Radius Squid authentication REJECT

Iftakhul Anwar anwar at meruvian.org
Thu Apr 11 11:35:33 CEST 2013 

I just use enter after my shared secret.

Any suggestions ?


On Thu, Apr 11, 2013 at 4:17 PM, Matthias Nagel
<matthias.h.nagel at gmail.com>wrote:

> Hello,
>
> Am Donnerstag 11 April 2013, 16:07:08 schrieb Iftakhul Anwar:
> > Hi Matthias,
> >
> > I don't use " " on my squid_rad_auth.conf
>
> I know, that is the reason why I asked you to check for non-printable
> characters AFTER your shared secret.
>
> > No space on my scret.
>
> And what is between the last printable character of your secret and the
> new line?
>
> Matthias
>
>
> > This is my squid_rad_auth.conf
> >
> > server 192.168.2.3
> > secret testing123
> >
> > On my radcheck, i also using Cleartext-Password on my racheck table
> >
> > Any another clue ?
> >
> > Thanks
> >
> >
> >
> > On Thu, Apr 11, 2013 at 3:59 PM, Matthias Nagel
> > <matthias.h.nagel at gmail.com>wrote:
> >
> > > Hello,
> > >
> > > did you do what the warning says and double checked the shared secret?
> > >
> > > As far as I see the squid_rad_auth.conf does not use quotation marks
> ("")
> > > to delimit the shared secret. Hence, perhaps you have trailing white
> spaces
> > > or something like that at the end of the line. Delete the line
> "secret" in
> > > squid_rad_auth.conf and type it again. I really mean to delete it in
> order
> > > to get rid of unprintable characters you might not see.
> > >
> > > Matthias
> > >
> > > Am Donnerstag 11 April 2013, 15:47:33 schrieb Iftakhul Anwar:
> > > > Hi All,
> > > >
> > > >
> > > > I have successfully configure freeradius with mysql. i can radtest
> using
> > > > command :
> > > >
> > > > sudo radtest alice password 192.168.2.3 1812 testing123
> > > > Sending Access-Request of id 187 to 192.168.2.3 port 1812
> > > >     User-Name = "alice"
> > > >     User-Password = "password"
> > > >     NAS-IP-Address = 127.0.1.1
> > > >     NAS-Port = 1812
> > > >     Message-Authenticator = 0x00000000000000000000000000000000
> > > >
> > > > rad_recv: Access-Accept packet from host 192.168.2.3 port 1812,
> > > > id=187, length=20
> > > >
> > > > Now i try squid using radius authentication.
> > > >
> > > > i followed step by step from :
> > > >
> > > >
> http://safesrv.net/setup-squid-and-freeradius-on-centos-5/#comment-1043
> > > >
> > > > But i got error message log on cache.log
> > > >
> > > > Warning: Received invalid reply digest from server
> > > > Warning: Received invalid reply digest from server
> > > > Warning: Received invalid reply digest from server
> > > > squid_rad_auth: No response from RADIUS server
> > > >
> > > > On radius -X debug there is error message like bellow :
> > > >
> > > > Sending duplicate reply to client localprivate port 42003 – ID: 2
> > > > Sending Access-Reject of id 2 to 192.168.2.3 port 42003
> > > > Waking up in 2.9 seconds.
> > > > rad_recv: Access-Request packet from host 192.168.2.3 port 42003,
> > > > id=2, length=63
> > > > Sending duplicate reply to client localprivate port 42003 – ID: 2
> > > > Sending Access-Reject of id 2 to 192.168.2.3 port 42003
> > > > Waking up in 0.9 seconds.
> > > > Found Auth-Type = PAP
> > > > # Executing group from file
> /usr/local/etc/raddb/sites-enabled/default
> > > > +- entering group PAP {…}
> > > > [pap] login attempt with password “b9?I? +�(�Ч�Y�?”
> > > > [pap] Using clear text password “password”
> > > > [pap] Passwords don’t match
> > > > ++[pap] returns reject
> > > > Failed to authenticate the user.
> > > > WARNING: Unprintable characters in the password. Double-check the
> > > > shared secret on the server and the NAS!
> > > > Using Post-Auth-Type REJECT
> > > >
> > > > What is that error ? How i can solve this
> > > >
> > > > Thanks
> > > >
> > > >
> > > ----------------------------------------------------------------------
> > > Matthias Nagel
> > > Willy-Andreas-Allee 1, Zimmer 506
> > > 76131 Karlsruhe
> > >
> > > Telefon: +49-721-8695-1506
> > > Mobil: +49-151-15998774
> > > e-Mail: matthias.h.nagel at gmail.com
> > > ICQ: 499797758
> > > Skype: nagmat84
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > > http://www.freeradius.org/list/users.html
> >
> >
> >
> >
> >
> ----------------------------------------------------------------------
> Matthias Nagel
> Willy-Andreas-Allee 1, Zimmer 506
> 76131 Karlsruhe
>
> Telefon: +49-721-8695-1506
> Mobil: +49-151-15998774
> e-Mail: matthias.h.nagel at gmail.com
> ICQ: 499797758
> Skype: nagmat84
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>



-- 
*M.Iftakhul Anwar*
Meruvian Integrator
High Performance Computing / Cloud Computing (HPC/CC)


Office Phone  : 021-93586577
Mobile Phone : 085215331477
Blog               :  http://blog.mervpolis.com/roller/anwar
FB                 :  http://www.facebook.com/troya.adromeda
Website         : www.meruvian.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130411/9551991e/attachment-0001.html>

More information about the Freeradius-Users mailing list