I am trying to start WiFi access point on my Beaglebone Black.
There is no brige. I just want to connect to AP from my phone for setting up some custom configs.
I installed hostapd success, and edit the following config files:
I am using Angstrom Linux (kernel 3.8)
etc/network/interfaces
#When auto_bridge is "yes" then init.script makes bridge itself
#when aut_bridge is "no" then init.script start /etc/network/bridge
AUTO_BRIDGE=yes
STP_ENABLE=no
FD_TIMER=0
GCINT_TIMER=0
#BR0_USE_DHCP=no
#BR0_IPADDR=192.168.0.50/24
IPV4_FORWARD_ENABLE=yes
START_IPTABLES=yes
VLAN_START=yes
WLAN_ENABLED=yes
WLAN_FORCEIP=no
WLAN_IN_BR0=yes
WLAN_USE_DHCP=yes
WLAN_IPADDR=192.168.0.5/24
WLAN_MACADDR=00006c576976
WLAN_BURST=no
WLAN_USE_UNCHECKED_MIBS=no
etc/udhcpd.conf
start 192.168.0.10 #default: 192.168.0.20
end 192.168.0.15 #default: 192.168.0.254
# The interface that udhcpd will use
interface wlan0 #default: eth0
opt dns xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
option subnet 255.255.255.0
opt router 192.168.0.5
option lease 864000
etc/hostapd/hostapd.conf
# Basic configuration
interface=wlan0
ssid=MyNet
channel=1
#bridge=br0
# WPA and WPA2 configuration
auth_algs=1
ignore_broadcast_ssid=0
wpa=3
wpa_passphrase=aaaaaaaaaa
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
# Hardware configuration
driver=rtl871xdrv
ieee80211n=1
hw_mode=g
device_name=RTL8188CU
manufacturer=Realtek
After this I write in connamd line:
sh-4.2# udhcpd /etc/udhcpd.conf
sh-4.2# hostapd /etc/hostapd/hostapd.conf
Configuration file: /etc/hostapd/hostapd.conf
drv->ifindex=4
l2_sock_recv==l2_sock_xmit=0x0x63648
+rtl871x_sta_deauth_ops, ff:ff:ff:ff:ff:ff is deauth, reason=2
rtl871x_set_key_ops
rtl871x_set_key_ops
rtl871x_set_key_ops
rtl871x_set_key_ops
Using interface wlan0 with hwaddr 00:0f:13:76:1d:6b and ssid 'MyNet'
rtl871x_set_wps_assoc_resp_ie
rtl871x_set_wps_beacon_ie
rtl871x_set_wps_probe_resp_ie
rtl871x_set_key_ops
rtl871x_set_beacon_ops
rtl871x_set_hidden_ssid_ops
+rtl871x_get_sta_wpaie, 00:a0:c6:fe:5e:ec is sta's address
Ater this I tried to connect to AP from my phone.
See please the follwing log of hostapd:
wlan0: STA 00:a0:c6:fe:5e:ec IEEE 802.11: associated
rtl871x_set_key_ops
rtl871x_set_key_ops
rtl871x_set_key_ops
+rtl871x_send_eapol
+rtl871x_send_eapol
rtl871x_set_key_ops
wlan0: AP-STA-CONNECTED 00:a0:c6:fe:5e:ec
wlan0: STA 00:a0:c6:fe:5e:ec RADIUS: starting accounting session 52AC6766-00000000
wlan0: STA 00:a0:c6:fe:5e:ec WPA: pairwise key handshake completed (RSN)
wlan0: STA 00:a0:c6:fe:5e:ec IEEE 802.11: disassociated
wlan0: AP-STA-DISCONNECTED 00:a0:c6:fe:5e:ec
rtl871x_set_key_ops
rtl871x_set_key_ops
+rtl871x_sta_remove_ops, 00:a0:c6:fe:5e:ec is sta address removed
+rtl871x_get_sta_wpaie, 00:a0:c6:fe:5e:ec is sta's address
wlan0: STA 00:a0:c6:fe:5e:ec IEEE 802.11: associated
rtl871x_set_key_ops
rtl871x_set_key_ops
+rtl871x_send_eapol
+rtl871x_send_eapol
rtl871x_set_key_ops
wlan0: AP-STA-CONNECTED 00:a0:c6:fe:5e:ec
wlan0: STA 00:a0:c6:fe:5e:ec RADIUS: starting accounting session 52AC6766-00000001
wlan0: STA 00:a0:c6:fe:5e:ec WPA: pairwise key handshake completed (RSN)
In my phone I see messages:
Connecting
Autentification
Getting ip address
Connecting
Autentification
Getting ip address
Connecting
Autentification
Getting ip address
My phone cannot to connect to AP as a result.
