logs: invalid Message-Authenticator! (Shared secret is incorrect.)
K. Hoercher
wbhoer at gmail.com
Fri Oct 13 17:50:36 CEST 2006
Hi,
On 10/13/06, YvesDM <ydmlog at gmail.com> wrote:
> Looks pretty obvious, though, I'm sure the shared secret is correct in my
> clients.conf and in the chillispot configuration.
> Any hints?
Well, as you said yourself, it looks pretty obvious. But as it would
be extremely unlikely for both statements to be true, I'd suggest (in
no particular order):
Check clients.conf for eventual more specific entries overriding those
for subnets. Does some sql reading of nas's set another secret? Do the
alleged "correct" config files get actually used by freeradius (been
there, done that *g*).
Something to those effects regarding chilli.conf.
Some of that might have been ruled out/in already, had you provided
the full debug output and pertinent snippets from your config.
Sniff the radius traffic, and check validity manually. See src/lib/hmac.c
hth
K. Hoercher
More information about the Freeradius-Users
mailing list