I suggest you file a bug report on this issue in http://tracker.iptel.org/ I don't think you can apply the patch directly and I wouldn't recommend using another client in ser, it will just give you headaches with later versions/fixes. g-)
TZieleniewski wrote:
Peter Nixon napisał(a):
On Mon 29 Jan 2007 17:22, Alan DeKok wrote:
tzieleniewski wrote:
I am using radius to authenticate request from the radiusclient-ng2 with the digest method. I have a strange situation because client log the following problem: "received invalid reply digest from RADIUS server" This is strange because as I read on web this error is due to wrong secrets configuration.
Yes. The shared secrets are wrong, or there is some miscalculation of the reply digest.
I checked a few times and secrets are the same I even tried to reinstall both freeradius and libradiusclient-ng2. Please help me and point what could be a reason for this??
Which OS are you running on? Is it 64-bit? What CPU?
The libradiusclient code MAY be doing MD5 incorrectly.
here is my radius debug (maybe will help): rad_recv: Access-Request packet from host 127.0.0.1 port 32894, id=198, length=300 User-Name = "hellboy@voip.touk.pl" Digest-Attributes = 0x0a0968656c6c626f79 Digest-Attributes = 0x010e766f69702e746f756b2e706c Digest-Attributes = 0x022a343562646565313636643534373338383937363231623565643437303833313236 61316461636633 Digest-Attributes = 0x04187369703a746f6d697840766f69702e746f756b2e706c Digest-Attributes = 0x0308494e56495445 Digest-Attributes = 0x050661757468 Digest-Attributes = 0x090a3030303030303031 Digest-Attributes = 0x08223639464435383136374435424646364631304633363746453943433138333339 Digest-Response = "2c8b62ee23ac6cbe4a551b8b698a509c" Service-Type = 0x0000000f00000000
That looks like a bug in libradiusclient. The Service-Type attribute should be 4 bytes of data, not 8.
SER-Service-Type = 0x0000000300000000 SER-Uri-User = "hellboy" NAS-Port = 0x000013c400000000 NAS-IP-Address = 0x7f00000100000000Again, the NAS-Port & NAS-IP-Address attributes should be 4 bytes of data, not 8.
This makes me suspect you're running on a 64-bit system, and that the libradiusclient code isn't 64-bit clean.
Yes. I _think_ that this is the bug that chris fixed in freeradius-client 2 days ago.
Try using a current snapshot of freeradius-client instead of radiusclient-ng and see if the problem is solved. Here is a link: ftp://ftp.suntel.com.tr/pub/freeradius/snapshots/freeradius-client-snapshot-20070129.tar.bz2
A patch I wrote to make OpenSER use freeradius-client instead of radiusclient-ng is at: https://sourceforge.net/tracker/?func=detail&atid=743022&aid=1631052...
If you run SER instead of OpenSER you may have to fiddle with the patch slightly..
A modified version of the patch has been applied to openser cvs. (See the comments for details)
Cheers
Thank you !
I 've never worked with OpenSer and I have never tried to apply a patch to SER. Could you point me some resources where I can get some more understanding what such patch is and how to apply it ? I read the comments and from them I understood that what I need to do is install FreeRadius Client, because the problem considers client side, and then intergrete ser/openser to use this client. And this is what I don't know exactly how to achieve please help me with this issue.
bests -tomasz
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers