LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 04-11-2013, 07:50 AM   #1
troya
LQ Newbie
 
Registered: Apr 2013
Posts: 20

Rep: Reputation: Disabled
squid_rad_auth: No response from RADIUS server


Hi All,

I have successfully configure freeradius with mysql. i can radtest using command :

Code:
sudo radtest alice password 192.168.2.3 1812 testing123
Sending Access-Request of id 187 to 192.168.2.3 port 1812
    User-Name = "alice"
    User-Password = "password"
    NAS-IP-Address = 127.0.1.1
    NAS-Port = 1812
    Message-Authenticator = 0x00000000000000000000000000000000

rad_recv: Access-Accept packet from host 192.168.2.3 port 1812, id=187, length=20
Now i try squid using radius authentication.

i followed step by step from :

http://safesrv.net/setup-squid-and-f.../#comment-1043

But i got error message log on cache.log

Code:
Warning: Received invalid reply digest from server
Warning: Received invalid reply digest from server
Warning: Received invalid reply digest from server
squid_rad_auth: No response from RADIUS server
On radius -X debug there is error message like bellow :

Sending duplicate reply to client localprivate port 42003 – ID: 2
Sending Access-Reject of id 2 to 192.168.2.3 port 42003
Waking up in 2.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.3 port 42003, id=2, length=63
Sending duplicate reply to client localprivate port 42003 – ID: 2
Sending Access-Reject of id 2 to 192.168.2.3 port 42003
Waking up in 0.9 seconds.
Found Auth-Type = PAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group PAP {…}
[pap] login attempt with password “b9?I? +�(�Ч�Y�?”
[pap] Using clear text password “password”
[pap] Passwords don’t match
++[pap] returns reject
Failed to authenticate the user.
WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
Using Post-Auth-Type REJECT
How i can solve this problem ?

Thanks
 
Old 04-15-2013, 10:58 AM   #2
TB0ne
Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 14,137

Rep: Reputation: 2456Reputation: 2456Reputation: 2456Reputation: 2456Reputation: 2456Reputation: 2456Reputation: 2456Reputation: 2456Reputation: 2456Reputation: 2456Reputation: 2456
Quote:
Originally Posted by troya View Post
Hi All,
I have successfully configure freeradius with mysql. i can radtest using command :
Code:
sudo radtest alice password 192.168.2.3 1812 testing123
Sending Access-Request of id 187 to 192.168.2.3 port 1812
    User-Name = "alice"
    User-Password = "password"
    NAS-IP-Address = 127.0.1.1
    NAS-Port = 1812
    Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 192.168.2.3 port 1812, id=187, length=20
Now i try squid using radius authentication. i followed step by step from :
http://safesrv.net/setup-squid-and-f.../#comment-1043

But i got error message log on cache.log
Code:
Warning: Received invalid reply digest from server
Warning: Received invalid reply digest from server
squid_rad_auth: No response from RADIUS server
Ok...so it's telling you that the RADIUS server for squid_rad_auth isn't responding. Do you have the correct information in the squid_rad_auth.conf file?
Quote:
On radius -X debug there is error message like bellow :
Code:
Sending duplicate reply to client localprivate port 42003 – ID: 2
Sending Access-Reject of id 2 to 192.168.2.3 port 42003
Waking up in 2.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.3 port 42003, id=2, length=63
Sending duplicate reply to client localprivate port 42003 – ID: 2
Sending Access-Reject of id 2 to 192.168.2.3 port 42003
Waking up in 0.9 seconds.
Found Auth-Type = PAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group PAP {…}
[pap] login attempt with password “b9?I? +�(�Ч�Y�?”
[pap] Using clear text password “password”
[pap] Passwords don’t match
++[pap] returns reject
Failed to authenticate the user.
WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
Using Post-Auth-Type REJECT
How i can solve this problem ?
..which goes along with the squid_rad_auth issue...it's telling you that the shared secret you entered is invalid, probably because you put (as it told you), some white spaces, or other bad characters in it. Since it can't use the one it gave, it's using "password" (again, as it's TELLING YOU clearly in the error message). Since password != shared_secret, it's failing. Put the right information in the squid_rad_auth.conf file.
 
Old 04-18-2013, 09:56 PM   #3
troya
LQ Newbie
 
Registered: Apr 2013
Posts: 20

Original Poster
Rep: Reputation: Disabled
Hi TbOne

I found solution from http://wiki.squid-cache.org/ConfigEx...nticate/Radius

Actually i need compile squid from source instead from apt-get

Then i compile with parameter bellow

Code:
 --enable-basic-auth-helpers="squid_radius_auth"

And now everything solved

Thanks
 
Old 04-19-2013, 08:50 AM   #4
TB0ne
Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 14,137

Rep: Reputation: 2456Reputation: 2456Reputation: 2456Reputation: 2456Reputation: 2456Reputation: 2456Reputation: 2456Reputation: 2456Reputation: 2456Reputation: 2456Reputation: 2456
Quote:
Originally Posted by troya View Post
Hi TbOne
I found solution from http://wiki.squid-cache.org/ConfigEx...nticate/Radius

Actually i need compile squid from source instead from apt-get Then i compile with parameter bellow
Code:
 --enable-basic-auth-helpers="squid_radius_auth"
And now everything solved
All you did was put a new .conf file out there when you did the installation. According to Debian, that option was already compiled in.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
radius challenge and response aware ftp-server rosv Linux - Software 3 07-25-2008 02:42 AM
Radius Server jkmreyes Linux - Server 2 03-06-2008 07:56 PM
radius server M_C Linux - General 3 08-14-2007 02:19 AM
pppoe server+radius server configuration ye_adam Linux - Networking 2 01-12-2006 02:36 PM


All times are GMT -5. The time now is 08:35 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration