a problem about radius and digest

tzieleniewski tzieleniewski at o2.pl
Mon Jan 29 16:41:45 CET 2007 

Hi!!
I am runnig Debian etch release OS on the 64 bit CPU
below is the detailed CPU information:

processor       : 0
vendor_id       : AuthenticAMD
cpu family      : 15
model           : 35
model name      : AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
stepping        : 2
cpu MHz         : 2010.300
cache size      : 512 KB
physical id     : 0
siblings        : 1
core id         : 0
cpu cores       : 1
fpu             : yes
fpu_exception   : yes
cpuid level     : 1
wp              : yes
flags           : fpu tsc msr pae mce cx8 apic mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt lm 3dnowext 3dnow pni lahf_lm cmp_legacy
bogomips        : 5027.24
TLB size        : 1024 4K pages
clflush size    : 64
cache_alignment : 64
address sizes   : 40 bits physical, 48 bits virtual
power management: ts fid vid ttp


> tzieleniewski wrote:
> > I am using radius to authenticate request from the radiusclient-ng2 with the digest method.
> > I have a strange situation because client log the following problem: 
> > "received invalid reply digest from RADIUS server"
> > This is strange because as I read on web this error is due to wrong secrets configuration. 
> 
>   Yes.  The shared secrets are wrong, or there is some miscalculation of
> the reply digest.
> 
> > I checked a few times and secrets are the same I even tried to reinstall both freeradius and libradiusclient-ng2. Please help me and point what could be a reason for this??
> 
>   Which OS are you running on?  Is it 64-bit?  What CPU?
> 
>   The libradiusclient code MAY be doing MD5 incorrectly.
> 
> 
> > here is my radius debug (maybe will help):
> > rad_recv: Access-Request packet from host 127.0.0.1 port 32894, id=198, length=300
> >         User-Name = "hellboy at voip.touk.pl"
> >         Digest-Attributes = 0x0a0968656c6c626f79
> >         Digest-Attributes = 0x010e766f69702e746f756b2e706c
> >         Digest-Attributes = 0x022a34356264656531363664353437333838393736323162356564343730383331323661316461636633
> >         Digest-Attributes = 0x04187369703a746f6d697840766f69702e746f756b2e706c
> >         Digest-Attributes = 0x0308494e56495445
> >         Digest-Attributes = 0x050661757468
> >         Digest-Attributes = 0x090a3030303030303031
> >         Digest-Attributes = 0x08223639464435383136374435424646364631304633363746453943433138333339
> >         Digest-Response = "2c8b62ee23ac6cbe4a551b8b698a509c"
> >         Service-Type = 0x0000000f00000000
> 
>   That looks like a bug in libradiusclient.  The Service-Type attribute
> should be 4 bytes of data, not 8.
> 
> >         SER-Service-Type = 0x0000000300000000
> >         SER-Uri-User = "hellboy"
> >         NAS-Port = 0x000013c400000000
> >         NAS-IP-Address = 0x7f00000100000000
> 
>   Again, the NAS-Port & NAS-IP-Address attributes should be 4 bytes of
> data, not 8.
> 
>   This makes me suspect you're running on a 64-bit system, and that the
> libradiusclient code isn't 64-bit clean.
> 
>   Alan DeKok.
> --
>   http://deployingradius.com       - The web site of the book
>   http://deployingradius.com/blog/ - The blog
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list