On Mon 29 Jan 2007 17:22, Alan DeKok wrote: > tzieleniewski wrote: > > I am using radius to authenticate request from the radiusclient-ng2 with > > the digest method. I have a strange situation because client log the > > following problem: "received invalid reply digest from RADIUS server" > > This is strange because as I read on web this error is due to wrong > > secrets configuration. > > Yes. The shared secrets are wrong, or there is some miscalculation of > the reply digest. > > > I checked a few times and secrets are the same I even tried to reinstall > > both freeradius and libradiusclient-ng2. Please help me and point what > > could be a reason for this?? > > Which OS are you running on? Is it 64-bit? What CPU? > > The libradiusclient code MAY be doing MD5 incorrectly. > > > here is my radius debug (maybe will help): > > rad_recv: Access-Request packet from host 127.0.0.1 port 32894, id=198, > > length=300 User-Name = "[EMAIL PROTECTED]" > > Digest-Attributes = 0x0a0968656c6c626f79 > > Digest-Attributes = 0x010e766f69702e746f756b2e706c > > Digest-Attributes = > > 0x022a343562646565313636643534373338383937363231623565643437303833313236 > >61316461636633 Digest-Attributes = > > 0x04187369703a746f6d697840766f69702e746f756b2e706c Digest-Attributes = > > 0x0308494e56495445 > > Digest-Attributes = 0x050661757468 > > Digest-Attributes = 0x090a3030303030303031 > > Digest-Attributes = > > 0x08223639464435383136374435424646364631304633363746453943433138333339 > > Digest-Response = "2c8b62ee23ac6cbe4a551b8b698a509c" > > Service-Type = 0x0000000f00000000 > > That looks like a bug in libradiusclient. The Service-Type attribute > should be 4 bytes of data, not 8. > > > SER-Service-Type = 0x0000000300000000 > > SER-Uri-User = "hellboy" > > NAS-Port = 0x000013c400000000 > > NAS-IP-Address = 0x7f00000100000000 > > Again, the NAS-Port & NAS-IP-Address attributes should be 4 bytes of > data, not 8. > > This makes me suspect you're running on a 64-bit system, and that the > libradiusclient code isn't 64-bit clean.
Yes. I _think_ that this is the bug that chris fixed in freeradius-client 2 days ago. Try using a current snapshot of freeradius-client instead of radiusclient-ng and see if the problem is solved. Here is a link: ftp://ftp.suntel.com.tr/pub/freeradius/snapshots/freeradius-client-snapshot-20070129.tar.bz2 A patch I wrote to make OpenSER use freeradius-client instead of radiusclient-ng is at: https://sourceforge.net/tracker/?func=detail&atid=743022&aid=1631052&group_id=139143 If you run SER instead of OpenSER you may have to fiddle with the patch slightly.. A modified version of the patch has been applied to openser cvs. (See the comments for details) Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc
pgpfatKorxwTk.pgp
Description: PGP signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html