logs: invalid Message-Authenticator! (Shared secret is incorrect.)

Paul Lambert paul.lambert at gmail.com
Fri Oct 13 18:32:09 CEST 2006


Hi,

Have you checked your authentication protocol on the shared secret? Are you
sending with CHAP when freeradius is not expecting it or vice versa?

Have you tried testing with a radius test client - this should allow you
determine if the problem is in the Client or the Server config... or just a
misconfiguration between the two!

Kind regards,
Paul.

On 10/13/06, K. Hoercher <wbhoer at gmail.com> wrote:
>
> Hi,
>
> On 10/13/06, YvesDM <ydmlog at gmail.com> wrote:
> > Looks pretty obvious, though, I'm sure the shared secret is correct in
> my
> > clients.conf and in the chillispot configuration.
> > Any hints?
>
> Well, as you said yourself, it looks pretty obvious. But as it would
> be extremely unlikely for both statements to be true, I'd suggest (in
> no particular order):
>
> Check clients.conf for eventual more specific entries overriding those
> for subnets. Does some sql reading of nas's set another secret? Do the
> alleged "correct" config files get actually used by freeradius (been
> there, done that *g*).
>
> Something to those effects regarding chilli.conf.
>
> Some of that might have been ruled out/in already, had you provided
> the full debug output and pertinent snippets from your config.
>
> Sniff the radius traffic, and check validity manually. See src/lib/hmac.c
>
> hth
> K. Hoercher
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20061013/eace9f8e/attachment.html>


More information about the Freeradius-Users mailing list