Yes. I, included, after finding this thread http://lists.cistron.nl/pipermail/freeradius-users/2003-February/015851.html , changed the password to something very simple/stupid one ("aaa" in this case). See below the relevants parts of the config and files...
Edson.
===================================================== /etc/raddb/radius.conf: ... client 127.0.0.1 { secret = aaa shortname = localhost nastype = other } ...
===================================================== /etc/radiuscliente-ng/servers: localhost aaa
===================================================== Diff from what I applied on "sendserver.c": 23a24,25
#define DIGEST_DEBUG 1
404a407,410
#ifdef DIGEST_DEBUG unsigned char *ptr=NULL; #endif
445c451 < rc_log(LOG_ERR, " %s", buf); ---
rc_log(LOG_ERR, " %s\n [%s]", buf,secret);
===================================================== The output on /var/log/messages: tail -n 0 -f /var/log/messages Mar 9 23:23:13 sip ser[20132]: Calculating digest on: Mar 9 23:23:13 sip ser[20132]: 025A002371F7F4A7B1705852E4373463E3D54E5B120F41757468656E74696361 [aaa] Mar 9 23:23:13 sip ser[20132]: 746564616161 [aaa] Mar 9 23:23:13 sip ser[20132]: Digest is: Mar 9 23:23:13 sip ser[20132]: BCE8E8A1E492F1D113363703A29DB10A Mar 9 23:23:13 sip ser[20132]: rc_check_reply: received invalid reply digest from RADIUS server
===================================================== The output from "radiusd -sfxxyz -l stdout": ... Exec-Program output: Exec-Program: returned: 0 radius_xlat: 'Authenticated' Login OK: [8201@208.48.149.39] (from client localhost port 3134307025) ...
===================================================== The output from "ser -TDdd": ... 0(20132) check_nonce(): comparing [4410e43c01d90d951a81556b5efe46e179c00764] and [4410e43c01d90d951a81556b5efe46e179c00764] reply_digest: 8a c7 33 ab 82 3f 86 88 83 38 ea 9f 9e e2 a8 71 calc_digest: bc e8 e8 a1 e4 92 f1 d1 13 36 37 03 a2 9d b1 0a 0(20132) res: -2 0(20132) radius_authorize_sterman(): Failure ...
=====================================================
-----Original Message----- From: Jan Janak [mailto:jan@iptel.org] Sent: quinta-feira, 9 de março de 2006 19:36 To: Edson Cc: serusers@lists.iptel.org Subject: Re: [Serusers] FreeRadius MD5 Problem
Do you have the same shared secret configured in the client library and server ?
Jan.
Edson wrote:
I'm facing some really weird problem. Let's try to explain, but first my config (basically):
OpenSUSE 10.0 FreeRadius 1.0.4-4 RadiusClient-NG 0.5.2 SER 0.9.6 MySQL 5.0.18
THE GOALs: upgrade from SER 0.8.4 to 0.9.6; MySQL from 4.0 to 5.0.
THE SCENE: FreeRadius, using MySQL as back-end, as SER. SER configured
to
consult Radius and make account on both places (Radius and MySQL). I
have
this same configuration running and OK, but on an old version of SER
(0.8.4)
- MySQL 4.0 + RadiusClient-NG 0.5.0. MySQL is running OK and responding
to
all queries, as expected.
THE PROBLEM: with the upgrade the RadiusClient-NG is reporting that the digest (MD5) returned by the Radius server isn't correct. If I tweak the code of sendserver.c (radiusclient-ng-0.5.2/lib/sendserver.c) to compile
it
with DEBUG displays, it shows me that different digests. One that comes
from
FreeRadius and another calculated.
So now I stuck... I can not go on with the upgrade 'til I find a
solution to
this issue. Not using Radius is not a possibility.
Did anybody cross this problem and find a solution?
Edson.
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers