One more question:<div><br></div><div>Are there any limitation to the secret key? I.e. some special characters not allowed or length?</div><div><br></div><div>I'm asking this because I can not believe this problem is caused by to this person giving me the wrong secret-key.</div>
<div><br></div><div>Regards,</div><div>Shurbann Martes</div><div><br><br><div class="gmail_quote">On Sun, Mar 18, 2012 at 5:15 PM, Shurbann Martes <span dir="ltr"><<a href="mailto:shurbann@gmail.com">shurbann@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Alan,<div><br></div><div>Ok I understand what you're saying.</div><div><br></div><div>I'm just copy-pasting the secret-key to the clients.conf:</div>
<div><br></div><div><div>client x.x.x.x/16 {</div><div> secret = <secret key with special characters in it></div>
<div> shortname = private-network-2</div><div>}</div><div><br></div><div>You're saying that the only reason for this failure is wrong secret key?</div><div>In other words they gave me the wrong secret.</div>
<div><br></div><div>Regards,</div><div>Shurbann Martes</div><div><div class="h5"><div><br></div><br><div class="gmail_quote">On Sun, Mar 18, 2012 at 4:20 PM, Alan DeKok <span dir="ltr"><<a href="mailto:aland@deployingradius.com" target="_blank">aland@deployingradius.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>Shurbann Martes wrote:<br>
> The problem is when FreeRADIUS receives a Accounting-Request it drops<br>
> the packet without response due to a problem with the signature:<br>
><br>
> rad_recv: Accounting-Request packet from host x.x.x.x port 64514, id=1,<br>
> length=287<br>
> Received Accounting-Request packet from x.x.x.x with invalid signature!<br>
> (Shared secret is incorrect.) Dropping packet without response.<br>
<br>
</div> That message is pretty clear.<br>
<br>
> The Access-Request are ok:<br>
<br>
No, they're not.<br>
<div><br>
> rad_recv: Access-Request packet from host x.x.x.x port 64986, id=236,<br>
> length=102<br>
> User-Name = "test"<br>
> User-Password = "\2517Rq\2308Uv\"\204\220\341\377\244(\363"<br>
<br>
</div> The password is garbage. This means that the shared secret is wrong.<br>
<div><br>
> [files] users: Matched entry DEFAULT at line 61<br>
<br>
</div> In which you set "Auth-Type := Accept", which doesn't check the password.<br>
<div><br>
> The shared secret key has special characters in it such as $-sign and<br>
> /-sign.<br>
<br>
</div> If you enter it correctly, that should work.<br>
<br>
So.. you probably didn't enter it correctly.<br>
<div><br>
> The client is a Juniper NAS.<br>
><br>
> These are the questions I have:<br>
><br>
</div>> * Any issues with FreeRADIUS Accounting-Request in combination with<br>
<div>> a secret key containing special characters?<br>
<br>
</div> No.<br>
<br>
> * Why is the access-request having no issues with these special<br>
> characters?<br>
<br>
Because you edited the default configuration and broke it.<br>
<br>
> * Anyone bumped into a similar problems in combination with a<br>
> juniper NAS<br>
<br>
No. This isn't a Juniper problem.<br>
<br>
> * Is there a way to figure out the secret-key the client is using?<br>
<br>
No.<br>
<br>
Try using a simple shared secret.<br>
<span><font color="#888888"><br>
Alan DeKok.<br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</font></span></blockquote></div><br></div></div></div>
</blockquote></div><br></div>