invalid Message-Authenticator! (Shared secret is incorrect.)
Hi I have a problem: I get this message *invalid Message-Authenticator! (Shared secret is incorrect.) * But I checked the key and it equals. What is the problem? clients.conf: client 192.168.1.10 { secret = test shortname=blablabla } thx
Hegedus Gabor wrote:
Hi I have a problem:
I get this message *invalid Message-Authenticator! (Shared secret is incorrect.) *
But I checked the key and it equals.
The shared secret is wrong.
What is the problem?
clients.conf: client 192.168.1.10 { secret = test shortname=blablabla }
Why are you putting two configurations on the same line? This isn't C programming, where statements are separated by ';' Alan DeKok.
Alan DeKok wrote:
Hegedus Gabor wrote:
Hi I have a problem:
I get this message *invalid Message-Authenticator! (Shared secret is incorrect.) *
But I checked the key and it equals.
The shared secret is wrong.
What is the problem?
clients.conf: client 192.168.1.10 { secret = test
shortname=blablabla }
Why are you putting two configurations on the same line? This isn't C programming, where statements are separated by ';'
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
sorry there is enter but i just wrote it wrong... client 192.168.1.10 { secret = test shortname=blablabla } Could it be the problem?: radius server is in 10.10.10.0/24 and the nas is in the 192.168.1.1/27 the packets bridged, the nas can ping the radius server... can the different mask be a problem? and when I try authenticate for NAS(consol), the radius reject because ad_recv: Access-Request packet from host 192.168.1.10 port 1645, id=43, length=78 NAS-IP-Address = 192.168.1.10 NAS-Port-Type = Async User-Name = "test" User-Password = "\335\333TmZî Łx\273\367G\241\350\263\026" NAS-Identifier = "******* " +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "test", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop ... Failed to authenticate the user. Login incorrect: [test/\335\333TmZî?Łx\273\367G\241\350\263\026] (from client AP_wireless port 0) WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! Using Post-Auth-Type Reject .... what is this password \335\333TmZî Łx\273\367G\241\350\263\026 I don't understand, ti tells chack the shared secret but it is good.... thank you Gabor
Could it be the problem?: radius server is in 10.10.10.0/24 and the nas is in the 192.168.1.1/27 the packets bridged, the nas can ping the radius server... can the different mask be a problem?
No. Shared secret is wrong. Have you retyped it both on radius server and on the NAS?
WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
The only other possibility is a broken operating system (crypto libraries are corrupted). But in 99.99% of cases, problem is different shared secret. Ivan Kalik
tnt@kalik.net wrote:
Could it be the problem?: radius server is in 10.10.10.0/24 and the nas is in the 192.168.1.1/27 the packets bridged, the nas can ping the radius server... can the different mask be a problem?
No. Shared secret is wrong. Have you retyped it both on radius server and on the NAS?
I checked a lot of time but 12345 = 12345 :)
WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
The only other possibility is a broken operating system (crypto libraries are corrupted). But in 99.99% of cases, problem is different shared secret.
I think the problem is in the AP(nas), not in the radius. Sorry, no more questions about it . I think the CISCO 861 router(new) has something problem. I just want to know. now I try to find the 0.01% thank you Gabor
Ivan Kalik
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hegedus Gabor wrote:
tnt@kalik.net wrote:
Could it be the problem?: radius server is in 10.10.10.0/24 and the nas is in the 192.168.1.1/27 the packets bridged, the nas can ping the radius server... can the different mask be a problem?
No. Shared secret is wrong. Have you retyped it both on radius server and on the NAS?
I checked a lot of time but 12345 = 12345 :)
Dont you mean test = test ? -- Johan Meiring Cape PC Services CC Tel: (021) 883-8271 Fax: (021) 886-7782
I think the problem is in the AP(nas), not in the radius.
Sorry, no more questions about it . I think the CISCO 861 router(new) has something problem.
I would seriously doubt that. Your server would be much bigger suspect. It can't find openSSL either. Ivan Kalik Kalik Informatika ISP
Hegedus Gabor wrote:
Could it be the problem?: radius server is in 10.10.10.0/24 and the nas is in the 192.168.1.1/27 the packets bridged, the nas can ping the radius server... can the different mask be a problem?
Perhaps you should believe the answers on this list.
and when I try authenticate for NAS(consol), the radius reject because
ad_recv: Access-Request packet from host 192.168.1.10 port 1645, id=43, length=78 NAS-IP-Address = 192.168.1.10 NAS-Port-Type = Async User-Name = "test" User-Password = "\335\333TmZî Łx\273\367G\241\350\263\026"
(a) the shared secret is wrong (b) the MD5 libraries are completely broken. Choose one. Choosing *another* option means that you are not interested in getting help from this list.
what is this password \335\333TmZî Łx\273\367G\241\350\263\026 I don't understand, ti tells chack the shared secret but it is good....
It means that the shared secret is wrong. Alan DeKok.
participants (4)
-
Alan DeKok -
Hegedus Gabor -
Johan Meiring -
tnt@kalik.net