<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:times new roman,new york,times,serif;font-size:12pt"><div><span class="Apple-style-span" style="font-family: arial,helvetica,clean,sans-serif; line-height: 15px;"><table style="border-collapse: collapse; font-size: inherit; line-height: 1.2em; outline-style: none; display: table;" border="0" cellpadding="0" cellspacing="0"><tbody style="line-height: 1.2em; outline-style: none;"><tr style="line-height: 1.2em; outline-style: none; display: table-row; vertical-align: inherit;"><td style="outline-style: none; display: table-cell; font: inherit;" valign="top">Hi. I'm using squid proxy server with freeradius
authentication with postgresql backend running on Debian Squeeze and I get the following error from
freeradius.<div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"><br style="line-height: 1.2em; outline-style: none;"></div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">./squid_radius_auth -f
/etc/squid3/squid_radius_auth.conf</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">andrei tester</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">Warning: Received invalid reply digest from server</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">Warning:
Received invalid reply digest from server</div>ERR<div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"><br style="line-height: 1.2em; outline-style: none;"></div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">I'll post the files configuration and output from freeradius
debug:</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"><br style="line-height: 1.2em; outline-style: none;"></div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">cat
/etc/squid3/squid_radius_auth.conf</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"># squid_rad_auth
configuration file</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"># MvS: 28-10-1998</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">server 192.168.107.2</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">secret testing</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">--------------------------------------------------------------------------------------------------------------------------------</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"><br style="line-height: 1.2em; outline-style: none;"></div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">freeradius -X stripped output:</div></div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"><br style="line-height: 1.2em; outline-style: none;"></div><div
style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">freeradius -X</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">including configuration file
/etc/freeradius/sites-enabled/default </div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">main {
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"> user = "freerad"
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"> group = "freerad"
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"> allow_core_dumps = no
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">}
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">including dictionary file /etc/freeradius/dictionary
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">main {
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"> prefix = "/usr"
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"> localstatedir = "/var"
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">
logdir = "/var/log/freeradius"
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"> libdir =
"/usr/lib/freeradius" </div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"> radacctdir = "/var/log/freeradius/radacct"
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"> hostname_lookups = no
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"> max_request_time = 30
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"> cleanup_delay = 5
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"> max_requests = 1024
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"> pidfile = "/var/run/freeradius/freeradius.pid"
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"> checkrad =
"/usr/sbin/checkrad" </div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"> debug_level = 0
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"> proxy_requests = no
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"> log {
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"> stripped_names = no
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"> auth = no
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"> auth_badpass = no
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"> auth_goodpass = no
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"> }
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"> security {
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"> max_attributes = 200
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"> reject_delay = 1
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"> status_server = yes
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"> }
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">}
</div>
<br><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">Listening on authentication address * port 1812
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">Listening on accounting address * port 1813
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">Ready to process requests.
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">rad_recv: Access-Request packet from host 192.168.107.2 port
48244, id=1, length=64
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"> User-Name = "andrei"
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">
User-Password = "WIdk\214\356\376G/\215X\367n\246h\224"
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"> NAS-Port = 111
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">
NAS-Port-Type =
Async
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"> NAS-IP-Address = 192.168.107.2
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">+- entering group authorize {...}
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">++[preprocess] returns ok
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
-> /var/log/freeradius/radacct/192.168.107.2/auth-detail-20100129</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/var/log/freeradius/radacct/192.168.107.2/auth-detail-20100129 </div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">[auth_log] expand: %t -> Fri Jan 29
18:34:05 2010
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">++[auth_log]
returns ok
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">++[chap] returns noop
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">++[mschap] returns noop
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">[suffix] No '@' in User-Name = "andrei", looking up realm NULL
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">[suffix] No such realm "NULL"
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">++[suffix] returns noop
<br>++[unix] returns notfound
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">++[files] returns noop
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">[sql] expand: %{User-Name}
-> andrei
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">[sql] sql_set_user escaped user --> 'andrei'
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">rlm_sql (sql): Reserving sql socket id: 4
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">[sql] expand:
SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE
Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName,
