Hello, I'm running freebsd 8.1 with mpd 5.5, authenticating users against freeradius. After some seccon uptime pppoe link is dropped. In radius.log i see this Auth: Login OK: [test/test] (from client mpd port 2 cli 000c2906911e) Error: Received Accounting-Request packet from 10.10.10.2 with invalid signature! (Shared secret is incorrect.) Dropping packet without response. Found in forums about "options RADIX_MPATH" for kernel but that didn't give me any result. DEBUG: rad_recv: Access-Request packet from host 10.10.10.2 port 19490, id=151, length=183 NAS-Identifier = "mpd.mydomain.tld" NAS-IP-Address = 10.10.10.2 Message-Authenticator = 0xd52aa007f6772e3745cc6209e99aef8d Acct-Session-Id = "7596900-em1_0-2" NAS-Port = 2 NAS-Port-Type = Ethernet Service-Type = Framed-User Framed-Protocol = PPP Calling-Station-Id = "000c2906911e" Called-Station-Id = "z" NAS-Port-Id = "em1" Vendor-12341-Attr-12 = 0x656d315f302d32 Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Client-Endpoint:0 = "00:0c:29:06:91:1e" User-Name = "test" User-Password = "test" +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radacct/10.10.10.2/auth-detail-20110213 [auth_log] /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radacct/10.10.10.2/auth-detail-20110213 [auth_log] expand: %t -> Sun Feb 13 10:00:27 2011 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "test", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound [files] users: Matched entry DEFAULT at line 172 ++[files] returns ok [sql] expand: %{User-Name} -> test [sql] sql_set_user escaped user --> 'test' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attri bute, value, op FROM radcheck WHERE username = 'test' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attri bute, value, op FROM radreply WHERE username = 'test' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergr oup WHERE username = 'test' ORDER BY priority rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated Found Auth-Type = PAP +- entering group PAP {...} [pap] login attempt with password "test" [pap] Using CRYPT encryption. [pap] User authenticated successfully ++[pap] returns ok Login OK: [test/test] (from client mpd port 2 cli 000c2906911e) +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 151 to 10.10.10.2 port 19490 Framed-Protocol = PPP Framed-Compression = Van-Jacobson-TCP-IP Finished request 23. Going to the next request Waking up in 0.5 seconds. rad_recv: Accounting-Request packet from host 10.10.10.2 port 26224, id=172, length=218 NAS-Identifier = "mpd.mydomain.tld" NAS-IP-Address = 10.10.10.2 Acct-Session-Id = "7596900-em1_0-2" NAS-Port = 2 NAS-Port-Type = Ethernet Service-Type = Framed-User Framed-Protocol = PPP Calling-Station-Id = "000c2906911e" Called-Station-Id = "z" NAS-Port-Id = "em1" Vendor-12341-Attr-12 = 0x656d315f302d32 Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Client-Endpoint:0 = "00:0c:29:06:91:1e" Acct-Status-Type = Start Framed-IP-Address = 20.20.20.2 User-Name = "test" Acct-Multi-Session-Id = "7596900-B-1" Vendor-12341-Attr-13 = 0x422d31 Vendor-12341-Attr-14 = 0x6e6730 Vendor-12341-Attr-15 = 0x00000004 Acct-Link-Count = 1 Acct-Authentic = RADIUS +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 2,Client-IP-Address = 10.10.10.2,NAS-IP-Address = 10.10.10.2,Acct-Session-Id = "7596900-em1_0-2",User-Name = "test"' [acct_unique] Acct-Unique-Session-ID = "026e7c5b94c4dd87". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "test", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.10.10.2/detail-20110213 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.10.10.2/detail-20110213 [detail] expand: %t -> Sun Feb 13 10:00:27 2011 ++[detail] returns ok ++[unix] returns fail Finished request 24. Cleaning up request 24 ID 172 with timestamp +12 Going to the next request Waking up in 0.5 seconds.
Edgars wrote:
I'm running freebsd 8.1 with mpd 5.5, authenticating users against freeradius. After some seccon uptime pppoe link is dropped. In radius.log i see this
Auth: Login OK: [test/test] (from client mpd port 2 cli 000c2906911e) Error: Received Accounting-Request packet from 10.10.10.2 with invalid signature! (Shared secret is incorrect.) Dropping packet without response.
Well.. then the shared secret is wrong for the accounting side of things.
Found in forums about "options RADIX_MPATH" for kernel but that didn't give me any result.
I don't see why that would help. If the shared secret is wrong for some packets and not others, the likely cause is that the client software is broken. Alan DeKok.
participants (2)
-
Alan DeKok -
Edgars