Jim Whitescarver wrote:
Freeradius reports "Sending Access-Accept " (see log below) but we are getting the message on our Cisco VPN box
"Radius: Invalid reply digest received; the shared-secret may be incorrect"
Then the shared secret is wrong, or one end doesn't implement RADIUS correctly.
We have triple checked the shared secrete and it is correct. With the wrong secrete it does not authenticate at all. Any ideas on what else might be causing that?
Also, the password comes from the Cisco VPN to freeradius encrypted.
Then the shared secret is wrong. Debug mode will tell you this.
I had to resort to including the token in the userid field to make it work. Any ideas how to decrypt the password? I have tried some tools on the net like cisco-decrypt but it says the encrypted password I give it is invalid. I notice users in the users file are authenticated properly although the password is encrytped. I need to decrypt the password in my python module.
No. Your python module is forcing "Auth-Type = Accept", even though the password is wrong. Don't do that. Don't check the secrets. Re-enter them. Change them to something simple like "hello". Alan DeKok.