On 19 Jul 2013, at 16:32, Anja Ruckdaeschel <Anja.Ruckdaeschel@rz.uni-regensburg.de> wrote:
Dear Arran,
Sorry, about the typo with debug
I looked at the invalid packet counters. Only shows the requests with wrong shared secrets in rejects-Counter ... Same thing....
The RADIUS server cannot determine whether the shared secret is correct for Access-Requests without the Message-Authenticator attribute. The User-Password field is decrypted incorrectly and so comparison with the REFERENCE password fails which is why they're seen as a reject. This isn't an issue with the server, it's an issue with the protocol. Accounting-Requests are validated using the Authenticator field and so you get the error message. Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team