How to check сorrectness of the secret key?
B.Candler at pobox.com
Mon Sep 24 11:22:21 CEST 2012
On Mon, Sep 24, 2012 at 10:50:29AM +0200, Alan DeKok wrote:
> > When NAS server (in different network) send auth request from , then tcpdump shows correct port, ip's, but no answer from RADIUS, no info in the log.
> You already said that.
> > I've tried to send auth request from localhost againg, but with wrong key. As a result -- no log-info in radius.log, also no any response... That is why I think, that something is wrong with secret key on my NAS-server.
> Your thinking is wrong.
However he is asserting a behaviour he has seen, which would be consistent
with freeradius ignoring packets with bad secrets. This means that
something is wrong. It may mean that he is not in fact running the server
in debugging mode; or it may mean he is running some ancient freeradius, or
one which has been hacked by the vendor to behave differently to standard
code. Or it may not even be freeradius at all, but something completely
So for the benefit of the OP, here's what I see if I am running "freeradius
-X", using freeradius 2.1.12 under Ubuntu 10.04, and I send a regular (PAP)
radtest packet using "radtest test test localhost 1 badsecret"
rad_recv: Access-Request packet from host 127.0.0.1 port 37219, id=59, length=74
Received packet from 127.0.0.1 with invalid Message-Authenticator! (Shared secret is incorrect.) Dropping packet without response.
Going to the next request
Waking up in 0.9 seconds.
Cleaning up request 0 ID 59 with timestamp +3
If you don't see this, then make sure you are sending the packet to the
correct port (default is 1812), make sure you have stopped any other
radius daemon listening on that port (use "netstat -naup" to check), and
then run radiusd -X or freeradius -X, depending on your distribution. Run
radtest in a different window, then go back to the freeradius window to
check the output.
It would also be helpful if you were to describe what exact operating system
and version you are running, what version of freeradius you are running, and
where you got it from (e.g. did you get it from the OS packages repository,
did you compile it from source etc)
Please also post the output from freeradius -X (or radius -X) when you start
Alan is of course right, freeradius doesn't behave in the way you describe;
but I also believe that you are not lying when you say you see this
behaviour, so we need additional information if you want us to help you pin
down your problem.
More information about the Freeradius-Devel