[Serusers] FreeRadius MD5 Problem

Edson 4lists at gmail.com
Fri Mar 10 03:32:42 CET 2006


Yes. I, included, after finding this thread
http://lists.cistron.nl/pipermail/freeradius-users/2003-February/015851.html
, changed the password to something very simple/stupid one ("aaa" in this
case). See below the relevants parts of the config and files...

Edson.

=====================================================
/etc/raddb/radius.conf:
...
client 127.0.0.1 {
        secret          = aaa
        shortname       = localhost
        nastype         = other
}
...

=====================================================
/etc/radiuscliente-ng/servers:
localhost                                       aaa

=====================================================
Diff from what I applied on "sendserver.c":
23a24,25
> #define DIGEST_DEBUG 1
>
404a407,410
> #ifdef DIGEST_DEBUG
>         unsigned char   *ptr=NULL;
> #endif
>
445c451
<                 rc_log(LOG_ERR, "  %s", buf);
---
>                 rc_log(LOG_ERR, "  %s\n  [%s]", buf,secret);

=====================================================
The output on /var/log/messages:
tail -n 0 -f /var/log/messages
Mar  9 23:23:13 sip ser[20132]: Calculating digest on:
Mar  9 23:23:13 sip ser[20132]:
025A002371F7F4A7B1705852E4373463E3D54E5B120F41757468656E74696361   [aaa]
Mar  9 23:23:13 sip ser[20132]:   746564616161   [aaa]
Mar  9 23:23:13 sip ser[20132]: Digest is:
Mar  9 23:23:13 sip ser[20132]:   BCE8E8A1E492F1D113363703A29DB10A
Mar  9 23:23:13 sip ser[20132]: rc_check_reply: received invalid reply
digest from RADIUS server

=====================================================
The output from "radiusd -sfxxyz -l stdout":
...
Exec-Program output:
Exec-Program: returned: 0
radius_xlat:  'Authenticated'
Login OK: [8201 at 208.48.149.39] (from client localhost port 3134307025)
...

=====================================================
The output from "ser -TDdd":
...
0(20132) check_nonce(): comparing [4410e43c01d90d951a81556b5efe46e179c00764]
and [4410e43c01d90d951a81556b5efe46e179c00764]
reply_digest: 8a c7 33 ab 82 3f 86 88 83 38 ea 9f 9e e2 a8 71
calc_digest:  bc e8 e8 a1 e4 92 f1 d1 13 36 37 03 a2 9d b1 0a
 0(20132) res: -2
 0(20132) radius_authorize_sterman(): Failure
...

=====================================================
> -----Original Message-----
> From: Jan Janak [mailto:jan at iptel.org]
> Sent: quinta-feira, 9 de março de 2006 19:36
> To: Edson
> Cc: serusers at lists.iptel.org
> Subject: Re: [Serusers] FreeRadius MD5 Problem
> 
> Do you have the same shared secret configured in the client library and
> server ?
> 
>   Jan.
> 
> Edson wrote:
> > I'm facing some really weird problem. Let's try to explain, but first my
> > config (basically):
> >
> > OpenSUSE 10.0
> > FreeRadius 1.0.4-4
> > RadiusClient-NG 0.5.2
> > SER 0.9.6
> > MySQL 5.0.18
> >
> > THE GOALs: upgrade from SER 0.8.4 to 0.9.6; MySQL from 4.0 to 5.0.
> >
> > THE SCENE: FreeRadius, using MySQL as back-end, as SER. SER configured
> to
> > consult Radius and make account on both places (Radius and MySQL). I
> have
> > this same configuration running and OK, but on an old version of SER
> (0.8.4)
> > + MySQL 4.0 + RadiusClient-NG 0.5.0. MySQL is running OK and responding
> to
> > all queries, as expected.
> >
> > THE PROBLEM: with the upgrade the RadiusClient-NG is reporting that the
> > digest (MD5) returned by the Radius server isn't correct. If I tweak the
> > code of sendserver.c (radiusclient-ng-0.5.2/lib/sendserver.c) to compile
> it
> > with DEBUG displays, it shows me that different digests. One that comes
> from
> > FreeRadius and another calculated.
> >
> > So now I stuck... I can not go on with the upgrade 'til I find a
> solution to
> > this issue. Not using Radius is not a possibility.
> >
> > Did anybody cross this problem and find a solution?
> >
> > Edson.
> >
> > _______________________________________________
> > Serusers mailing list
> > serusers at lists.iptel.org
> > http://lists.iptel.org/mailman/listinfo/serusers
> >




More information about the sr-users mailing list