Access-Accept with invalid signature
I want to use mysql with freeradius and a default entry in the users file. Testing with radtest I get an Access-Accept which is ok. But there is an additional information, which irritates me and I have no idea, what it means. In case of an incorrect shared secret - as far as I know - no Access-Accept would have been sent. suse:/home/norbert # radtest nw123 xx localhost 0 1812 maxen Sending Access-Request of id 32 to 127.0.0.1 port 1812 User-Name = "nw123" User-Password = "xx" NAS-IP-Address = 255.255.255.255 NAS-Port = 0 Framed-Protocol = PPP rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=32, length=20 rad_decode: Received Access-Accept packet from client 127.0.0.1 port 1812 with invalid signature (err=2)! (Shared secret is incorrect.) The output of radiusd -AX does not show anything strange to me and can be found at: http://www.wegener-net.de/fr/typescript So, is the last message important or can it be ignored? Thanks Norbert Wegener
Norbert Wegener <nw@sbs.de> wrote:
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=32, length=20 rad_decode: Received Access-Accept packet from client 127.0.0.1 port 1812 with invalid signature (err=2)! (Shared secret is incorrect.)
That message would appear to be definitive.
The output of radiusd -AX does not show anything strange to me and can be found at: http://www.wegener-net.de/fr/typescript
For one, the password printed out in debugging mode is NOT what was sent from the client. And the only reason you got an Access-Accept is that password checking was bypassed completely (Auth-Type Accept)
So, is the last message important or can it be ignored?
It's important. Never ignore it. Alan DeKok.
participants (2)
-
Alan DeKok -
Norbert Wegener