Attribute, Value, Op FROM radcheck WHERE Username = 'andrei' ORDER
BY id
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">rlm_sql_postgresql: Status:
PGRES_TUPLES_OK
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">rlm_sql_postgresql: query
affected rows = 1 , fields = 5
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">[sql] User found in radcheck table
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">[sql] expand:
SELECT id, UserName, Attribute, Value, Op FROM radreply WHERE
Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName,
Attribute, Value, Op FROM radreply WHERE Username = 'andrei' ORDER
BY id</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">rlm_sql_postgresql: Status: PGRES_TUPLES_OK</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">rlm_sql_postgresql: query affected rows = 0 , fields = 5</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">[sql] expand: SELECT GroupName FROM radusergroup WHERE
UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT GroupName
FROM radusergroup WHERE UserName='andrei' ORDER BY priority</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">rlm_sql_postgresql: Status: PGRES_TUPLES_OK</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">rlm_sql_postgresql: query affected rows = 0 , fields = 1</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">rlm_sql (sql): Released sql socket id: 4</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">++[sql]
returns ok</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">++[expiration]
returns noop</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">++[logintime] returns noop</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">++[pap] returns updated</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">Found Auth-Type = PAP</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">+- entering group PAP {...}</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">[pap] login
attempt with password "WIdk?��G/?X�n�h?"</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">[pap] Using
clear text password "tester"</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">[pap] Passwords don't match</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">++[pap] returns reject</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">Failed to authenticate
the user.</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"> WARNING: Unprintable characters in the
password. Double-check the shared secret on the server and the
NAS!</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">Using Post-Auth-Type Reject</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">+- entering group REJECT {...}</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">[attr_filter.access_reject]
expand: %{User-Name} -> andrei</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"> attr_filter:
Matched entry DEFAULT at line 11</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">++[attr_filter.access_reject]
returns updated</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">Delaying reject of request 0
for 1 seconds</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">Going to the next request</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">Waking up in 0.9 seconds.</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">Sending delayed reject
for request 0</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">Sending Access-Reject of id 1 to
192.168.107.2 port 48244</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">rad_recv: Access-Request
packet from host 192.168.107.2 port 48244, id=1, length=64</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">Sending duplicate reply to client localhost port 48244 - ID: 1</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">Sending Access-Reject of id 1 to 192.168.107.2 port 48244</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">Waking up in 4.9 seconds.</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">rad_recv: Access-Request
packet from host 192.168.107.2 port 48244, id=1, length=64</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">Sending duplicate reply to client localhost port 48244 - ID: 1</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">Sending Access-Reject of id 1 to 192.168.107.2 port 48244</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">Waking up in 3.9 seconds.</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">rad_recv: Access-Request
packet from host 192.168.107.2 port 48244, id=1, length=64</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">Sending duplicate reply to client localhost port 48244 - ID: 1</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">Sending Access-Reject of id 1 to 192.168.107.2 port 48244</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">Waking up in 2.9 seconds.</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">rad_recv: Access-Request
packet from host 192.168.107.2 port 48244, id=1, length=64</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">Sending duplicate reply to client localhost port 48244 - ID: 1</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">Sending Access-Reject of id 1 to 192.168.107.2 port 48244</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">Waking up in 1.9 seconds.</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">rad_recv: Access-Request
packet from host 192.168.107.2 port 48244, id=1, length=64</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">Sending duplicate reply to client localhost port 48244 - ID: 1</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">Sending Access-Reject of id 1 to 192.168.107.2 port 48244</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">Waking up in 0.9 seconds.</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">Cleaning up request 0 ID 1
with timestamp +3</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">Ready to process requests.</div></div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">----------------------------------------------------------------------------------------------------------------------------------</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">cat /etc/freeradius/clients.conf</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"><br style="line-height: 1.2em; outline-style: none;"></div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">client localhost {
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"> </div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">
ipaddr = 192.168.107.2 </div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"> netmask = 32
</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"> secret =
testing </div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"> require_message_authenticator = no
shortname =
localhost </div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">
nastype = other</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">--------------------------------------------------------------------------------------------------------------------------</div></div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;"><br style="line-height: 1.2em; outline-style: none;"></div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">Somehow the client is not sending the cleartext password from database and this
causes the error.</div><div style="margin: 0px; padding: 0px; line-height: 1.2em; outline-style: none;">The shared secret is correct
as I use the same configuration for a PPPOE server and everything works
as it should. Any hints
?</div></div></td></tr></tbody></table></span></div>
<!-- cg4.c1.mail.mud.yahoo.com compressed Fri Jan 29 11:03:23 PST 2010 -->
</div><br>
</body></html>