that FC1 and FC2 are no longer supported even by Fedora Legacy. Many changes have occurred since these older releases. Please install a supported version of Fedora Core and retest. If this still occurs on FC3 or FC4, please assign to that version and Fedora Legacy. If it still occurs on FC5 or FC6, please reopen and assign to the correct version. Thanks!