Proxy and clear-text password
Luis Galan
radius at claranet.es
Mon Jul 2 18:28:58 CEST 2007
Hello!
The secret key between nas and radius1 is right.
In debug mode I receive a clear password:
Sending Access-Request of id 0 to radius2 port 1645
User-Password = "estestA243"
NAS-Identifier = "10.1.0.102"
User-Name = "estest at domain1"
Acct-Session-Id = "0000033C"
Called-Station-Id = "908274434"
Calling-Station-Id = "933326800"
NAS-Port = 17236233
NAS-Port-Type = Async
Framed-Protocol = PPP
Service-Type = Framed-User
NAS-IP-Address = 10.1.0.102
Proxy-State = 0x313832
--- Walking the entire request list ---
rad_recv: Access-Reject packet from host radius2:1645, id=0, length=85
Received Access-Reject packet from client radius2 port 1645 with invalid
signature (err=2)! (Shared secret is incorrect.) Dropping packet
without response.
Finished request 0
But, with tcpdump, I only see garbage and radius2 receive garbage.
And we have checked the secret key between radius1 and radius2 and it is
right. Radius2 detect the access-request as bad password request (it
receives grabage in the password)
There is others local users in radius1 working fine, using teh same nas
and shared secret.
thanks.
Luis
Alan DeKok escribió:
> Luis Galan wrote:
>> It seems that my nas is sending encrypted passwords
>
> No. If the User-Password field is garbage in debugging mode, it's
> because the shared secret is wrong. Fix it.
>
>> but radius2 only
>> accept clear text passwords. And my radius1 is proxying the request of
>> the user at doamin1 with encrypted passwords to radius2.
>>
>> What can I do to send the clear-text passwords to radius2?
>
> Use the correct shared secret between the NAS and radius1.
>
> Alan DeKok.
More information about the Freeradius-Users
mailing list