a problem about radius and digest

Alan DeKok aland at deployingradius.com
Mon Jan 29 16:22:55 CET 2007

tzieleniewski wrote:
> I am using radius to authenticate request from the radiusclient-ng2 with the digest method.
> I have a strange situation because client log the following problem: 
> "received invalid reply digest from RADIUS server"
> This is strange because as I read on web this error is due to wrong secrets configuration. 

  Yes.  The shared secrets are wrong, or there is some miscalculation of
the reply digest.

> I checked a few times and secrets are the same I even tried to reinstall both freeradius and libradiusclient-ng2. Please help me and point what could be a reason for this??

  Which OS are you running on?  Is it 64-bit?  What CPU?

  The libradiusclient code MAY be doing MD5 incorrectly.

> here is my radius debug (maybe will help):
> rad_recv: Access-Request packet from host port 32894, id=198, length=300
>         User-Name = "hellboy at voip.touk.pl"
>         Digest-Attributes = 0x0a0968656c6c626f79
>         Digest-Attributes = 0x010e766f69702e746f756b2e706c
>         Digest-Attributes = 0x022a34356264656531363664353437333838393736323162356564343730383331323661316461636633
>         Digest-Attributes = 0x04187369703a746f6d697840766f69702e746f756b2e706c
>         Digest-Attributes = 0x0308494e56495445
>         Digest-Attributes = 0x050661757468
>         Digest-Attributes = 0x090a3030303030303031
>         Digest-Attributes = 0x08223639464435383136374435424646364631304633363746453943433138333339
>         Digest-Response = "2c8b62ee23ac6cbe4a551b8b698a509c"
>         Service-Type = 0x0000000f00000000

  That looks like a bug in libradiusclient.  The Service-Type attribute
should be 4 bytes of data, not 8.

>         SER-Service-Type = 0x0000000300000000
>         SER-Uri-User = "hellboy"
>         NAS-Port = 0x000013c400000000
>         NAS-IP-Address = 0x7f00000100000000

  Again, the NAS-Port & NAS-IP-Address attributes should be 4 bytes of
data, not 8.

  This makes me suspect you're running on a 64-bit system, and that the
libradiusclient code isn't 64-bit clean.

  Alan DeKok.
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog

More information about the Freeradius-Users mailing list