Problem with multiple clients.conf
Klemen forneci
forneci at gmail.com
Mon Aug 30 09:21:18 CEST 2021
To finish the thread, I've changed the address to 1.0, but it still didn't work.
When I changed the order (the 1.0 subnet first), it started to work as expected.
So I guess the order of clients does play a role.
Best regards,
Klemen
V V pet., 27. avg. 2021 ob 10:47 je oseba Bjørn Mork <bjorn at mork.no> napisala:
>
> Klemen forneci <forneci at gmail.com> writes:
>
> > Hello.
> >
> > In my environment (migrated from v2 to v3) I have multiple clients defined:
> >
> > client net {
> > ipaddr = 192.168.0.0
> > netmask = 16
> > secret = removed
> > shortname = mass
> > nastype = other
> > }
> >
> > client hivemanager {
> > ipaddr = 192.168.1.1
> > netmask = 24
> > secret = removed_2
> > shortname = HM
> > nastype = other
> > }
> >
> > This configuration works on the v2. On the v3, the problem is that i'm
> > getting a incorrect secret error:
> >
> > Dropping packet without response because of error: Received packet
> > from 192.168.1.15 with invalid Message-Authenticator! (Shared secret
> > is incorrect.)
> >
> > Like the package is managed by client NET and not hivemanager (the
> > secrets are not the same). Is there a order in which the clients must
> > be listed inside the configuration file (finds the first and ignores
> > the others)?
>
> The documentations says:
>
> # You can now specify one secret for a network of clients.
> # When a client request comes in, the BEST match is chosen.
> # i.e. The entry from the smallest possible network.
>
> ref
> https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/raddb/clients.conf#L237
>
> It's not clear to me which of the two client entries you believe should
> match, but according to that doc 192.168.1.15 should match hivemanager.
>
> One issue might be the bogus network address. You should probably use
> 192.168.1.0
>
>
>
> Bjørn
More information about the Freeradius-Users
mailing list