Shared secret is wrong, except that it isn't?

Josh Howlett josh.howlett at bristol.ac.uk
Wed Mar 29 21:52:51 CEST 2006


Have you tried putting the secret in clients.conf? I thought the clients 
file was deprecated.

josh.

Peter Seebach wrote:
> Okay, I'm sorta stumped here.  I'm getting the exact behavior described for
> "shared secret is wrong", but I am pretty confident that it isn't.
> 
> FreeRadius 1.1.1, installed on NetBSD 3.0/amd64.
> 
> Synopsis:  No matter how cleverly I try to make sure I have the right shared
> secret, I get garbage passwords.
> 
> My clients file says:
> 	127.0.0.1	foobar
> I'm using radtest:
> 	radtest user pw localhost 10 foobar
> 
> I get:
> 
> auth: type "System"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 0
> rlm_unix: [beta1]: invalid password
> modcall[authenticate]: module "unix" returns reject for request 0
> modcall: leaving group authenticate (returns reject) for request 0
> auth: Failed to validate the user.
> WARNING: Unprintable characters in the password. ?  Double-check the shared secret on the server and the NAS!
> 
> There are no unprintable characters in the password I'm sending.
> 
> So.  The one thing I can think of is the 64-bit environment, because an old
> version of cistron-radiusd I was skimming once had a comment about assumptions
> about the size of long and the size of (void *).  However, even then, I would
> expect that a radtest and a radiusd built and running on the same server
> would, even if they were doing it wrong, do it wrong in precisely compatible
> ways!
> 
> So, uhm.  Where exactly is this encryption happening?  It looks like
> lib/radius.c is the place where shared secrets are used, but the code seems
> to be substantially different from the cistron code I vaguely remember from
> way back when.  In particular, I don't remember this MD5 stuff...
> 
> -s
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list