On 11/05/2010 03:06 PM, Phil Mayers wrote:
On 11/05/2010 06:47 PM, Eduardo Moreira wrote:
sorry, but where i checked the shared secret? in clients.conf?
Yes
if yes, secret is ok!
No it isn't; look at the packet:
Mon Nov 1 15:06:16 2010 : Debug: Ready to process requests. rad_recv: Access-Request packet from host 10.12.60.19 port 50105, id=100, length=73 User-Name = "username" User-Password = "c\355W'\021tC\372\177R\232(\007\027n\263" NAS-IP-Address = 127.0.1.1 NAS-Port = 1812 Framed-Protocol = PPP
The User-Password attribute has clearly been decrypted badly; this means you've got the shared secret wrong somewhere.
A common problem for folks who build their own versions of freeradius and mix it with a prebuilt version is the "root prefix" is different. If you build yourself the $prefix defaults to "/usr/local", but (most?) all prebuilt packages use $prefix of "/usr". That means you can end up with two copies of your config files (and loads of other files). Carefully look at the debug output of your radiusd -X, it will give you the full path of the files it's reading. Make sure the clients.conf you're looking at is *exactly* the same one the server is *actually* reading. Do this even if you haven't built your own package, just for sanity sake. -- John Dennis <jdennis@redhat.com> Looking to carve out IT costs? www.redhat.com/carveoutcosts/