How to check сorrectness of the secret key?

alan buxey A.L.M.Buxey at lboro.ac.uk
Mon Sep 24 10:54:13 CEST 2012


Hi,

>    but, tcpdump shows me, that packet was arrived...

yes...but if you dont see ANYTHING in the 'radiusd -X' terminal window, then the
server is not getting the packet

>    I've used radclient on localhost to check the auth-tion. It's works fine.

..which is local...and therefore is direct

>    When NAS server (in different network) send auth request from , then
>    tcpdump shows correct port, ip's, but no answer from RADIUS, no info in
>    the log.

what does 'radiusd -X' show then ?

>    I've tried to send auth request from localhost againg, but with wrong key.
>    As a result -- no log-info in radius.log, also no any response... That is
>    why I think, that  something is wrong with secret key on my NAS-server.

one last time....as you've already been informed. IF you are running FreeRADIUS in
full debug mode ie 'radiusd -X' you WILL see packets arrive...and if the shared secret
is incorrect then you will be told about it:

"WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!"


you wont see ANYTHING in the logs (theres a silent reject) in standard mode - this is to protect
the server from DoS attack

alan


More information about the Freeradius-Devel mailing list