I think that problem in udhcpd.
Please help me to find a problem.
Thanks
Maybe can refer to http://fleshandmachines.wordpress.com/2012/10/04/wifi-acces-point-on-beaglebone-with-dhcp/
To sum up it says that angstrom not support what u want to do. This solution use debian.
Related
I' trying to get hostapd working with eap-peap and a Let's encrypt certificate. When connecting with my Android phone though, it does not connect and complains the certificate was expired.
hostapd logs
wlan0: STA <mac> IEEE 802.11: authenticated
wlan0: STA <mac> IEEE 802.11: associated (aid 1)
wlan0: CTRL-EVENT-EAP-STARTED <mac>
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
SSL: SSL3 alert: read (remote end reported an error):fatal:certificate expired
OpenSSL: openssl_handshake - SSL_connect error:0A000415:SSL routines::sslv3 alert certificate expired
wlan0: CTRL-EVENT-EAP-FAILURE <mac>
wlan0: STA <mac> IEEE 802.1X: authentication failed - EAP type: 0 (unknown)
wlan0: STA <mac> IEEE 802.1X: Supplicant used different EAP type: 25 (PEAP)
wlan0: STA <mac> IEEE 802.11: deauthenticated due to local deauth request
Client configuration
EAP Method: PEAP
Identity:
Password:
CA-Certificate: Use System Certificate
Domain:
Phase2 Authentication: MSCHAPV2
Anonymous Identity:
When configuring the CA-Certificate validation mode to "no validation" however, the connection works flawlessly.
Certificate
> openssl x509 -in /etc/hostapd/certs/server.pem -text
[...]
Validity
Not Before: Jan 29 09:40:58 2023 GMT
Not After : Apr 29 09:40:57 2023 GMT
Subject: CN = <domain>
[...]
hostapd.conf
# EAP Settings
eap_server=1
ieee8021x=1
eapol_version=2
wpa_key_mgmt=WPA-EAP
wpa_pairwise=TKIP
rsn_pairwise=CCMP
eap_user_file=/etc/hostapd/hostapd.eap_user
ca_cert=/etc/hostapd/certs/ca.pem
server_cert=/etc/hostapd/certs/server.pem
private_key=/etc/hostapd/certs/server.key
hostapd.eap_user
# Wildcard for all other identities
* PEAP,TTLS,TLS
# Phase 2 (tunnelled within EAP-PEAP or EAP-TTLS) users
"testaccount1" MSCHAPV2 "SuperSecretPassword1" [2]
On my Windows machine, these settings work flawlessly, the certificate is presented to me and I can decide to accept it (or not). However, the validation method is very different on Windows.
I'm therefore wondering if any of you have experience with this on Android.
I'm also confused with the lines
wlan0: STA <mac> IEEE 802.1X: authentication failed - EAP type: 0 (unknown)
wlan0: STA <mac> IEEE 802.1X: Supplicant used different EAP type: 25 (PEAP)
This looks to me like I misconfigured somethin in eap_user - but then again it is working as long as certificate validation is not enabled.
For anyone looking for an answer to this:
Above configuration actually works flawlessly with Windows and iOS. Only getting Android to work requires a different configuration in hostapd.conf and on the Android device:
in hostapd.conf:
For ca_cert, download the Root-CA that is used in the certificate chain for signature of the intermediate CA which signed your server.pem. In my case, this was ISRG Root X1. All Let's Encrypt certificates are available on https://letsencrypt.org/de/certificates/
For server_cert, the fullchain.pem file is used, containing the server certificate and the intermediate certificate chain.
on Android:
Download the same Root CA and add it specifically as Wifi Certificate. This certificate needs to be selected when connecting.
