How to check ?orrectness of the secret key?

Alan DeKok aland at deployingradius.com
Mon Sep 24 13:12:55 CEST 2012 

Brian Candler wrote:
> A little politeness doesn't cost anything, and I am trying to be helpful.

  That's uncalled for.  My responses were polite, and helpful.  My less
than polite response was to *your* defense of inexcusable behavior.

> I was picking up on something he said, which I believe amounted to the
> following:
> 
> - radtest to localhost with correct secret shows debug output
> - radtest to localhost with incorrect secret shows nothing

  ... in the radius.log.  He *didn't* say he tried it in debugging mode.

> That clearly *isn't* an IP firewall problem, and until this problem is
> understood, we cannot trust any debug output that the OP reports is/is not
> there. 

  I can believe (a) that the OP screwed up his description of what he
did, or (b) that FreeRADIUS magically doesn't log packets it receives.

  (b) isn't impossible, but is overwhelmingly less likely.

> It is therefore in the OP's interest, and ours if we are going to
> help with the original problem, to sort this out first.

  My suggestions have stayed the same:

a) run the server in debugging mode

b) check the firewall.

  The server NOT receiving packets AND tcpdump receiving them means that
a firewall is blocking them.  It's happened many times before.  The
problem description is the same.  The solution is the same.  Run the
server in debugging mode for packets received from the external NAS.
Don't look at "radius.log" AS HE SAID HE DID.

  It's not rocket science.  There is no excuse for it, and there is *no*
reason for you to defend inexcusable behavior.

> And personally I am not happy to see people being publicly branded as
> "idiots" after only one or two postings.  If you don't have the patience,
> then please consider allowing the rest of the community to answer.

  I answered politely.  Twice.  I only got testy when *you* stepped in
to misconstrue what the OP said, and to defend his failure to follow
decade-old documentation.

  So... get off your high horse.  It's almost as annoying as people who
ask questions and then ignore the answers.

  Alan DeKok.

More information about the Freeradius-Devel mailing list