10 Mar
2006
10 Mar
'06
4:32 a.m.
Yes. I, included, after finding this thread
http://lists.cistron.nl/pipermail/freeradius-users/2003-February/015851.html
, changed the password to something very simple/stupid one ("aaa" in this
case). See below the relevants parts of the config and files...
Edson.
=====================================================
/etc/raddb/radius.conf:
...
client 127.0.0.1 {
secret = aaa
shortname = localhost
nastype = other
}
...
=====================================================
/etc/radiuscliente-ng/servers:
localhost aaa
=====================================================
Diff from what I applied on "sendserver.c":
23a24,25
#define DIGEST_DEBUG 1
404a407,410
#ifdef DIGEST_DEBUG
unsigned char *ptr=NULL;
#endif
445c451
< rc_log(LOG_ERR, " %s", buf);
---
rc_log(LOG_ERR, " %s\n
[%s]", buf,secret);
=====================================================
The output on /var/log/messages:
tail -n 0 -f /var/log/messages
Mar 9 23:23:13 sip ser[20132]: Calculating digest on:
Mar 9 23:23:13 sip ser[20132]:
025A002371F7F4A7B1705852E4373463E3D54E5B120F41757468656E74696361 [aaa]
Mar 9 23:23:13 sip ser[20132]: 746564616161 [aaa]
Mar 9 23:23:13 sip ser[20132]: Digest is:
Mar 9 23:23:13 sip ser[20132]: BCE8E8A1E492F1D113363703A29DB10A
Mar 9 23:23:13 sip ser[20132]: rc_check_reply: received invalid reply
digest from RADIUS server
=====================================================
The output from "radiusd -sfxxyz -l stdout":
...
Exec-Program output:
Exec-Program: returned: 0
radius_xlat: 'Authenticated'
Login OK: [8201(a)208.48.149.39] (from client localhost port 3134307025)
...
=====================================================
The output from "ser -TDdd":
...
0(20132) check_nonce(): comparing [4410e43c01d90d951a81556b5efe46e179c00764]
and [4410e43c01d90d951a81556b5efe46e179c00764]
reply_digest: 8a c7 33 ab 82 3f 86 88 83 38 ea 9f 9e e2 a8 71
calc_digest: bc e8 e8 a1 e4 92 f1 d1 13 36 37 03 a2 9d b1 0a
0(20132) res: -2
0(20132) radius_authorize_sterman(): Failure
...
=====================================================
-----Original Message-----
From: Jan Janak [mailto:jan@iptel.org]
Sent: quinta-feira, 9 de março de 2006 19:36
To: Edson
Cc: serusers(a)lists.iptel.org
Subject: Re: [Serusers] FreeRadius MD5 Problem
Do you have the same shared secret configured in the client library and
server ?
Jan.
Edson wrote:
I'm facing some really weird problem.
Let's try to explain, but first my
config (basically):
OpenSUSE 10.0
FreeRadius 1.0.4-4
RadiusClient-NG 0.5.2
SER 0.9.6
MySQL 5.0.18
THE GOALs: upgrade from SER 0.8.4 to 0.9.6; MySQL from 4.0 to 5.0.
THE SCENE: FreeRadius, using MySQL as back-end, as SER. SER configured
to
consult Radius and make account on both places
(Radius and MySQL). I
have
this same configuration running and OK, but on an
old version of SER
(0.8.4)
+ MySQL 4.0 + RadiusClient-NG 0.5.0. MySQL is
running OK and responding
to
all queries, as expected.
THE PROBLEM: with the upgrade the RadiusClient-NG is reporting that the
digest (MD5) returned by the Radius server isn't correct. If I tweak the
code of sendserver.c (radiusclient-ng-0.5.2/lib/sendserver.c) to compile
it
with DEBUG displays, it shows me that different
digests. One that comes
from
FreeRadius and another calculated.
So now I stuck... I can not go on with the upgrade 'til I find a
solution to
> this issue. Not using Radius is not a possibility.
>
> Did anybody cross this problem and find a solution?
>
> Edson.
>
> _______________________________________________
> Serusers mailing list
> serusers(a)lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>