Hello, I have a PacketFence set up using FreeRADIUS v. 3.0.13. In PacketFence GUI I have set up a RADIUS secret key - a letter "x" for testing purposes, but when I try using radtest -x test test localhost:18120 0 x the radiusd -X -xx -d /usr/local/pf/raddb -n auth output is following : Mon Apr 3 17:01:03 2017 : Debug: (0) Received Access-Request Id 196 from 127.0.0.1:37337 to 127.0.0.1:18120 length 79 Mon Apr 3 17:01:03 2017 : Info: Dropping packet without response because of error: Received packet from 127.0.0.1 with invalid Message-Authenticator! (Shared secret is incorrect.) Mon Apr 3 17:01:03 2017 : Debug: Waking up in 0.3 seconds. Mon Apr 3 17:01:03 2017 : Debug: (0) Cleaning up request packet ID 196 with timestamp +64 Mon Apr 3 17:01:03 2017 : Info: Ready to process requests Mon Apr 3 17:01:08 2017 : Debug: (1) Received Access-Request Id 196 from 127.0.0.1:37337 to 127.0.0.1:18120 length 79 Mon Apr 3 17:01:08 2017 : Info: Dropping packet without response because of error: Received packet from 127.0.0.1 with invalid Message-Authenticator! (Shared secret is incorrect.) Mon Apr 3 17:01:08 2017 : Debug: Waking up in 0.3 seconds. Mon Apr 3 17:01:08 2017 : Debug: (1) Cleaning up request packet ID 196 with timestamp +69 Mon Apr 3 17:01:08 2017 : Info: Ready to process requests The shared key should be the same - is there any way how do debug it on a lower level ? Thank you very much
On Apr 3, 2017, at 11:05 AM, Ondřej Lauer <Ondrej.Lauer@seznam.cz> wrote:
I have a PacketFence set up using FreeRADIUS v. 3.0.13. In PacketFence GUI I have set up a RADIUS secret key - a letter "x" for testing purposes, but when I try using ... Mon Apr 3 17:01:03 2017 : Info: Dropping packet without response because of error: Received packet from 127.0.0.1 with invalid Message-Authenticator! (Shared secret is incorrect.)
The shared secret is wrong. Fix it. Re-start FreeRADIUS after changing the secret.
The shared key should be the same - is there any way how do debug it on a lower level ?
Look at the packet traces and do the MD5 calculations. In short.. no. This is cause by one of two issues: 1) the shared secret is wrong (99.999% of the time) 2) one system is calculating MD5 hashes incorrectly Alan DeKok.
I have set it on both sides to "x" - is there any way to debug it somehow ? I will check it one more time, but only place I can check it is PacketFence and it is okay there, so that is why I ask if it is possible to somehow get it out of FreeRADIUS. Thanks ---------- Původní e-mail ---------- Od: Alan DeKok <aland@deployingradius.com> Komu: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Datum: 3. 4. 2017 17:42:16 Předmět: Re: Shared key mismatch "On Apr 3, 2017, at 11:05 AM, Ondřej Lauer <Ondrej.Lauer@seznam.cz> wrote:
I have a PacketFence set up using FreeRADIUS v. 3.0.13. In PacketFence GUI I have set up a RADIUS secret key - a letter "x" for testing purposes, but
when I try using ... Mon Apr 3 17:01:03 2017 : Info: Dropping packet without response because of error: Received packet from 127.0.0.1 with invalid Message-Authenticator!
(Shared secret is incorrect.)
The shared secret is wrong. Fix it. Re-start FreeRADIUS after changing the secret.
The shared key should be the same - is there any way how do debug it on a lower level ?
Look at the packet traces and do the MD5 calculations. In short.. no. This is cause by one of two issues: 1) the shared secret is wrong (99.999% of the time) 2) one system is calculating MD5 hashes incorrectly Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users. html"
On Apr 3, 2017, at 11:49 AM, Ondřej Lauer <Ondrej.Lauer@seznam.cz> wrote:
I have set it on both sides to "x" - is there any way to debug it somehow ?
Run FreeRADIUS in debugging mode. READ the output. Be sure that the "client" entry is what you expect.
I will check it one more time, but only place I can check it is PacketFence and it is okay there, so that is why I ask if it is possible to somehow get it out of FreeRADIUS.
If you're having issues with PacketFence, ask them how their software works. Alan DeKok.
I run it in debug mode, have tried radtest to send some request to me to localhost - but it still says "Secret key mismatch" and I have no idea where to look when I want to debug what is FreeRADIUS comparing so I can have better idea what might be wrong. Would core dump help me ? ---------- Původní e-mail ---------- Od: Alan DeKok <aland@deployingradius.com> Komu: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Datum: 3. 4. 2017 20:15:23 Předmět: Re: Shared key mismatch "
On Apr 3, 2017, at 11:49 AM, Ondřej Lauer <Ondrej.Lauer@seznam.cz> wrote:
I have set it on both sides to "x" - is there any way to debug it somehow ?
Run FreeRADIUS in debugging mode. READ the output. Be sure that the "client" entry is what you expect.
I will check it one more time, but only place I can check it is PacketFence and it is okay there, so that is why I ask if it is possible to somehow get it out of FreeRADIUS.
If you're having issues with PacketFence, ask them how their software works. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users. html"
On Apr 3, 2017, at 2:24 PM, Ondřej Lauer <Ondrej.Lauer@seznam.cz> wrote:
I run it in debug mode, have tried radtest to send some request to me to localhost - but it still says "Secret key mismatch" and I have no idea where to look when I want to debug what is FreeRADIUS comparing so I can have better idea what might be wrong. Would core dump help me ?
I suggested that you read the debug output. Not just 1-2 lines, but ALL OF IT. I also said to look at the "client" definition. You will see the clients and secrets being printed out. I also suggest that you ask PacketFence how their software works. When you use FreeRADIUS all by itself, it works. So if it doesn't work... it's not the fault of FreeRADIUS. Now, stop asking the same question over and over, and go follow instructions. That's the only thing which will solve the problem. Alan DeKok.
participants (2)
-
Alan DeKok -
Ondřej Lauer