Hello I'm certain was using the right command. The number 7 in the line tells the router that a hidden key will follow. coltrane(config)#radius-server key ? 0 Specifies an UNENCRYPTED key will follow 7 Specifies HIDDEN key will follow LINE The UNENCRYPTED (cleartext) shared key Now at this point I actually got it to work. It turned out that in trying to copy the extremely long number from the old config there was an error. But I still don't know exactly what it is doing so I'm hoping somebody can explain because I may want to change the key at some point. On the router end the key is configured with radius-server key 7 "54-character-key" On the radius server in clients.conf this client's secret = "totally-different-26-character-key" Initially I thought that one side or the other would be like /etc/shadow passwords or the garbled string you see looking at a enable secret password in the cisco conf. That would account for them appearing totally different. But just copying the old configuration straight works so I guess not. Alan DeKok wrote:
John Baker wrote:
The setup works fine if I use a password like "testing123" on both ends. But when I use "radius-server key 7" to encrypt it breaks.
As in... what happens?
The current setup does use this so I know it works. But in all the documentation I've been weeding** through** on configuring clients.conf nothing seems to mention how this kind of encryption works on the Free Radius server end.
See RFC 2865... if you really care about it. But trust me, FreeRADIUS works.
The router insists on extremely long key for this configuration. The 3640 shows one in the config. But client.conf show a much shorter one.
When I try to plug the long one in clients.conf freeradius fails to startup.
Could you say what error it produces?
The comments in clients.conf indicate that the shared secret can be no more than 31 characters long. In 2.0, this restriction is removed.
So how do you configure freeradius for a Cisco hidden password?
No idea. The Cisco "hidden password" thing isn't well documented. i.e. The Cisco docs tell you that you can enable hidden passwords, but don't say what that means.
And if you look for "hidden password" in:
http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chap...
It looks to me like you're using the wrong command. "radius server key" sets the shared secret to the following text, which in your case is "7". If you want hidden passwords, it looks like you have to use another command.
Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- John Baker Network Systems Administrator Marlboro College Phone: 451-7551 off campus; 551 on campus