another shared secret problem

Fri Jun 8 12:07:08 CEST 2012

Got it!  I needed to rethink the process of the conversation between my internal radius servers and the ORPS servers and realised that I had been adding the wrong shared secret into the clients.conf file.

Thanks both for your help,
Andi

-----Original Message-----
From: freeradius-users-bounces+amorris=cardiffmet.ac.uk at lists.freeradius.org [mailto:freeradius-users-bounces+amorris=cardiffmet.ac.uk at lists.freeradius.org] On Behalf Of Fajar A. Nugraha
Sent: 08 June 2012 10:10
To: FreeRadius users mailing list
Subject: Re: another shared secret problem

On Thu, Jun 7, 2012 at 7:36 PM, Morris, Andi <amorris at cardiffmet.ac.uk> wrote:

> The problem is that the FR server is reporting a shared secret
> mismatch when requests come from the new servers:

> I have typed and retyped the shared secret several times on both FR
> and IAS sides of the conversation.  Is there anywhere else in FR I
> need to declare the new servers that I have missed, or do I need to
> concentrate the efforts to the IAS servers?
>
> Full debug output with masked details below:

> client tmg2 {
>
>         ipaddr = 5.5.5.5
>
>         netmask = 32
>
>         require_message_authenticator = no
>
>         secret = "testing123"
>
>         nastype = "other"
>
>         virtual_server = "noname"
>
> }

> rad_recv: Access-Request packet from host 5.5.5.5 port 35394, id=1,
> length=211
>
> Received packet from 5.5.5.5 with invalid Message-Authenticator!
> (Shared secret is incorrect.) Dropping packet without response.

Is the shared secret on the NAS (5.5.5.5) set to "testing123"? Cause that's what FR thinks it should be.

--
Fajar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
________________________________

From 1st November 2011 UWIC changed its title to Cardiff Metropolitan University. From the 6th December 2011, as part of this change, all email addresses which included @uwic.ac.uk have changed to @cardiffmet.ac.uk. All emails sent from Cardiff Metropolitan University will now be sent from the new @cardiffmet.ac.uk address. Please could you ensure that all of your contact records and databases are updated to reflect this change. Further information can be found on the website here.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx>

Ar Dachwedd y 1af 2011 newidiodd UWIC ei henw i Brifysgol Fetropolitan Caerdydd. O Ragfyr 6ed, fel rhan o'r newid yma, bydd pob cyfeiriad e-bost sy'n cynnwys @uwic.ac.uk yn newid i @cardiffmet.ac.uk. Bydd yr holl ebyst a ddanfonir o Brifysgol Fetropolitan Caerdydd yn cael eu danfon o‘r cyfeiriad @cardiffmet.ac.uk newydd. Gwnewch yn siwr eich bod yn diweddaru eich cofnodion cyswllt a'ch cronfeydd data i adlewyrchu hyn. Gellir cael rhagor o wybodaeth ar y wefan yma.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx>