Using OpenWRT nas, identical shared secret, told "Shared secret is incorrect."
Vito A. Smaldino
vitoantonio.smaldino at istruzione.it
Wed Nov 11 18:45:41 CET 2015
Be carefully, the secret is ok!
Below you'll find the messages from FR when using a wrong secret:
==============
.........
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on authentication address 127.0.0.1 port 18120 as server
inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.2.227 port 60448, id=0,
length=144
Received packet from 192.168.2.227 with invalid Message-Authenticator!
(Shared secret is incorrect.) Dropping packet without response.
Going to the next request
Waking up in 0.9 seconds.
Cleaning up request 0 ID 0 with timestamp +4
Ready to process requests.
===============
V
2015-11-11 17:47 GMT+01:00 Matthew Newton <mcn4 at leicester.ac.uk>:
> On Wed, Nov 11, 2015 at 11:28:10AM -0500, Toyam Cox wrote:
> ...
> > radiusd: #### Loading Clients ####
> > client localhost {
> > ipaddr = 127.0.0.1
> > require_message_authenticator = no
> > secret = "testing123"
> > nastype = "other"
> > }
> ...
> > rlm_sql (sql): Read entry
> nasname=10.0.0.4,shortname=testing,secret=testing123
> > rlm_sql (sql): Adding client 10.0.0.4 (testing, server=<none>) to
> clients list
> ...
> > Ready to process requests.
>
>
> That's better - same server setup.
>
>
> > rad_recv: Access-Request packet from host 10.0.0.4 port 3787, id=254,
> length=133
> > User-Name = "Aviator"
> > NAS-IP-Address = 10.0.0.4
> > NAS-Port = 0
> > Message-Authenticator = 0xbca92aec49da8848ab95b8ac15e7daab
> > MS-CHAP-Challenge = 0x179924b2ec0ad514
> > MS-CHAP-Response =
> >
> 0x0001000000000000000000000000000000000000000000000000b5b672c3217a5fd2ca598435ee57218a92635838e3783684
> > # Executing section authorize from file /etc/raddb/sites-enabled/default
> > +group authorize {
> ...
>
> > Sending Access-Accept of id 254 to 10.0.0.4 port 3787
> ...
>
> And it works. Which gives two likely possibilities
>
> - shared secret incorrectly defined on NAS
> - NAS is broken.
>
> FreeRADIUS looks fine - investigate or replace your NAS.
>
> Cheers,
>
> Matthew
>
>
> --
> Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
>
> Systems Specialist, Infrastructure Services,
> I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
>
> For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
> --
> Vito A. Smaldino
>
>
More information about the Freeradius-Users
mailing list