Freeradius as a proxy to Windows IAS - not solved after all :-(
Hugh Messenger
hugh at alaweb.com
Tue Jul 31 21:50:46 CEST 2007
Clive Gould said:
> I have installed freeradius 1.1.7 and get the appended message when I try
> to use it as a proxy between a Linux/Moodle/PHP radius client and a
> Windows IAS server. The shared secrets are definitely the same.
[snip]
> Received Access-Accept packet from client 10.200.0.2 port 1812 with
> invalid signature (err=2)! (Shared secret is incorrect.) Dropping packet
> without response.
Have you actually retyped the secret in FR (or better yet, copy and paste
from your Moodle config) and restarted the service? Sometimes our eyes can
deceive us, and even on close inspection, we can see what we expect to see,
not what is actually there.
Have you tried running a 'radclient' test by hand from the FR box to IAS,
copying and pasting the secret onto the command line from your FR config?
BTW, in an earlier email you said:
> I do not have physical access to the IAS server and cannot change it's
> shared secret
How are you actually checking the secret on IAS?
I haven't run IAS for a looong time ... does it have a way of verifying a
shared secret for a client? For instance, in Funk's SBRNT there is a
'verify' button, that lets you type (or paste) the secret in a modal dialog
and it'll tell you if you have it right or not.
Last idea ... do you have spaces in the secret? I'm not sure how FR would
handle that, i.e. might it require quotes around the secret in clients.conf?
-- hugh
More information about the Freeradius-Users
mailing list