a problem about radius and digest
aland at deployingradius.com
Mon Jan 29 16:22:55 CET 2007
> I am using radius to authenticate request from the radiusclient-ng2 with the digest method.
> I have a strange situation because client log the following problem:
> "received invalid reply digest from RADIUS server"
> This is strange because as I read on web this error is due to wrong secrets configuration.
Yes. The shared secrets are wrong, or there is some miscalculation of
the reply digest.
> I checked a few times and secrets are the same I even tried to reinstall both freeradius and libradiusclient-ng2. Please help me and point what could be a reason for this??
Which OS are you running on? Is it 64-bit? What CPU?
The libradiusclient code MAY be doing MD5 incorrectly.
> here is my radius debug (maybe will help):
> rad_recv: Access-Request packet from host 127.0.0.1 port 32894, id=198, length=300
> User-Name = "hellboy at voip.touk.pl"
> Digest-Attributes = 0x0a0968656c6c626f79
> Digest-Attributes = 0x010e766f69702e746f756b2e706c
> Digest-Attributes = 0x022a34356264656531363664353437333838393736323162356564343730383331323661316461636633
> Digest-Attributes = 0x04187369703a746f6d697840766f69702e746f756b2e706c
> Digest-Attributes = 0x0308494e56495445
> Digest-Attributes = 0x050661757468
> Digest-Attributes = 0x090a3030303030303031
> Digest-Attributes = 0x08223639464435383136374435424646364631304633363746453943433138333339
> Digest-Response = "2c8b62ee23ac6cbe4a551b8b698a509c"
> Service-Type = 0x0000000f00000000
That looks like a bug in libradiusclient. The Service-Type attribute
should be 4 bytes of data, not 8.
> SER-Service-Type = 0x0000000300000000
> SER-Uri-User = "hellboy"
> NAS-Port = 0x000013c400000000
> NAS-IP-Address = 0x7f00000100000000
Again, the NAS-Port & NAS-IP-Address attributes should be 4 bytes of
data, not 8.
This makes me suspect you're running on a 64-bit system, and that the
libradiusclient code isn't 64-bit clean.
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Users