On 12-07-18 08:59, Alberto Martínez Setién via Freeradius-Users wrote:
Hi all,
I'm trying to configure hardware (MAC) auth using FreeRADIUS. It works nice with another provider, but on this new one seems to do shared secret signing wrong.
Fri Jul 6 08:37:40 2018 : Info: Ready to process requests Fri Jul 6 08:37:50 2018 : Debug: (0) Received Access-Request Id 4 from 10.70.8.199:44611 to 172.16.250.2:8812 length 271 Fri Jul 6 08:37:50 2018 : Info: Dropping packet without response because of error: Received packet from 10.70.8.199 with invalid Message-Authenticator! (Shared secret is incorrect.)
(....)
I have no doubt that FR does the right thing, and I'm sure that this is not a "maybe you didn't input the same secret in both places" issue. This is either a hardcoded secret (not their first time) or a bad implementation.
They deny any wrongdoing on their part.
I intend to prove that they are doing RADIUS secret wrong and have locate the fr_radius_verify function.
My questions are: Can I brute force the secret somehow? Can I make my point to them somehow else?
https://wifiphil.blogspot.com/2015/12/troubleshooting-decrypt-radius-packets... You could use that to decrypt the User-Password attribute. If it turn out like garbage it probably used a different shared secret than you configured. -- Herwin Weststrate