[Users] Radius Authentication

Daniel-Constantin Mierla daniel at voice-system.ro
Thu Mar 2 13:28:55 CET 2006 

Hello,

the error:

Mar  1 15:41:43 dell openser-TEST[20789]: rc_check_reply: received invalid reply digest from RADIUS server

comes from the radiusclient-ng library, in file "lib/sendserver.c" at 
line 498. Did you use the same version of radiusclient-ng before?

Cheers,
Daniel

On 03/01/06 22:23, Edson wrote:
> Hi, Guys...
>
> As the MySQL problem is aparently solved I’m facing a Radius issue… I'm using FreeRadius 1.0.4, RadiusCliente-NG 0.5.2 and OpenSER 1.0.1.
>
> If I duplicate the configs used with SER (and that it works fine) I’m unable to authenticate my UA (the same that authenticate with SER). The message with “debug=4” is:
>
> Mar  1 15:41:43 dell openser-TEST[20789]: check_nonce(): comparing [4405ec129258d5cf9c016ade69cf37e33b5af52b] and [4405ec129258d5cf9c016ade69cf37e33b5af52b]
> Mar  1 15:41:43 dell openser-TEST[20789]: rc_check_reply: received invalid reply digest from RADIUS server
> Mar  1 15:41:43 dell openser-TEST[20789]: ERROR:auth_radius:radius_authorize_sterman: rc_auth failed
>
> So I supposed that there were some failed configuration, I looked at my “radiusd.conf” and finded:
>   modules {
>   ...
>     digest {
>     }
>   ...
>   }
>   authorize {
>           preprocess
>           auth_log
>           suffix
>           digest
>           sql
>   }
>   authenticate {
>           digest
>   }
>
> As my FreeRadius back-end is a MySQL database, the 'sql' statement in authorize seems ok. And so do 'digest' in 'autheticate' section.
> The question remains: Why are OpenSER complain on Radius response? Maybe it's because of the sterman schema (?).... 
>
> Anyway, I try to test the server using the radtest tool. The output seems good to me:
>
> # radtest 8201 at DOMAIN.VALID 8201 127.0.0.1 12345 MyServerPassword
> Sending Access-Request of id 255 to 127.0.0.1:1812
>         User-Name = "8201 at DOMAIN.VALID"
>         User-Password = "8201"
>         NAS-IP-Address = sip
>         NAS-Port = 12345
> rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=255, length=35
>         Reply-Message = "Authenticated"
>
> So I discard FreeRadius config. Is this related on the value of “Reply-Message”? I already read all Radius material that I found on OpenSER web-page…
>
> What am I doing wrong? What am I missing? As this same configs work with SER 0.9.2, why did it not with OpenSER 1.0.x?
>
> Edson.
>
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/users
>
>

More information about the Users mailing list