Thanks Jason, but I might have been unclear. Sorry about that. I'm using fake data to send to the radius server. I do not care if it passes or fails. I simply want the server to respond when I send a message to x.x.3.199 (the network address of the machine) just as it does when I send a request to the localhost address on the machine. It does respond to localhost, it does not respond to the network address. That's where the problem lies, that I am trying to figure out. Thanks again, though. The network I am trying to authenticate is remote from the radius server, so I cannot use localhost. Otherwise, I wouldn't worry about it... Eventually, the remote location will be running covachilli or something similar. But for security (equipment) reasons, I cannot put a server at that end, so must do authentication remotely, at this end. Cheers, Kevin On Fri, 2008-12-12 at 16:11 -0500, Jason Wittlin-Cohen wrote:
Kevin,
The relevant line is:
"> rad_verify: Received Access-Reject packet from client 127.0.0.1 port 1812 with invalid signature (err=2)! (Shared secret is incorrect.)"
The shared secret to authenticate a client to the RADIUS server (for RADIUS, not EAP traffic) is either not set, or you're using the wrong secret. By default there is no shared secret set for localhost. Edit clients.conf, search for 127.0.0.1. You'll find a line that looks like:
ipaddr = 127.0.0.1
Now, add this line beneath:
secret = secret
Restart freeradius and try again. The message should go away. Remember, you're still going to get an access-reject response unless you setup the user account and password your authenticating with in the "users" file.
Jason
-- Jason Wittlin-Cohen Yale Law School, Class of 2010 jason.wittlin-cohen@yale.edu
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html