invalid Message-Authenticator! (Shared secret is incorrect.)

Alan DeKok aland at
Mon Feb 2 16:23:55 CET 2009

Hegedus Gabor wrote:
> Could it be the problem?:
> radius server is in and the nas is in the
> the packets bridged, the nas can ping the radius server... can the
> different mask be a problem?

  Perhaps you should believe the answers on this list.

> and when I try authenticate for NAS(consol), the radius reject because
> ad_recv: Access-Request packet from host port 1645, id=43,
> length=78
> NAS-IP-Address =
> NAS-Port-Type = Async
> User-Name = "test"
> User-Password = "\335\333TmZî Łx\273\367G\241\350\263\026"

  (a) the shared secret is wrong
  (b) the MD5 libraries are completely broken.

  Choose one.

  Choosing *another* option means that you are not interested in getting
help from this list.

> what is this password \335\333TmZî Łx\273\367G\241\350\263\026 I don't
> understand, ti tells chack the shared secret but it is good....

  It means that the shared secret is wrong.

  Alan DeKok.

More information about the Freeradius-Users mailing list