It appears as if Android does not use the system certificate store or the system certificate store for wifi certificates does not contain the Let's Encrypt Root CA. Therefore, this CA needs to be added manually rendering the process on android much more complicated on unmanaged devices.
After installing Arch on acer c720 I rebooted and failed to connect to the internet with wifi-menu, getting these results instead.
ping: www.google.com: Temporary failure in name resolution
lspci -k|tail -4
01:00.0 Network controller: Qualcomm Atheros AR9462 Wireless Network Adapter (rev 01)
Subsystem: Foxconn International, Inc. AR9462 Wireless Network Adapter
Kernel driver in use: ath9k
Kernel modules: ath9k
ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: wlp1s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000
link/ether c0:38:96:7b:4b:13 brd ff:ff:ff:ff:ff:ff
dmesg|grep firmware
[ 5.276751] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
ip link set wlp1s0 up
ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: wlp1s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000
link/ether c0:38:96:7b:4b:13 brd ff:ff:ff:ff:ff:ff
dmesg|grep firmware
[ 5.276751] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
dmesg|grep firmware
[ 5.623139] ath9k 0000:01:00.0 wlp1s0: renamed from wlan0
dmesg|grep wlp1s0
[ 241.764977] wlp1s0: authenticate with ac:a3:1e:e4:a1:92
[ 241.775194] wlp1s0: send auth to ac:a3:1e:e4:a1:92 (try 1/3)
[ 241.776256] wlp1s0: authenticated
[ 241.777644] wlp1s0: associate with ac:a3:1e:e4:a1:92 (try 1/3)
[ 241.778999] wlp1s0: RX AssocResp from ac:a3:1e:e4:a1:92 (capab=0x1 status=0 aid=4)
[ 241.779160] wlp1s0: associated
[ 241.779745] IPv6: ADDRCONF(NETDEV_CHANGE): wlp1s0: link becomes ready
[ 241.813454] audit: type=1130 audit(1576018783.420:29): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=netctl#wlp1s0\x2dCity\x20of\x20Eugene\x2dFree\x20Public\x20WiFi comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
[ 241.818154] wlp1s0: deauthenticating from ac:a3:1e:e4:a1:92 by local choice (Reason: 3=DEAUTH_LEAVING)
[ 242.032750] audit: type=1131 audit(1576018783.640:30): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=netctl#wlp1s0\x2dCity\x20of\x20Eugene\x2dFree\x20Public\x20WiFi comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
If I have interpreted these results and the 'Wireless configuration' wiki correctly, what I need to do now is manually install the ath9k driver firmware from wherever it was stored on my system when pacstrap installed linux-firmware.
find / -iname '*ath9k*.xz'
/proc/irq/16/ath9k
/sys/kernel/debug/ieee80211/phy0/ath9k
/sys/class/leds/ath9k-phy0
/sys/devices/pci0000:00/0000:00:1c.0/0000:01:00.0/leds/ath9k-phy0
/sys/bus/platform/drivers/ath9k
/sys/bus/pci/drivers/ath9k
/sys/module/ath9k_common
/sys/module/ath9k_common/holders/ath9k
/sys/module/ath9k
/sys/module/ath9k/drivers/platform:ath9k
/sys/module/ath9k/drivers/pci:ath9k
/sys/module/ath/holders/ath9k_common
/sys/module/ath/holders/ath9k
/sys/module/ath/holders/ath9k_hw
/sys/module/mac80211/holders/ath9k
/sys/module/mac80211/holders/ath9k_hw
/sys/module/ath9k_hw
/sys/module/ath9k_hw/holders/ath9k_common
/sys/module/ath9k_hw/holders/ath9k
/sys/module/cfg80211/holders/ath9k_common
/sys/module/cfg80211/holders/ath9k
/usr/lib/modules/5.4.2-arch1-1/kernel/drivers/net/wireless/ath/ath9k
/usr/lib/modules/5.4.2-arch1-1/kernel/drivers/net/wireless/ath/ath9k/ath9k.ko.xz
/usr/lib/modules/5.4.2-arch1-1/kernel/drivers/net/wireless/ath/ath9k/ath9k_common.ko.xz
/usr/lib/modules/5.4.2-arch1-1/kernel/drivers/net/wireless/ath/ath9k/ath9k_pci_owl_loader.ko.xz
/usr/lib/modules/5.4.2-arch1-1/kernel/drivers/net/wireless/ath/ath9k/ath9k_htc.ko.xz
/usr/lib/modules/5.4.2-arch1-1/kernel/drivers/net/wireless/ath/ath9k/ath9k_hw.ko.xz
/usr/lib/firmware/ath9k_htc
/usr/share/licenses/linux-firmware/LICENCE.open-ath9k-htc-firmware
/run/udev/tags/seat/+leds:ath9k-phy0
/run/udev/data/+leds:ath9k-phy0
find: paths must precede expression: `2'
The wiki has an early section titled 'installing firmware' but nowhere explicitly states how that should be done, and pacman seems to care only for .tar.xz.
