Radius Squid authentication REJECT

Matthias Nagel matthias.h.nagel at gmail.com
Thu Apr 11 11:17:52 CEST 2013


Hello,

Am Donnerstag 11 April 2013, 16:07:08 schrieb Iftakhul Anwar:
> Hi Matthias,
> 
> I don't use " " on my squid_rad_auth.conf

I know, that is the reason why I asked you to check for non-printable characters AFTER your shared secret.

> No space on my scret.

And what is between the last printable character of your secret and the new line?

Matthias


> This is my squid_rad_auth.conf
> 
> server 192.168.2.3
> secret testing123
> 
> On my radcheck, i also using Cleartext-Password on my racheck table
> 
> Any another clue ?
> 
> Thanks
> 
> 
> 
> On Thu, Apr 11, 2013 at 3:59 PM, Matthias Nagel
> <matthias.h.nagel at gmail.com>wrote:
> 
> > Hello,
> >
> > did you do what the warning says and double checked the shared secret?
> >
> > As far as I see the squid_rad_auth.conf does not use quotation marks ("")
> > to delimit the shared secret. Hence, perhaps you have trailing white spaces
> > or something like that at the end of the line. Delete the line "secret" in
> > squid_rad_auth.conf and type it again. I really mean to delete it in order
> > to get rid of unprintable characters you might not see.
> >
> > Matthias
> >
> > Am Donnerstag 11 April 2013, 15:47:33 schrieb Iftakhul Anwar:
> > > Hi All,
> > >
> > >
> > > I have successfully configure freeradius with mysql. i can radtest using
> > > command :
> > >
> > > sudo radtest alice password 192.168.2.3 1812 testing123
> > > Sending Access-Request of id 187 to 192.168.2.3 port 1812
> > >     User-Name = "alice"
> > >     User-Password = "password"
> > >     NAS-IP-Address = 127.0.1.1
> > >     NAS-Port = 1812
> > >     Message-Authenticator = 0x00000000000000000000000000000000
> > >
> > > rad_recv: Access-Accept packet from host 192.168.2.3 port 1812,
> > > id=187, length=20
> > >
> > > Now i try squid using radius authentication.
> > >
> > > i followed step by step from :
> > >
> > > http://safesrv.net/setup-squid-and-freeradius-on-centos-5/#comment-1043
> > >
> > > But i got error message log on cache.log
> > >
> > > Warning: Received invalid reply digest from server
> > > Warning: Received invalid reply digest from server
> > > Warning: Received invalid reply digest from server
> > > squid_rad_auth: No response from RADIUS server
> > >
> > > On radius -X debug there is error message like bellow :
> > >
> > > Sending duplicate reply to client localprivate port 42003 – ID: 2
> > > Sending Access-Reject of id 2 to 192.168.2.3 port 42003
> > > Waking up in 2.9 seconds.
> > > rad_recv: Access-Request packet from host 192.168.2.3 port 42003,
> > > id=2, length=63
> > > Sending duplicate reply to client localprivate port 42003 – ID: 2
> > > Sending Access-Reject of id 2 to 192.168.2.3 port 42003
> > > Waking up in 0.9 seconds.
> > > Found Auth-Type = PAP
> > > # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> > > +- entering group PAP {…}
> > > [pap] login attempt with password “b9?I? +�(�Ч�Y�?”
> > > [pap] Using clear text password “password”
> > > [pap] Passwords don’t match
> > > ++[pap] returns reject
> > > Failed to authenticate the user.
> > > WARNING: Unprintable characters in the password. Double-check the
> > > shared secret on the server and the NAS!
> > > Using Post-Auth-Type REJECT
> > >
> > > What is that error ? How i can solve this
> > >
> > > Thanks
> > >
> > >
> > ----------------------------------------------------------------------
> > Matthias Nagel
> > Willy-Andreas-Allee 1, Zimmer 506
> > 76131 Karlsruhe
> >
> > Telefon: +49-721-8695-1506
> > Mobil: +49-151-15998774
> > e-Mail: matthias.h.nagel at gmail.com
> > ICQ: 499797758
> > Skype: nagmat84
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> 
> 
> 
> 
> 
----------------------------------------------------------------------
Matthias Nagel
Willy-Andreas-Allee 1, Zimmer 506
76131 Karlsruhe

Telefon: +49-721-8695-1506
Mobil: +49-151-15998774
e-Mail: matthias.h.nagel at gmail.com
ICQ: 499797758
Skype: nagmat84



More information about the Freeradius-Users mailing list