Doubt - Freeradius + Ldap

John Dennis jdennis at
Fri Nov 5 20:17:05 CET 2010

On 11/05/2010 03:06 PM, Phil Mayers wrote:
> On 11/05/2010 06:47 PM, Eduardo Moreira wrote:
>>    sorry, but where i checked the shared secret? in clients.conf?
> Yes
>> if yes, secret is ok!
> No it isn't; look at the packet:
>>> Mon Nov 1 15:06:16 2010 : Debug: Ready to process requests.
>>> rad_recv: Access-Request packet from host port 50105,
>>> id=100, length=73
>>> User-Name = "username"
>>> User-Password = "c\355W'\021tC\372\177R\232(\007\027n\263"
>>> NAS-IP-Address =
>>> NAS-Port = 1812
>>> Framed-Protocol = PPP
> The User-Password attribute has clearly been decrypted badly; this means
> you've got the shared secret wrong somewhere.

A common problem for folks who build their own versions of freeradius 
and mix it with a prebuilt version is the "root prefix" is different. If 
you build yourself the $prefix defaults to "/usr/local", but (most?) all 
prebuilt packages use $prefix of "/usr". That means you can end up with 
two copies of your config files (and loads of other files).

Carefully look at the debug output of your radiusd -X, it will give you 
the full path of the files it's reading. Make sure the clients.conf 
you're looking at is *exactly* the same one the server is *actually* 
reading. Do this even if you haven't built your own package, just for 
sanity sake.

John Dennis <jdennis at>

Looking to carve out IT costs?

More information about the Freeradius-Users mailing list