pacman -U /usr/lib/modules/5.4.2-arch1-1/kernel/drivers/net/wireless/ath/ath9k/ath9k.ko.xz
loading packages...
error: could not open file /usr/lib/modules/5.4.2-arch1-1/kernel/drivers/net/wireless/ath/ath9k/ath9k.ko.xz: Unrecognized archive format
error: '/usr/lib/modules/5.4.2-arch1-1/kernel/drivers/net/wireless/ath/ath9k/ath9k.ko.xz': cannot open package file
Where should I go from here?
The problem was the lack of dhcpcd, and my aversion to using systemd.
I needed to download the package from Arch, install it and both enable and start it with systemctl, so that it persists after rebooting.
I had a similar?? problem with the installation using a netgear wifi dongle:
(lsusb) NetGear, Inc. WNA1100 Wireless-N 150 [Atheros AR9271]
Wifi worked fine on the iso during the installation thanks to article by:
https://linuxcommand.blogspot.com/2013/10 for getting the wi-fi to work.
but was non-existent when booted up on the installed system.
On the installed system, dmesg | grep ath:
[ 11.960144] usb 1-3: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 11.966726] usbcore: registered new interface driver ath9k_htc
[ 12.308917] usb 1-3: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 12.559791] ath9k_htc 1-3:1.0: ath9k_htc: HTC initialized with 33 credits
[ 12.790286] ath9k_htc 1-3:1.0: ath9k_htc: FW Version: 1.4
[ 12.790290] ath9k_htc 1-3:1.0: FW RMW support: On
[ 12.790292] ath: EEPROM regdomain: 0x60
[ 12.790294] ath: EEPROM indicates we should expect a direct regpair map
[ 12.790297] ath: Country alpha2 being used: 00
[ 12.790298] ath: Regpair used: 0x60
[ 12.835277] ath9k_htc 1-3:1.0 wlp0s2f1u3: renamed from wlan0
Tried using wlp0s2f1u3 to no avail:
(iw dev) displayed wlp0s2f1u3
but "device not found" etc when other commands used to set up the link using wlp0s2f1u3
Spent days hunting around trying to find a way to prevent wlan0 being renamed to wlp0s2f1u3 and eventually discovered that the installation iso had an extra file:
/lib/systemd/network/80-iwd.link
[Match]
Type=wlan
[Link]
NamePolicy=keep kernel
This file prevented wlp0s2f1u3 being renamed from wlan0 and I was able to get the network going using wlan0 instead of wlp0s2f1u3.
My thanks to all who were instrumental in finding my solution.
I've got a build of the OpenVPN3 client library (https://github.com/OpenVPN/openvpn3) connecting to an OpenVPN 2 server (2.4.4). This is working for my mac and windows builds, but failing when the client is iOS.
