| Hi. I'm using squid proxy server with freeradius
authentication with postgresql backend running on Debian Squeeze and I get the following error from
freeradius. ./squid_radius_auth -f
/etc/squid3/squid_radius_auth.conf andrei tester Warning: Received invalid reply digest from server Warning:
Received invalid reply digest from server ERRI'll post the files configuration and output from freeradius
debug: cat
/etc/squid3/squid_radius_auth.conf # squid_rad_auth
configuration file # MvS: 28-10-1998 server 192.168.107.2 secret testing -------------------------------------------------------------------------------------------------------------------------------- freeradius -X stripped output: freeradius -X including configuration file
/etc/freeradius/sites-enabled/default main {
user = "freerad"
group = "freerad"
allow_core_dumps = no
}
including dictionary file /etc/freeradius/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/freeradius"
libdir =
"/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "/var/run/freeradius/freeradius.pid"
checkrad =
"/usr/sbin/checkrad" debug_level = 0
proxy_requests = no
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.107.2 port
48244, id=1, length=64
User-Name = "andrei"
User-Password = "WIdk\214\356\376G/\215X\367n\246h\224"
NAS-Port = 111
NAS-Port-Type =
Async
NAS-IP-Address = 192.168.107.2
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
-> /var/log/freeradius/radacct/192.168.107.2/auth-detail-20100129 [auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/var/log/freeradius/radacct/192.168.107.2/auth-detail-20100129 [auth_log] expand: %t -> Fri Jan 29
18:34:05 2010
++[auth_log]
returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "andrei", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[unix] returns notfound ++[files] returns noop
[sql] expand: %{User-Name}
-> andrei
[sql] sql_set_user escaped user --> 'andrei'
rlm_sql (sql): Reserving sql socket id: 4
[sql] expand:
SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE
Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName,
Attribute, Value, Op FROM radcheck WHERE Username = 'andrei' ORDER
BY id
rlm_sql_postgresql: Status:
PGRES_TUPLES_OK
rlm_sql_postgresql: query
affected rows = 1 , fields = 5
[sql] User found in radcheck table
[sql] expand:
SELECT id, UserName, Attribute, Value, Op FROM radreply WHERE
Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName,
Attribute, Value, Op FROM radreply WHERE Username = 'andrei' ORDER
BY id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 0 , fields = 5 [sql] expand: SELECT GroupName FROM radusergroup WHERE
UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT GroupName
FROM radusergroup WHERE UserName='andrei' ORDER BY priority rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 0 , fields = 1 rlm_sql (sql): Released sql socket id: 4 ++[sql]
returns ok ++[expiration]
returns noop ++[logintime] returns noop ++[pap] returns updated Found Auth-Type = PAP +- entering group PAP {...} [pap] login
attempt with password "WIdk?��G/?X�n�h?" [pap] Using
clear text password "tester" [pap] Passwords don't match ++[pap] returns reject Failed to authenticate
the user. WARNING: Unprintable characters in the
password. Double-check the shared secret on the server and the
NAS! Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject]
expand: %{User-Name} -> andrei attr_filter:
Matched entry DEFAULT at line 11 ++[attr_filter.access_reject]
returns updated Delaying reject of request 0
for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject
for request 0 Sending Access-Reject of id 1 to
192.168.107.2 port 48244 rad_recv: Access-Request
packet from host 192.168.107.2 port 48244, id=1, length=64 Sending duplicate reply to client localhost port 48244 - ID: 1 Sending Access-Reject of id 1 to 192.168.107.2 port 48244 Waking up in 4.9 seconds. rad_recv: Access-Request
packet from host 192.168.107.2 port 48244, id=1, length=64 Sending duplicate reply to client localhost port 48244 - ID: 1 Sending Access-Reject of id 1 to 192.168.107.2 port 48244 Waking up in 3.9 seconds. rad_recv: Access-Request
packet from host 192.168.107.2 port 48244, id=1, length=64 Sending duplicate reply to client localhost port 48244 - ID: 1 Sending Access-Reject of id 1 to 192.168.107.2 port 48244 Waking up in 2.9 seconds. rad_recv: Access-Request
packet from host 192.168.107.2 port 48244, id=1, length=64 Sending duplicate reply to client localhost port 48244 - ID: 1 Sending Access-Reject of id 1 to 192.168.107.2 port 48244 Waking up in 1.9 seconds. rad_recv: Access-Request
packet from host 192.168.107.2 port 48244, id=1, length=64 Sending duplicate reply to client localhost port 48244 - ID: 1 Sending Access-Reject of id 1 to 192.168.107.2 port 48244 Waking up in 0.9 seconds. Cleaning up request 0 ID 1
with timestamp +3 Ready to process requests. ---------------------------------------------------------------------------------------------------------------------------------- cat /etc/freeradius/clients.conf client localhost {
ipaddr = 192.168.107.2 netmask = 32
secret =
testing require_message_authenticator = no
shortname =
localhost
nastype = other -------------------------------------------------------------------------------------------------------------------------- Somehow the client is not sending the cleartext password from database and this
causes the error. The shared secret is correct
as I use the same configuration for a PPPOE server and everything works
as it should. Any hints
? |