On ons, 2008-11-12 at 21:45 -0600, Johnson, S wrote: > I'm trying to get the squid_radius_auth working and have tried to > manually connect to my Microsoft radius server. I cannot get an ok > for a response when manually testing the connection. Although, I can > see the attempts in my Microsoft radius server log so I know I'm > hitting it. I have a feeling it's my configuration in my Microsoft > radius server. I've dug around and cannot find any articles on the > setup for the radius server side; just the squid side (which again I > think is working ok). Does anyone have information on this or > suggestions to try?
There isn't very much. The RADIUS server need to be configured to accept normal "obfuscated" plain-text authentication as defined in the RADIUS protocol specifications (Access-Request with the User-Password attribute), and both need to be configured with the same shared secret. squid_radius_auth does not support syntesized CHAP-MD5 authentication. Contributions adding such support is welcome which may make it easier to interoperate with some RADIUS servers but probably not MS AD.. (what I mean is squid_radius_auth calculating a CHAP response based on the received plain-text credentials) Regards Henrik
signature.asc
Description: This is a digitally signed message part
