cisco freeradius problems

Edgars Makņa edgarz at dtg.lv
Thu Nov 8 09:09:40 CET 2007


No, shared secret was not wrong, for this case i used "special" secret, 
on both hosts in configuration - 1
 From one works, from other no.
Nothing more was changed.

Alan DeKok wrote:
> Edgars Makņa wrote:
>   
>> Hello
>> I have interesting problems with freeradius authentication.
>> NAS - cisco 2801
>> radius - freeradius running on freebsd with mysql db.
>> I had a lot of such errors in radius.log:
>> Auth: Login incorrect (rlm_pap: CRYPT password check failed):
>> [1-102/D\014\003\222\374\267<z\013y\005\200\354S\373\344] (from client
>> plaza port 0)
>> In debug output i get "unprintable characters".
>>     
>
>   Then the shared secret is wrong.
>
>   
>> In the same time
>> authentication was working fine from other hosts, for example smtp server.
>>     
>
>   The shared secret is different for each host.
>
>   
>> Problem was solved in interesting way, on cisco i specified radius
>> source interface.
>>     
>
>   Which changes the IP address seen by the server, meaning it uses a
> different shared secret.
>
>   
>> It was working fine until mysql server crashed and i got
>> same garbage in authentication. I removed source radius interface from
>> cisco configuration and everything started to work fine again.
>> Any ideas?
>>     
>
>   You mistyped something in MySQL, started RADIUS, noticed a problem,
> and then re-started both MySQL and RADIUS.
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list