Radius Squid authentication REJECT

Matthias Nagel matthias.h.nagel at gmail.com
Thu Apr 11 10:59:48 CEST 2013


Hello,

did you do what the warning says and double checked the shared secret?

As far as I see the squid_rad_auth.conf does not use quotation marks ("") to delimit the shared secret. Hence, perhaps you have trailing white spaces or something like that at the end of the line. Delete the line "secret" in squid_rad_auth.conf and type it again. I really mean to delete it in order to get rid of unprintable characters you might not see.

Matthias

Am Donnerstag 11 April 2013, 15:47:33 schrieb Iftakhul Anwar:
> Hi All,
> 
> 
> I have successfully configure freeradius with mysql. i can radtest using
> command :
> 
> sudo radtest alice password 192.168.2.3 1812 testing123
> Sending Access-Request of id 187 to 192.168.2.3 port 1812
>     User-Name = "alice"
>     User-Password = "password"
>     NAS-IP-Address = 127.0.1.1
>     NAS-Port = 1812
>     Message-Authenticator = 0x00000000000000000000000000000000
> 
> rad_recv: Access-Accept packet from host 192.168.2.3 port 1812,
> id=187, length=20
> 
> Now i try squid using radius authentication.
> 
> i followed step by step from :
> 
> http://safesrv.net/setup-squid-and-freeradius-on-centos-5/#comment-1043
> 
> But i got error message log on cache.log
> 
> Warning: Received invalid reply digest from server
> Warning: Received invalid reply digest from server
> Warning: Received invalid reply digest from server
> squid_rad_auth: No response from RADIUS server
> 
> On radius -X debug there is error message like bellow :
> 
> Sending duplicate reply to client localprivate port 42003 – ID: 2
> Sending Access-Reject of id 2 to 192.168.2.3 port 42003
> Waking up in 2.9 seconds.
> rad_recv: Access-Request packet from host 192.168.2.3 port 42003,
> id=2, length=63
> Sending duplicate reply to client localprivate port 42003 – ID: 2
> Sending Access-Reject of id 2 to 192.168.2.3 port 42003
> Waking up in 0.9 seconds.
> Found Auth-Type = PAP
> # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group PAP {…}
> [pap] login attempt with password “b9?I? +�(�Ч�Y�?”
> [pap] Using clear text password “password”
> [pap] Passwords don’t match
> ++[pap] returns reject
> Failed to authenticate the user.
> WARNING: Unprintable characters in the password. Double-check the
> shared secret on the server and the NAS!
> Using Post-Auth-Type REJECT
> 
> What is that error ? How i can solve this
> 
> Thanks
> 
> 
----------------------------------------------------------------------
Matthias Nagel
Willy-Andreas-Allee 1, Zimmer 506
76131 Karlsruhe

Telefon: +49-721-8695-1506
Mobil: +49-151-15998774
e-Mail: matthias.h.nagel at gmail.com
ICQ: 499797758
Skype: nagmat84



More information about the Freeradius-Users mailing list