Access-Accept with invalid signature

Alan DeKok aland at
Sat Jul 22 05:02:58 CEST 2006

Norbert Wegener <nw at> wrote:
> rad_recv: Access-Accept packet from host, id=32, length=20
> rad_decode: Received Access-Accept packet from client port
> 1812 with invalid signature (err=2)!  (Shared secret is incorrect.)

  That message would appear to be definitive.

> The output of radiusd -AX does not show anything strange to me and can
> be found at:

  For one, the password printed out in debugging mode is NOT what was
sent from the client.  And the only reason you got an Access-Accept is
that password checking was bypassed completely (Auth-Type Accept)

> So, is the last message important or can it be ignored?

  It's important.  Never ignore it.

  Alan DeKok.

More information about the Freeradius-Users mailing list