Radius Squid authentication REJECT

Thu Apr 11 11:07:08 CEST 2013

Hi Matthias,

I don't use " " on my squid_rad_auth.conf.No space on my scret.
This is my squid_rad_auth.conf

server 192.168.2.3
secret testing123

On my radcheck, i also using Cleartext-Password on my racheck table

Any another clue ?

Thanks

On Thu, Apr 11, 2013 at 3:59 PM, Matthias Nagel
<matthias.h.nagel at gmail.com>wrote:

> Hello,
>
> did you do what the warning says and double checked the shared secret?
>
> As far as I see the squid_rad_auth.conf does not use quotation marks ("")
> to delimit the shared secret. Hence, perhaps you have trailing white spaces
> or something like that at the end of the line. Delete the line "secret" in
> squid_rad_auth.conf and type it again. I really mean to delete it in order
> to get rid of unprintable characters you might not see.
>
> Matthias
>
> Am Donnerstag 11 April 2013, 15:47:33 schrieb Iftakhul Anwar:
> > Hi All,
> >
> >
> > I have successfully configure freeradius with mysql. i can radtest using
> > command :
> >
> > sudo radtest alice password 192.168.2.3 1812 testing123
> > Sending Access-Request of id 187 to 192.168.2.3 port 1812
> >     User-Name = "alice"
> >     User-Password = "password"
> >     NAS-IP-Address = 127.0.1.1
> >     NAS-Port = 1812
> >     Message-Authenticator = 0x00000000000000000000000000000000
> >
> > rad_recv: Access-Accept packet from host 192.168.2.3 port 1812,
> > id=187, length=20
> >
> > Now i try squid using radius authentication.
> >
> > i followed step by step from :
> >
> > http://safesrv.net/setup-squid-and-freeradius-on-centos-5/#comment-1043
> >
> > But i got error message log on cache.log
> >
> > Warning: Received invalid reply digest from server
> > Warning: Received invalid reply digest from server
> > Warning: Received invalid reply digest from server
> > squid_rad_auth: No response from RADIUS server
> >
> > On radius -X debug there is error message like bellow :
> >
> > Sending duplicate reply to client localprivate port 42003 – ID: 2
> > Sending Access-Reject of id 2 to 192.168.2.3 port 42003
> > Waking up in 2.9 seconds.
> > rad_recv: Access-Request packet from host 192.168.2.3 port 42003,
> > id=2, length=63
> > Sending duplicate reply to client localprivate port 42003 – ID: 2
> > Sending Access-Reject of id 2 to 192.168.2.3 port 42003
> > Waking up in 0.9 seconds.
> > Found Auth-Type = PAP
> > # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> > +- entering group PAP {…}
> > [pap] login attempt with password “b9?I? +�(�Ч�Y�?”
> > [pap] Using clear text password “password”
> > [pap] Passwords don’t match
> > ++[pap] returns reject
> > Failed to authenticate the user.
> > WARNING: Unprintable characters in the password. Double-check the
> > shared secret on the server and the NAS!
> > Using Post-Auth-Type REJECT
> >
> > What is that error ? How i can solve this
> >
> > Thanks
> >
> >
> ----------------------------------------------------------------------
> Matthias Nagel
> Willy-Andreas-Allee 1, Zimmer 506
> 76131 Karlsruhe
>
> Telefon: +49-721-8695-1506
> Mobil: +49-151-15998774
> e-Mail: matthias.h.nagel at gmail.com
> ICQ: 499797758
> Skype: nagmat84
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

-- 
*M.Iftakhul Anwar*
Meruvian Integrator
High Performance Computing / Cloud Computing (HPC/CC)

Office Phone  : 021-93586577
Mobile Phone : 085215331477
Blog               :  http://blog.mervpolis.com/roller/anwar
FB                 :  http://www.facebook.com/troya.adromeda
Website         : www.meruvian.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130411/f24541eb/attachment.html>