Accounting-Request with invalid signature

Shurbann Martes shurbann at gmail.com
Sun Mar 18 20:11:21 CET 2012


Hello gents,

I've been trying to solve this problem for a couple of days now. I'm asking
for your expert advise since I'm not getting anywhere near a solution:

The problem is when FreeRADIUS receives a Accounting-Request it drops the
packet without response due to a problem with the signature:

rad_recv: Accounting-Request packet from host x.x.x.x port 64514, id=1,
length=287
Received Accounting-Request packet from x.x.x.x with invalid signature!
 (Shared secret is incorrect.) Dropping packet without response.

The Access-Request are ok:

rad_recv: Access-Request packet from host x.x.x.x port 64986, id=236,
length=102
        User-Name = "test"
        User-Password = "\2517Rq\2308Uv\"\204\220\341\377\244(\363"
        NAS-IP-Address = x.x.x.x
        NAS-Identifier = "NPR_GGSN_01"
        Called-Station-Id = "wap1.btcbahamas.com"
        Framed-Protocol = GPRS-PDP-Context
        Service-Type = Framed-User
        NAS-Port-Type = Virtual
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 61
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = Accept
Auth-Type = Accept, accepting the user
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 236 to x.x.x.x port 64986

The shared secret key has special characters in it such as $-sign and
/-sign.

The client is a Juniper NAS.

These are the questions I have:

   - Any issues with FreeRADIUS Accounting-Request in combination with a
   secret key containing special characters?
   - Why is the access-request having no issues with these special
   characters?
   - Anyone bumped into a similar problems in combination with a juniper NAS
   - Is there a way to figure out the secret-key the client is using?

Thank you.

Regards,
Shurbann Martes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120318/e049dbf6/attachment.html>


More information about the Freeradius-Users mailing list