Alexandre3
(usa Debian)
Enviado em 10/06/2017 - 20:23h
Olá a todos do VOL.
Aqui na empresa libero Wi-fi para visitantes através de um portal interno dos APs Aruba, a autenticação é feita em um servidor Freeradius/MySQL. Agora preciso logar esses acessos, então instalei o Squid e gostaria de autenticar os usuários neste mesmo Freeradius, no entanto fico obtendo a seguinte mensagem ao tentar autenticar: Warning: Received invalid reply digest from server, procurei por toda a parte e todos dizem que a secret key provavelmente estaria errada, mas não pude enchergar o erro.
Agradeço toda a ajuda.
Autenticação: squid_radius_auth-1.10.tar.gz
Squid Cache: Version 3.5.20
[root@pd ~]# /usr/local/squid/libexec/squid_radius_auth -f /usr/local/squid/etc/squid_radius_auth.conf
alexandre abcdef
Warning: Received invalid reply digest from server
Warning: Received invalid reply digest from server
Warning: Received invalid reply digest from server
squid_rad_auth: No response from RADIUS server
[root@pd ~]# cat /usr/local/squid/etc/squid_radius_auth.conf
# squid_rad_auth configuration file
# MvS: 28-10-1998
server 10.241.10.175
secret testing123
[root@pd ~]# /usr/local/squid/libexec/squid_radius_auth -h 10.241.10.175 -w testing123
alexandre abcdef
Warning: Received invalid reply digest from server
Warning: Received invalid reply digest from server
Warning: Received invalid reply digest from server
squid_rad_auth: No response from RADIUS server
[root@pd ~]# radtest alexandre abcdef 10.241.10.175 1812 testing123
Sending Access-Request Id 72 from 0.0.0.0:37436 to 10.241.10.175:1812
User-Name = 'alexandre'
User-Password = 'abcdef'
NAS-IP-Address = 10.241.10.176
NAS-Port = 1812
Message-Authenticator = 0x00
Received Access-Accept Id 72 from 10.241.10.175:1812 to 10.241.10.176:37436 length 20
[root@pdisw015 tmp]# cat /etc/squid/squid.conf
#
acl localnet src 10.241.0.0/16 # RFC1918 possible internal network
#
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
# Radius Authentication --------------------------------------------------------------
auth_param basic program /usr/local/squid/libexec/squid_radius_auth -f /usr/local/squid/etc/squid_radius_auth.conf
auth_param basic children 5
auth_param basic realm Web-Proxy
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
acl radius-auth proxy_auth REQUIRED
acl SitesBloqueados url_regex -i "/etc/squid/sites.deny"
#
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
#
http_access allow radius-auth
http_access deny SitesBloqueados
http_access allow localhost manager
http_access allow localnet manager
http_access deny manager
#
http_access allow localnet
http_access allow localhost
#http_access deny all
# Squid normally listens to port 3128
http_port 3128
#
coredump_dir /var/spool/squid
#
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
root@radius:/etc/freeradius# vim clients.conf
client localhost {
ipaddr = 127.0.0.1
secret =testing123
#
require_message_authenticator = no
#
nastype = other # localhost isn't usually a NAS...
#
client 10.241.0.0/16 {
secret =testing123
shortname = Radius
}