Invalid reply digest received? Password encryption?
Alan DeKok
aland at deployingradius.com
Fri Jun 10 05:14:10 CEST 2011
Jim Whitescarver wrote:
> Freeradius reports "Sending Access-Accept " (see log below) but we are
> getting the message on our Cisco VPN box
>
> "Radius: Invalid reply digest received; the shared-secret may be incorrect"
Then the shared secret is wrong, or one end doesn't implement RADIUS
correctly.
> We have triple checked the shared secrete and it is correct. With the
> wrong secrete it does not authenticate at all. Any ideas on what else
> might be causing that?
>
> Also, the password comes from the Cisco VPN to freeradius encrypted.
Then the shared secret is wrong. Debug mode will tell you this.
> I had to resort to including the token in the userid field to make it
> work. Any ideas how to decrypt the password? I have tried some tools
> on the net like cisco-decrypt but it says the encrypted password I
> give it is invalid. I notice users in the users file are
> authenticated properly although the password is encrytped. I need
> to decrypt the password in my python module.
No. Your python module is forcing "Auth-Type = Accept", even though
the password is wrong. Don't do that.
Don't check the secrets. Re-enter them. Change them to something
simple like "hello".
Alan DeKok.
More information about the Freeradius-Users
mailing list