rlm_digest failing after upgrade from 2.1.12 to 2.2.5
Daniel Pocock
daniel at pocock.pro
Thu Oct 22 17:25:30 CEST 2015
On 22/10/15 17:07, Alan DeKok wrote:
> On Oct 22, 2015, at 3:21 AM, Daniel Pocock <daniel at pocock.pro> wrote:
>>> We tried that, we can see freeradius is authorizing the requests
>>>
>>> libfreeradius-client is logging the following:
>>>
>>> rc_check_reply: received invalid reply digest from RADIUS server
>
> So the shared secret is wrong.
>
>> I disabled the check in the libfreeradius-client code and everything
>> else appears to work (commenting out the return BADRESP_RC):
>
> Which means anyone can forge replies to authentication packets.
>
> Don't do that. Fix the shared secret.
>
I'm not suggesting that this change be merged like a pull request
The shared secret was not changed when upgrading the system from Debian
wheezy to jessie. We compared the client and server configs and the
secret appears to be the same in both. It had all been working fine for
quite some time. If nobody has seen anything like this before, I'll try
adding some more logging code or running it in a debugger.
Regards,
Daniel
More information about the Freeradius-Users
mailing list