Squid+Freeradius/MySQL [RESOLVIDO]

1. Squid+Freeradius/MySQL [RESOLVIDO]

Alexandre Cardoso
Alexandre3

(usa Debian)

Enviado em 10/06/2017 - 20:23h

Olá a todos do VOL.
Aqui na empresa libero Wi-fi para visitantes através de um portal interno dos APs Aruba, a autenticação é feita em um servidor Freeradius/MySQL. Agora preciso logar esses acessos, então instalei o Squid e gostaria de autenticar os usuários neste mesmo Freeradius, no entanto fico obtendo a seguinte mensagem ao tentar autenticar: Warning: Received invalid reply digest from server, procurei por toda a parte e todos dizem que a secret key provavelmente estaria errada, mas não pude enchergar o erro.

Agradeço toda a ajuda.

Autenticação: squid_radius_auth-1.10.tar.gz

Squid Cache: Version 3.5.20

[[email protected] ~]# /usr/local/squid/libexec/squid_radius_auth -f /usr/local/squid/etc/squid_radius_auth.conf
alexandre abcdef
Warning: Received invalid reply digest from server
Warning: Received invalid reply digest from server
Warning: Received invalid reply digest from server
squid_rad_auth: No response from RADIUS server


[[email protected] ~]# cat /usr/local/squid/etc/squid_radius_auth.conf
# squid_rad_auth configuration file
# MvS: 28-10-1998
server 10.241.10.175
secret testing123

[[email protected] ~]# /usr/local/squid/libexec/squid_radius_auth -h 10.241.10.175 -w testing123
alexandre abcdef
Warning: Received invalid reply digest from server
Warning: Received invalid reply digest from server
Warning: Received invalid reply digest from server
squid_rad_auth: No response from RADIUS server

[[email protected] ~]# radtest alexandre abcdef 10.241.10.175 1812 testing123
Sending Access-Request Id 72 from 0.0.0.0:37436 to 10.241.10.175:1812
User-Name = 'alexandre'
User-Password = 'abcdef'
NAS-IP-Address = 10.241.10.176
NAS-Port = 1812
Message-Authenticator = 0x00
Received Access-Accept Id 72 from 10.241.10.175:1812 to 10.241.10.176:37436 length 20

[[email protected] tmp]# cat /etc/squid/squid.conf
#
acl localnet src 10.241.0.0/16 # RFC1918 possible internal network
#
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
# Radius Authentication --------------------------------------------------------------
auth_param basic program /usr/local/squid/libexec/squid_radius_auth -f /usr/local/squid/etc/squid_radius_auth.conf
auth_param basic children 5
auth_param basic realm Web-Proxy
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
acl radius-auth proxy_auth REQUIRED
acl SitesBloqueados url_regex -i "/etc/squid/sites.deny"
#
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
#
http_access allow radius-auth
http_access deny SitesBloqueados
http_access allow localhost manager
http_access allow localnet manager
http_access deny manager
#
http_access allow localnet
http_access allow localhost
#http_access deny all
# Squid normally listens to port 3128
http_port 3128
#
coredump_dir /var/spool/squid
#
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

[email protected]:/etc/freeradius# vim clients.conf
client localhost {
ipaddr = 127.0.0.1
secret =testing123
#
require_message_authenticator = no
#
nastype = other # localhost isn't usually a NAS...
#
client 10.241.0.0/16 {
secret =testing123
shortname = Radius
}



  


2. Re: Squid+Freeradius/MySQL

Bruno Thomaz
SarusKant

(usa CentOS)

Enviado em 11/06/2017 - 20:23h

O erro esta na resposta, tente ler sobre os esquemas de autenticação utilizados pelo freeradius.
Ex.

CHAP
PAP
MSCHAP
MSCHAP2

E o mais importante, verifique se o seu freeradius tem o dicionário para o squid.

Att
--
Bruno Thomaz


3. Re: Squid+Freeradius/MySQL [RESOLVIDO]

Alexandre Cardoso
Alexandre3

(usa Debian)

Enviado em 13/06/2017 - 08:54h

O problema estava aqui:

Basic Authentication protocol helpers:

squid_radius_auth - basic_radius_auth - Authenticate with RADIUS.

Source:
ftp://ftp.fu-berlin.de/unix/www/squid/archive/3.2/squid-3.2.0.12-RELEASENOTES.html

Obrigado.






Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner
Linux banner
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts