invalid Message-Authenticator! (Shared secret is incorrect.)

Hegedus Gabor hegedus.gabor at
Mon Feb 2 15:52:55 CET 2009

Alan DeKok wrote:
> Hegedus Gabor wrote:
>> Hi I have a problem:
>> I get this message
>> *invalid Message-Authenticator! (Shared secret is incorrect.) *
>> But I checked the key and it equals.
>   The shared secret is wrong.
>> What is the problem?
>> clients.conf:
>> client {
>>    secret = test 
>> shortname=blablabla
>> }
>   Why are you putting two configurations on the same line?  This isn't C
> programming, where statements are separated by ';'
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See

sorry there is enter but i just wrote it wrong...

client {
	secret = test 

Could it be the problem?:
radius server is in and the nas is in the 
the packets bridged, the nas can ping the radius server... can the 
different mask be a problem?

and when I try authenticate for NAS(consol), the radius reject because

ad_recv: Access-Request packet from host port 1645, id=43, 
NAS-IP-Address =
NAS-Port-Type = Async
User-Name = "test"
User-Password = "\335\333TmZî Łx\273\367G\241\350\263\026"
NAS-Identifier = "******* "
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop

Failed to authenticate the user.
Login incorrect: [test/\335\333TmZî?Łx\273\367G\241\350\263\026] (from 
client AP_wireless port 0)
WARNING: Unprintable characters in the password. Double-check the shared 
secret on the server and the NAS!
Using Post-Auth-Type Reject

what is this password \335\333TmZî Łx\273\367G\241\350\263\026 I don't 
understand, ti tells chack the shared secret but it is good....

thank you

More information about the Freeradius-Users mailing list