The iOS client appears to connect, in the sense that I get my custom up script invoked and I can see what I assume are keepalive/heartbeat packets going back and forth between client and server. The client doesn't time out as long as these packets are allowed to continue. However, as soon as the client attempts to access any web page over the tunnel, I get packets dropped on the server side with errors like the following:
Fri Mar 15 20:08:27 2019 11e9-475e-04b1a640-b6f1-dda173e0051f/10.101.172.10:65334 IP packet with unknown IP version=10 seenFri Mar 15 20:08:28 2019 11e9-475e-04b1a640-b6f1-dda173e0051f/10.101.172.10:65334 IP packet with unknown IP version=7 seen
Fri Mar 15 20:08:29 2019 11e9-475e-04b1a640-b6f1-dda173e0051f/10.101.172.10:65334 IP packet with unknown IP version=5 seen
Fri Mar 15 20:08:30 2019 11e9-475e-04b1a640-b6f1-dda173e0051f/10.101.172.10:65334 IP packet with unknown IP version=9 seen
Fri Mar 15 20:08:31 2019 11e9-475e-04b1a640-b6f1-dda173e0051f/10.101.172.10:65334 IP packet with unknown IP version=8 seen
Fri Mar 15 20:08:32 2019 11e9-475e-04b1a640-b6f1-dda173e0051f/10.101.172.10:65334 IP packet with unknown IP version=2 seen
Fri Mar 15 20:08:34 2019 11e9-475e-04b1a640-b6f1-dda173e0051f/10.101.172.10:65334 IP packet with unknown IP version=13 seen
Fri Mar 15 20:08:38 2019 11e9-475e-04b1a640-b6f1-dda173e0051f/10.101.172.10:65334 IP packet with unknown IP version=7 seen
I'm using the same server and client configs for iOS as I was using when the client was Mac and Windows.
Server configs:
port 1194
proto udp
dev tun
ca /opt/certs/ca-cert.pem
cert /opt/certs/server.pem
key /opt/certs/server-key.pem
dh /opt/certs/dh2048.pem
tls-auth /opt/certs/ta.key 0
server 10.8.0.0 255.255.0.0
keepalive 5 15
verb 3
script-security 3
client-connect "/usr/local/bin/sdp-updown"
client-disconnect "/usr/local/bin/sdp-updown"
cipher AES-256-CBC
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
comp-lzo
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
Client configs:
dev tun
proto udp
remote ... server and port omitted
remote-cert-tls server
key-direction 1
server-poll-timeout 5
cipher AES-256-CBC
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
comp-lzo
... routes omitted
<ca>
... CA omitted
</ca>
<cert>
... cert omitted
</cert>
<key>
... private key omitted
</key>
<tls-auth>
... OpenVPN static key omitted
</tls-auth>
I've tried a number of different settings for cipher and tls-cipher. When those settings are set to values that are supported on both sides I can get connected, but get the same IP packet with unknown IP version error. Obviously when either cipher or tls-cipher isn't supported on either server or client we fail to negotiate TLS and don't get connected at all.
I found a number of troubleshooting forum posts regarding this error and most of them are resolved by setting the compression settings to the same value on both ends. My iOS client build seems to think that it has no ability to perform compression, even though I think I've linked successfully against the LZ4 library. I compiled the LZ4 library for iOS, and included the LZ4=1 when building a dylib for OpenVPN itself. However, when the iOS client connects it reports settings like:
ENV[IV_AUTO_SESS] = 1
ENV[IV_COMP_STUBv2] = 1
ENV[IV_COMP_STUB] = 1
ENV[IV_LZO_STUB] = 1
ENV[IV_PROTO] = 2
ENV[IV_TCPNL] = 1
ENV[IV_NCP] = 2
ENV[IV_PLAT] = ios
ENV[IV_VER] = 3.1.2
I notice that this does not include IV_LZ4, which I take to mean that the client thinks it can't perform compression. That said, even when my configs include disabled compression I get the same results. I tried omitting any compression setting at all, comp-lzo no, compress stub, and compress stub-v2. None of these resulted in any different behavior.
My questions are thus:
What could be the cause of my IP packet with unknown IP version errors when actually sending packets over the data channel?
If what I'm seeing is actually a compression setting error, how do I convince OpenVPN to disable compression entirely? Alternatively, what have I done wrong to link LZ4 into my iOS OpenVPN dylib?
