Doubt - Freeradius + Ldap
John Dennis
jdennis at redhat.com
Fri Nov 5 20:17:05 CET 2010
On 11/05/2010 03:06 PM, Phil Mayers wrote:
> On 11/05/2010 06:47 PM, Eduardo Moreira wrote:
>> sorry, but where i checked the shared secret? in clients.conf?
>
> Yes
>
>>
>> if yes, secret is ok!
>
> No it isn't; look at the packet:
>
>>> Mon Nov 1 15:06:16 2010 : Debug: Ready to process requests.
>>> rad_recv: Access-Request packet from host 10.12.60.19 port 50105,
>>> id=100, length=73
>>> User-Name = "username"
>>> User-Password = "c\355W'\021tC\372\177R\232(\007\027n\263"
>>> NAS-IP-Address = 127.0.1.1
>>> NAS-Port = 1812
>>> Framed-Protocol = PPP
>
> The User-Password attribute has clearly been decrypted badly; this means
> you've got the shared secret wrong somewhere.
A common problem for folks who build their own versions of freeradius
and mix it with a prebuilt version is the "root prefix" is different. If
you build yourself the $prefix defaults to "/usr/local", but (most?) all
prebuilt packages use $prefix of "/usr". That means you can end up with
two copies of your config files (and loads of other files).
Carefully look at the debug output of your radiusd -X, it will give you
the full path of the files it's reading. Make sure the clients.conf
you're looking at is *exactly* the same one the server is *actually*
reading. Do this even if you haven't built your own package, just for
sanity sake.
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeradius-Users
mailing list