shared secret mismatch

Michael Lecuyer mjl at theorem.com
Thu May 18 15:47:09 CEST 2006


There's more going on the exchange than a simple authentication.

The data in the Access-Request packet may have  correct data for 
authentication. The server will correctly authenticate the entity. 
However server signs the response packet with a different secret than 
the client making the signature incorrect.

The client must check the signature on the Access-Accept packet and if 
it's not correct must reject the authentication even though the reply 
type is Access-Accept.

DilipSimha.N.M wrote:
> hi,
> 
> If the shared-secret mismatches bwtween NAS and RADIUS server,
> then still the access-accept message is sent from RADIUS server to NAS.
> 
> why is access-reject message not sent???
> 
> --DilipSimha
> - List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
> 
> 




More information about the Freeradius-Users mailing list