Hi,
I'm currently using squid 2.5 stable 6 (I know it's old but it works
and isn't the root of the problem!). Am using squid_radius_auth against
out RADIUS server.
When the authenticators start, everything works OK but after a while
(certainly less than 6 hours), the authenticator accepts any
credentials! I've performed a packet capture and can see the RADIUS
request and the response from the RADIUS server giving Access-Reject but
the authenticator returns OK! The following is an strace of the
authenticator process:
10:34:55 read(0, "aaa aaa\n", 1024) = 8
10:36:22 time(NULL) = 1180949782
10:36:22 send(4,
"\1\0\0005f\330^\\lZ\106\16\305\271\10\0214UK\30\1\5aaa\2\22\311\215\264\3640\235|\347\2760ooH\27AR\5\6\1\0\0o\4\6\302\251!\n",
55, 0) = 55
10:36:22 select(5, [4], NULL, NULL, {1, 0}) = 1 (in [4], left {1, 0})
10:36:22 recvfrom(4,
"\2\0\0>\330\256J\36\5U\334D\364S\315u\1\3153T\7\6\0\0\0\1\11\6\337\377\377\376\n\6\0\0\0\0\33\6\0\1R\100\34\6\0\0\16\20\35\6\0\0\0\0\6\6\0\0\0\2",
8192, 0, {sa_family=AF_INET, sin_port=htons(1645),
sin_addr=inet_addr("192.168.0.1")}, [16]) = 62
10:36:22 write(2, "Warning: Received invalid reply digest from
server\n", 51) = 51
10:36:22 write(1, "OK\n", 3) = 3
As you can see, there's a 'Warning: Received invalid reply digest from
server' message.
Performing a 'squid -k reconfigure' restarts the authenticators and the
authentication works as expected and there are no warnings present.
When the warnings start the authenticator starts accepting any credentials!
Any advice would be appreciated.
Regards,
Neil.
--
Neil Hillard neil.hillard@xxxxxxxxxxxxxxxxxx
AgustaWestland http://www.whl.co.uk/
Disclaimer: This message does not necessarily reflect the
views of Westland Helicopters Ltd.
