LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   squid_rad_auth: No response from RADIUS server (https://www.linuxquestions.org/questions/linux-networking-3/squid_rad_auth-no-response-from-radius-server-4175457784/)

troya 04-11-2013 07:50 AM
squid_rad_auth: No response from RADIUS server
 
Hi All,

I have successfully configure freeradius with mysql. i can radtest using command :

Code:
sudo radtest alice password 192.168.2.3 1812 testing123
Sending Access-Request of id 187 to 192.168.2.3 port 1812
    User-Name = "alice"
    User-Password = "password"
    NAS-IP-Address = 127.0.1.1
    NAS-Port = 1812
    Message-Authenticator = 0x00000000000000000000000000000000

rad_recv: Access-Accept packet from host 192.168.2.3 port 1812, id=187, length=20
Now i try squid using radius authentication.

i followed step by step from :

http://safesrv.net/setup-squid-and-f.../#comment-1043

But i got error message log on cache.log

Code:
Warning: Received invalid reply digest from server
Warning: Received invalid reply digest from server
Warning: Received invalid reply digest from server
squid_rad_auth: No response from RADIUS server
On radius -X debug there is error message like bellow :

Sending duplicate reply to client localprivate port 42003 – ID: 2
Sending Access-Reject of id 2 to 192.168.2.3 port 42003
Waking up in 2.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.3 port 42003, id=2, length=63
Sending duplicate reply to client localprivate port 42003 – ID: 2
Sending Access-Reject of id 2 to 192.168.2.3 port 42003
Waking up in 0.9 seconds.
Found Auth-Type = PAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group PAP {…}
[pap] login attempt with password “b9?I? +�(�Ч�Y�?”
[pap] Using clear text password “password”
[pap] Passwords don’t match
++[pap] returns reject
Failed to authenticate the user.
WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
Using Post-Auth-Type REJECT
How i can solve this problem ?

Thanks

TB0ne 04-15-2013 10:58 AM
Quote:
Originally Posted by troya (Post 4929701)
Hi All,
I have successfully configure freeradius with mysql. i can radtest using command :
Code:
sudo radtest alice password 192.168.2.3 1812 testing123
Sending Access-Request of id 187 to 192.168.2.3 port 1812
    User-Name = "alice"
    User-Password = "password"
    NAS-IP-Address = 127.0.1.1
    NAS-Port = 1812
    Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 192.168.2.3 port 1812, id=187, length=20
Now i try squid using radius authentication. i followed step by step from :
http://safesrv.net/setup-squid-and-f.../#comment-1043

But i got error message log on cache.log
Code:
Warning: Received invalid reply digest from server
Warning: Received invalid reply digest from server
squid_rad_auth: No response from RADIUS server
Ok...so it's telling you that the RADIUS server for squid_rad_auth isn't responding. Do you have the correct information in the squid_rad_auth.conf file?
Quote:
On radius -X debug there is error message like bellow :
Code:
Sending duplicate reply to client localprivate port 42003 – ID: 2
Sending Access-Reject of id 2 to 192.168.2.3 port 42003
Waking up in 2.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.3 port 42003, id=2, length=63
Sending duplicate reply to client localprivate port 42003 – ID: 2
Sending Access-Reject of id 2 to 192.168.2.3 port 42003
Waking up in 0.9 seconds.
Found Auth-Type = PAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group PAP {…}
[pap] login attempt with password “b9?I? +�(�Ч�Y�?”
[pap] Using clear text password “password”
[pap] Passwords don’t match
++[pap] returns reject
Failed to authenticate the user.
WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
Using Post-Auth-Type REJECT
How i can solve this problem ?
..which goes along with the squid_rad_auth issue...it's telling you that the shared secret you entered is invalid, probably because you put (as it told you), some white spaces, or other bad characters in it. Since it can't use the one it gave, it's using "password" (again, as it's TELLING YOU clearly in the error message). Since password != shared_secret, it's failing. Put the right information in the squid_rad_auth.conf file.

troya 04-18-2013 09:56 PM
Hi TbOne

I found solution from http://wiki.squid-cache.org/ConfigEx...nticate/Radius

Actually i need compile squid from source instead from apt-get

Then i compile with parameter bellow

Code:
--enable-basic-auth-helpers="squid_radius_auth"

And now everything solved :)

Thanks

TB0ne 04-19-2013 08:50 AM
Quote:
Originally Posted by troya (Post 4934497)
Hi TbOne
I found solution from http://wiki.squid-cache.org/ConfigEx...nticate/Radius

Actually i need compile squid from source instead from apt-get Then i compile with parameter bellow
Code:
--enable-basic-auth-helpers="squid_radius_auth"
And now everything solved :)
All you did was put a new .conf file out there when you did the installation. According to Debian, that option was already compiled in.


All times are GMT -5. The time now is 02:37 AM.