I'm trying to connect from Jenkins (docker container) to a windows server (VM) running a Cygwin sshd. The problem I'm facing is that (seemingly) at random I can or cannot connect. This is both with the 'SSH Plugin' (username/password) and via shell SSH command (key pair).
From Jenkins the debug information tells me:
debug1: connect to address [serverIP] port 22: Connection refused
When it isn't working the sshd log tells me:
debug1: fd 4 clearing O_NONBLOCK
debug1: Forked child 1128.
debug3: send_rexec_state: entering fd = 7 config len 232
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 4 out 4 newsock 4 pipe 6 sock 7
debug1: inetd sockets after dupping: 3, 3
Connection from [clientIP] port 59440 on 0.0.0.0 port 22
Could not write ident string to [clientIP] port 59440
When it is working I get the following in the sshd log:
debug1: fd 4 clearing O_NONBLOCK
debug1: Forked child 1708.
debug3: send_rexec_state: entering fd = 7 config len 232
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 4 out 4 newsock 4 pipe 6 sock 7
debug1: inetd sockets after dupping: 3, 3
Connection from [clientIP] port 56742 on [serverIP] port 22
debug1: Client protocol version 2.0; client software version OpenSSH_7.4
Difference I'm seeing is the 0.0.0.0 instead of the serverIP but I cannot find why this is.
I've tried setting up a job that runs every 5 minutes to see if there was a pattern, but I could find none.
On the server I've made a wireshark trace these are the packages I get
Client to server: [SYN]
Client to server: [TCP Out-Of-Order] (same package as previous [SYN])
Server to client: [RST, ACK]
Client to server: [SYN, ACK]
Client to server: [TCP Retransmission] (same package as previous [SYN, ACK])
I'm a bit stumped on the "Could not write ident string to [clientIP]" message and I'm having some trouble finding more information about why this is happening.
Any help on troubleshooting this further or information on why this message is displayed is welcome.
"Connection refused" normally means the server isn't accepting connections to the IP address and port that you requested. The service that you're trying to connect to may not be listening for connections, or it may be listening to a different address and/or port.
"Connection refused" can also be caused by a firewall blocking connections. In your case, given that the service is logging an incoming connection but without the client IP address, my guess is that you have some kind of firewall or malware detection software running on the server, and it's interfering with these connection attempts.
You'll need to access this firewall software, figure out why it's blocking these connections, and configure it to stop interfering.
I have successfully configure freeradius with mysql.
i can radtest using command :
sudo radtest alice password 192.168.2.3 1812 testing123
Sending Access-Request of id 187 to 192.168.2.3 port 1812
User-Name = "alice"
User-Password = "password"
NAS-IP-Address = 127.0.1.1
NAS-Port = 1812
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 192.168.2.3 port 1812, id=187, length=20
Now i try squid using radius authentication.
i followed step by step from :
http://safesrv.net/setup-squid-and-freeradius-on-centos-5/#comment-1043
But i got error message log on cache.log
Warning: Received invalid reply digest from server
Warning: Received invalid reply digest from server
Warning: Received invalid reply digest from server
squid_rad_auth: No response from RADIUS server
On radius -X debug there is error message like bellow :
Sending duplicate reply to client localprivate port 42003 – ID: 2
Sending Access-Reject of id 2 to 192.168.2.3 port 42003
Waking up in 2.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.3 port 42003, id=2, length=63
Sending duplicate reply to client localprivate port 42003 – ID: 2
Sending Access-Reject of id 2 to 192.168.2.3 port 42003
Waking up in 0.9 seconds.
Found Auth-Type = PAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group PAP {…}
[pap] login attempt with password “b9?I? +�(�Ч�Y�?”
[pap] Using clear text password “password”
[pap] Passwords don’t match
++[pap] returns reject
Failed to authenticate the user.
WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
Using Post-Auth-Type REJECT
What is that error ? How i can solve this
Thanks
Snoop your generated Accessreq and try to decode the encrypted password using your shared secret with wireshark. Looks like your test client doesnt encode the password correct.
Make sure testing123 is correctly configured on server side.