Hi. I'm using squid proxy server with freeradius authentication with postgresql backend running on Debian Squeeze and I get the following error from freeradius. ./squid_radius_auth -f /etc/squid3/squid_radius_auth.conf andrei tester Warning: Received invalid reply digest from server Warning: Received invalid reply digest from serverERR I'll post the files configuration and output from freeradius debug: cat /etc/squid3/squid_radius_auth.conf # squid_rad_auth configuration file # MvS: 28-10-1998 server 192.168.107.2 secret testing -------------------------------------------------------------------------------------------------------------------------------- freeradius -X stripped output: freeradius -X including configuration file /etc/freeradius/sites-enabled/default main { user = "freerad" group = "freerad" allow_core_dumps = no } including dictionary file /etc/freeradius/dictionary main { prefix = "/usr" localstatedir = "/var" logdir = "/var/log/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/freeradius/freeradius.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = no log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes } } Listening on authentication address * port 1812 Listening on accounting address * port 1813 Ready to process requests. rad_recv: Access-Request packet from host 192.168.107.2 port 48244, id=1, length=64 User-Name = "andrei" User-Password = "WIdk\214\356\376G/\215X\367n\246h\224" NAS-Port = 111 NAS-Port-Type = Async NAS-IP-Address = 192.168.107.2 +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/192.168.107.2/auth-detail-20100129 [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.107.2/auth-detail-20100129 [auth_log] expand: %t -> Fri Jan 29 18:34:05 2010 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "andrei", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[unix] returns notfound ++[files] returns noop [sql] expand: %{User-Name} -> andrei [sql] sql_set_user escaped user --> 'andrei' rlm_sql (sql): Reserving sql socket id: 4 [sql] expand: SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = 'andrei' ORDER BY id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 1 , fields = 5 [sql] User found in radcheck table [sql] expand: SELECT id, UserName, Attribute, Value, Op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value, Op FROM radreply WHERE Username = 'andrei' ORDER BY id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 0 , fields = 5 [sql] expand: SELECT GroupName FROM radusergroup WHERE UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT GroupName FROM radusergroup WHERE UserName='andrei' ORDER BY priority rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 0 , fields = 1 rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated Found Auth-Type = PAP +- entering group PAP {...} [pap] login attempt with password "WIdk?��G/?X�n�h?" [pap] Using clear text password "tester" [pap] Passwords don't match ++[pap] returns reject Failed to authenticate the user. WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> andrei attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 1 to 192.168.107.2 port 48244 rad_recv: Access-Request packet from host 192.168.107.2 port 48244, id=1, length=64 Sending duplicate reply to client localhost port 48244 - ID: 1 Sending Access-Reject of id 1 to 192.168.107.2 port 48244 Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.107.2 port 48244, id=1, length=64 Sending duplicate reply to client localhost port 48244 - ID: 1 Sending Access-Reject of id 1 to 192.168.107.2 port 48244 Waking up in 3.9 seconds. rad_recv: Access-Request packet from host 192.168.107.2 port 48244, id=1, length=64 Sending duplicate reply to client localhost port 48244 - ID: 1 Sending Access-Reject of id 1 to 192.168.107.2 port 48244 Waking up in 2.9 seconds. rad_recv: Access-Request packet from host 192.168.107.2 port 48244, id=1, length=64 Sending duplicate reply to client localhost port 48244 - ID: 1 Sending Access-Reject of id 1 to 192.168.107.2 port 48244 Waking up in 1.9 seconds. rad_recv: Access-Request packet from host 192.168.107.2 port 48244, id=1, length=64 Sending duplicate reply to client localhost port 48244 - ID: 1 Sending Access-Reject of id 1 to 192.168.107.2 port 48244 Waking up in 0.9 seconds. Cleaning up request 0 ID 1 with timestamp +3 Ready to process requests. ---------------------------------------------------------------------------------------------------------------------------------- cat /etc/freeradius/clients.conf client localhost { ipaddr = 192.168.107.2 netmask = 32 secret = testing require_message_authenticator = no shortname = localhost nastype = other -------------------------------------------------------------------------------------------------------------------------- Somehow the client is not sending the cleartext password from database and this causes the error. The shared secret is correct as I use the same configuration for a PPPOE server and everything works as it should. Any hints ?