logs: invalid Message-Authenticator! (Shared secret is incorrect.)

YvesDM ydmlog at gmail.com
Fri Oct 13 21:26:32 CEST 2006


On 10/13/06, Paul Lambert <paul.lambert at gmail.com> wrote:
>
> Hi,
>
> Have you checked your authentication protocol on the shared secret? Are
> you sending with CHAP when freeradius is not expecting it or vice versa?
>
> Have you tried testing with a radius test client - this should allow you
> determine if the problem is in the Client or the Server config... or just a
> misconfiguration between the two!
>
> Kind regards,
> Paul.
>
> On 10/13/06, K. Hoercher <wbhoer at gmail.com> wrote:
> >
> > Hi,
> >
> > On 10/13/06, YvesDM <ydmlog at gmail.com> wrote:
> > > Looks pretty obvious, though, I'm sure the shared secret is correct in
> > my
> > > clients.conf and in the chillispot configuration.
> > > Any hints?
> >
> > Well, as you said yourself, it looks pretty obvious. But as it would
> > be extremely unlikely for both statements to be true, I'd suggest (in
> > no particular order):
> >
> > Check clients.conf for eventual more specific entries overriding those
> > for subnets. Does some sql reading of nas's set another secret? Do the
> > alleged "correct" config files get actually used by freeradius (been
> > there, done that *g*).
> >
> > Something to those effects regarding chilli.conf.
> >
> > Some of that might have been ruled out/in already, had you provided
> > the full debug output and pertinent snippets from your config.
> >
> > Sniff the radius traffic, and check validity manually. See
> > src/lib/hmac.c
> >
> > hth
> > K. Hoercher
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
Tnx for the answers.
Meanwhile I've upgraded chillispot to the newest version, changed the shared
secrets into something else and reloaded the radius configuration and the
problem was gone.

Y.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20061013/255f24b4/attachment.html>


More information about the Freeradius-Users mailing list