logs: invalid Message-Authenticator! (Shared secret is incorrect.)
ydmlog at gmail.com
Fri Oct 13 21:26:32 CEST 2006
On 10/13/06, Paul Lambert <paul.lambert at gmail.com> wrote:
> Have you checked your authentication protocol on the shared secret? Are
> you sending with CHAP when freeradius is not expecting it or vice versa?
> Have you tried testing with a radius test client - this should allow you
> determine if the problem is in the Client or the Server config... or just a
> misconfiguration between the two!
> Kind regards,
> On 10/13/06, K. Hoercher <wbhoer at gmail.com> wrote:
> > Hi,
> > On 10/13/06, YvesDM <ydmlog at gmail.com> wrote:
> > > Looks pretty obvious, though, I'm sure the shared secret is correct in
> > my
> > > clients.conf and in the chillispot configuration.
> > > Any hints?
> > Well, as you said yourself, it looks pretty obvious. But as it would
> > be extremely unlikely for both statements to be true, I'd suggest (in
> > no particular order):
> > Check clients.conf for eventual more specific entries overriding those
> > for subnets. Does some sql reading of nas's set another secret? Do the
> > alleged "correct" config files get actually used by freeradius (been
> > there, done that *g*).
> > Something to those effects regarding chilli.conf.
> > Some of that might have been ruled out/in already, had you provided
> > the full debug output and pertinent snippets from your config.
> > Sniff the radius traffic, and check validity manually. See
> > src/lib/hmac.c
> > hth
> > K. Hoercher
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> List info/subscribe/unsubscribe? See
Tnx for the answers.
Meanwhile I've upgraded chillispot to the newest version, changed the shared
secrets into something else and reloaded the radius configuration and the
problem was gone.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Freeradius-Users