Hi Alan, Ok I understand what you're saying. I'm just copy-pasting the secret-key to the clients.conf: client x.x.x.x/16 { secret = <secret key with special characters in it> shortname = private-network-2 } You're saying that the only reason for this failure is wrong secret key? In other words they gave me the wrong secret. Regards, Shurbann Martes On Sun, Mar 18, 2012 at 4:20 PM, Alan DeKok <aland@deployingradius.com>wrote:
Shurbann Martes wrote:
The problem is when FreeRADIUS receives a Accounting-Request it drops the packet without response due to a problem with the signature:
rad_recv: Accounting-Request packet from host x.x.x.x port 64514, id=1, length=287 Received Accounting-Request packet from x.x.x.x with invalid signature! (Shared secret is incorrect.) Dropping packet without response.
That message is pretty clear.
The Access-Request are ok:
No, they're not.
rad_recv: Access-Request packet from host x.x.x.x port 64986, id=236, length=102 User-Name = "test" User-Password = "\2517Rq\2308Uv\"\204\220\341\377\244(\363"
The password is garbage. This means that the shared secret is wrong.
[files] users: Matched entry DEFAULT at line 61
In which you set "Auth-Type := Accept", which doesn't check the password.
The shared secret key has special characters in it such as $-sign and /-sign.
If you enter it correctly, that should work.
So.. you probably didn't enter it correctly.
The client is a Juniper NAS.
These are the questions I have:
* Any issues with FreeRADIUS Accounting-Request in combination with a secret key containing special characters?
No.
* Why is the access-request having no issues with these special characters?
Because you edited the default configuration and broke it.
* Anyone bumped into a similar problems in combination with a juniper NAS
No. This isn't a Juniper problem.
* Is there a way to figure out the secret-key the client is using?
No.
Try using a simple shared secret.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html