a problem about radius and digest

tzieleniewski tzieleniewski at o2.pl
Mon Jan 29 14:29:27 CET 2007 

Hi!

I am using radius to authenticate request from the radiusclient-ng2 with the digest method.
I have a strange situation because client log the following problem: 
"received invalid reply digest from RADIUS server"
This is strange because as I read on web this error is due to wrong secrets configuration. 
I checked a few times and secrets are the same I even tried to reinstall both freeradius and libradiusclient-ng2. Please help me and point what could be a reason for this??

here is my radius debug (maybe will help):
rad_recv: Access-Request packet from host 127.0.0.1 port 32894, id=198, length=300
        User-Name = "hellboy at voip.touk.pl"
        Digest-Attributes = 0x0a0968656c6c626f79
        Digest-Attributes = 0x010e766f69702e746f756b2e706c
        Digest-Attributes = 0x022a34356264656531363664353437333838393736323162356564343730383331323661316461636633
        Digest-Attributes = 0x04187369703a746f6d697840766f69702e746f756b2e706c
        Digest-Attributes = 0x0308494e56495445
        Digest-Attributes = 0x050661757468
        Digest-Attributes = 0x090a3030303030303031
        Digest-Attributes = 0x08223639464435383136374435424646364631304633363746453943433138333339
        Digest-Response = "2c8b62ee23ac6cbe4a551b8b698a509c"
        Service-Type = 0x0000000f00000000
        SER-Service-Type = 0x0000000300000000
        SER-Uri-User = "hellboy"
        NAS-Port = 0x000013c400000000
        NAS-IP-Address = 0x7f00000100000000
  Processing the authorize section of radiusd.conf
modcall:  entering group authorize for request 1
  modcall[authorize]: module "preprocess" returns ok for request 1
radius_xlat:  '/var/log/radiusd/radacct/127.0.0.1/detail-200701'
rlm_detail: /var/log/radiusd/radacct/%{Client-IP-Address}/detail-%Y%m expands to /var/log/radiusd/radacct/127.0.0.1/detail-200701
radius_xlat:  'Mon Jan 29 13:47:38 2007'
  modcall[authorize]: module "detail" returns ok for request 1
radius_xlat:  '/var/log/radiusd/radacct/127.0.0.1/auth-detail-200701'
rlm_detail: /var/log/radiusd/radacct/%{Client-IP-Address}/auth-detail-%Y%m expands to /var/log/radiusd/radacct/127.0.0.1/auth-detail-200701
radius_xlat:  'Mon Jan 29 13:47:38 2007'
  modcall[authorize]: module "auth_log" returns ok for request 1
rlm_digest: Adding Auth-Type = DIGEST
  modcall[authorize]: module "digest" returns ok for request 1
    users: Matched entry hellboy at voip.touk.pl at line 3
radius_xlat:  'hellboy at voip.touk.pl'
  modcall[authorize]: module "files" returns ok for request 1
  modcall[authorize]: module "expiration" returns noop for request 1
  modcall[authorize]: module "logintime" returns noop for request 1
rlm_pap: Found existing Auth-Type, not changing it.
  modcall[authorize]: module "pap" returns noop for request 1
modcall: group authorize returns ok for request 1
  rad_check_password:  Found Auth-Type DIGEST
auth: type "Digest"
  Processing the authenticate section of radiusd.conf
modcall:  entering group Digest for request 1
    rlm_digest: Converting Digest-Attributes to something sane...
        Digest-User-Name = "hellboy"
        Digest-Realm = "voip.touk.pl"
        Digest-Nonce = "45bdee166d54738897621b5ed47083126a1dacf3"
        Digest-URI = "sip:tomix at voip.touk.pl"
        Digest-Method = "INVITE"
        Digest-QOP = "auth"
        Digest-Nonce-Count = "00000001"
        Digest-CNonce = "69FD58167D5BFF6F10F367FE9CC18339"
A1 = hellboy:voip.touk.pl:hellboy
A2 = INVITE:sip:tomix at voip.touk.pl
H(A1) = a383a13215180e1f7d2fc755c99af602
H(A2) = 429a8006b569afff5cd5fe2a50024c56
KD = a383a13215180e1f7d2fc755c99af602:45bdee166d54738897621b5ed47083126a1dacf3:00000001:69FD58167D5BFF6F10F367FE9CC18339:auth:429a8006b569afff5cd5fe2a50024c56
EXPECTED 2c8b62ee23ac6cbe4a551b8b698a509c
RECEIVED 2c8b62ee23ac6cbe4a551b8b698a509c
  modcall[authenticate]: module "digest" returns ok for request 1
modcall: group Digest returns ok for request 1
Login OK: [hellboy at voip.touk.pl/<via Auth-Type = DIGEST>] (from client localhost port 0)
  Processing the post-auth section of radiusd.conf
modcall:  entering group post-auth for request 1
radius_xlat:  '/var/log/radiusd/radacct/127.0.0.1/reply-detail-200701'
rlm_detail: /var/log/radiusd/radacct/%{Client-IP-Address}/reply-detail-%Y%m expands to /var/log/radiusd/radacct/127.0.0.1/reply-detail-200701
radius_xlat:  'Mon Jan 29 13:47:38 2007'
  modcall[post-auth]: module "reply_log" returns ok for request 1
modcall: group post-auth returns ok for request 1
Sending Access-Accept of id 198 to 127.0.0.1 port 32894
        SER-UID = "hellboy at voip.touk.pl"
        Reply-Message = "Authenticated"
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 5 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 198 with timestamp 45bdecea
Nothing to do.  Sleeping until we see a request.


Bests
 Tomasz

More information about the Freeradius-Users mailing list