freeradius and cisco hidden share

Alan DeKok aland at
Mon Apr 9 17:08:15 CEST 2007

John Baker wrote:
> The setup works fine if I use a password like "testing123" on both ends. 
> But when I use "radius-server key 7" to encrypt it breaks.

  As in... what happens?

>  The current 
> setup does use this so I know it works. But in all the documentation 
> I've been weeding** through** on configuring clients.conf nothing seems 
> to mention how this kind of encryption works on the Free Radius server end.

  See RFC 2865... if you really care about it.  But trust me, FreeRADIUS

> The router insists on extremely long key for this configuration. The 
> 3640 shows one in the config. But client.conf show a much shorter one.
> When I try to plug the long one in clients.conf freeradius fails to startup.

  Could you say what error it produces?

  The comments in clients.conf indicate that the shared secret can be no
more than 31 characters long.  In 2.0, this restriction is removed.

> So how do you configure freeradius for a Cisco hidden password?

  No idea.  The Cisco "hidden password" thing isn't well documented.
i.e. The Cisco docs tell you that you can enable hidden passwords, but
don't say what that means.

  And if you look for "hidden password" in:

  It looks to me like you're using the wrong command.  "radius server
key" sets the shared secret to the following text, which in your case is
"7".  If you want hidden passwords, it looks like you have to use
another command.

  Alan DeKok.
--       - The web site of the book - The blog

More information about the Freeradius-Users mailing list