Re: [squid-users] Squid and Radius authentication

From: Henrik Nordstrom <henrik_at_henriknordstrom.net>
Date: Tue, 18 Nov 2008 10:51:34 +0100

On ons, 2008-11-12 at 21:45 -0600, Johnson, S wrote:
> I'm trying to get the squid_radius_auth working and have tried to
> manually connect to my Microsoft radius server. I cannot get an ok
> for a response when manually testing the connection. Although, I can
> see the attempts in my Microsoft radius server log so I know I'm
> hitting it. I have a feeling it's my configuration in my Microsoft
> radius server. I've dug around and cannot find any articles on the
> setup for the radius server side; just the squid side (which again I
> think is working ok). Does anyone have information on this or
> suggestions to try?

There isn't very much. The RADIUS server need to be configured to accept
normal "obfuscated" plain-text authentication as defined in the RADIUS
protocol specifications (Access-Request with the User-Password
attribute), and both need to be configured with the same shared secret.

squid_radius_auth does not support syntesized CHAP-MD5 authentication.
Contributions adding such support is welcome which may make it easier to
interoperate with some RADIUS servers but probably not MS AD.. (what I
mean is squid_radius_auth calculating a CHAP response based on the
received plain-text credentials)

Regards
Henrik

Received on Tue Nov 18 2008 - 09:51:40 MST

This archive was generated by hypermail 2.2.0 : Tue Nov 18 2008 - 12:00:03 MST