squid_rad_auth: No response from RADIUS server

troya · 04-11-2013, 08:50 AM

Hi All,

I have successfully configure freeradius with mysql. i can radtest using command :

Code:

sudo radtest alice password 192.168.2.3 1812 testing123
Sending Access-Request of id 187 to 192.168.2.3 port 1812
    User-Name = "alice"
    User-Password = "password"
    NAS-IP-Address = 127.0.1.1
    NAS-Port = 1812
    Message-Authenticator = 0x00000000000000000000000000000000

rad_recv: Access-Accept packet from host 192.168.2.3 port 1812, id=187, length=20

Now i try squid using radius authentication.

i followed step by step from :

http://safesrv.net/setup-squid-and-f.../#comment-1043

But i got error message log on cache.log

Code:

Warning: Received invalid reply digest from server
Warning: Received invalid reply digest from server
Warning: Received invalid reply digest from server
squid_rad_auth: No response from RADIUS server
On radius -X debug there is error message like bellow :

Sending duplicate reply to client localprivate port 42003 – ID: 2
Sending Access-Reject of id 2 to 192.168.2.3 port 42003
Waking up in 2.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.3 port 42003, id=2, length=63
Sending duplicate reply to client localprivate port 42003 – ID: 2
Sending Access-Reject of id 2 to 192.168.2.3 port 42003
Waking up in 0.9 seconds.
Found Auth-Type = PAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group PAP {…}
[pap] login attempt with password “b9?I? +�(�Ч�Y�?”
[pap] Using clear text password “password”
[pap] Passwords don’t match
++[pap] returns reject
Failed to authenticate the user.
WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
Using Post-Auth-Type REJECT

How i can solve this problem ?

Thanks

TB0ne · 04-15-2013, 11:58 AM

Quote:

Originally Posted by troya

Hi All,
I have successfully configure freeradius with mysql. i can radtest using command :

Code:

sudo radtest alice password 192.168.2.3 1812 testing123
Sending Access-Request of id 187 to 192.168.2.3 port 1812
    User-Name = "alice"
    User-Password = "password"
    NAS-IP-Address = 127.0.1.1
    NAS-Port = 1812
    Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 192.168.2.3 port 1812, id=187, length=20

Now i try squid using radius authentication. i followed step by step from :
http://safesrv.net/setup-squid-and-f.../#comment-1043

But i got error message log on cache.log

Code:

Warning: Received invalid reply digest from server
Warning: Received invalid reply digest from server
squid_rad_auth: No response from RADIUS server

Ok...so it's telling you that the RADIUS server for squid_rad_auth isn't responding. Do you have the correct information in the squid_rad_auth.conf file?

Quote:

On radius -X debug there is error message like bellow :

Code:

Sending duplicate reply to client localprivate port 42003 – ID: 2
Sending Access-Reject of id 2 to 192.168.2.3 port 42003
Waking up in 2.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.3 port 42003, id=2, length=63
Sending duplicate reply to client localprivate port 42003 – ID: 2
Sending Access-Reject of id 2 to 192.168.2.3 port 42003
Waking up in 0.9 seconds.
Found Auth-Type = PAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group PAP {…}
[pap] login attempt with password “b9?I? +�(�Ч�Y�?”
[pap] Using clear text password “password”
[pap] Passwords don’t match
++[pap] returns reject
Failed to authenticate the user.
WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
Using Post-Auth-Type REJECT

How i can solve this problem ?

..which goes along with the squid_rad_auth issue...it's telling you that the shared secret you entered is invalid, probably because you put (as it told you), some white spaces, or other bad characters in it. Since it can't use the one it gave, it's using "password" (again, as it's TELLING YOU clearly in the error message). Since password != shared_secret, it's failing. Put the right information in the squid_rad_auth.conf file.

troya · 04-18-2013, 10:56 PM

Hi TbOne

I found solution from http://wiki.squid-cache.org/ConfigEx...nticate/Radius

Actually i need compile squid from source instead from apt-get

Then i compile with parameter bellow

Code:

 --enable-basic-auth-helpers="squid_radius_auth"

And now everything solved

Thanks

TB0ne · 04-19-2013, 09:50 AM

Quote:

Originally Posted by troya

Hi TbOne
I found solution from http://wiki.squid-cache.org/ConfigEx...nticate/Radius

Actually i need compile squid from source instead from apt-get Then i compile with parameter bellow

Code:

 --enable-basic-auth-helpers="squid_radius_auth"

And now everything solved

All you did was put a new .conf file out there when you did the installation. According to Debian, that option was already compiled in.