Accounting-Request with invalid signature

Alan DeKok aland at deployingradius.com
Sun Mar 18 21:20:53 CET 2012


Shurbann Martes wrote:
> The problem is when FreeRADIUS receives a Accounting-Request it drops
> the packet without response due to a problem with the signature:
> 
> rad_recv: Accounting-Request packet from host x.x.x.x port 64514, id=1,
> length=287
> Received Accounting-Request packet from x.x.x.x with invalid signature!
>  (Shared secret is incorrect.) Dropping packet without response.

  That message is pretty clear.

> The Access-Request are ok:

  No, they're not.

> rad_recv: Access-Request packet from host x.x.x.x port 64986, id=236,
> length=102
>         User-Name = "test"
>         User-Password = "\2517Rq\2308Uv\"\204\220\341\377\244(\363"

  The password is garbage.  This means that the shared secret is wrong.

> [files] users: Matched entry DEFAULT at line 61

  In which you set "Auth-Type := Accept", which doesn't check the password.

> The shared secret key has special characters in it such as $-sign and
> /-sign.

  If you enter it correctly, that should work.

  So.. you probably didn't enter it correctly.

> The client is a Juniper NAS.
> 
> These are the questions I have:
> 
>     * Any issues with FreeRADIUS Accounting-Request in combination with
>       a secret key containing special characters?

 No.

>     * Why is the access-request having no issues with these special
>       characters?

  Because you edited the default configuration and broke it.

>     * Anyone bumped into a similar problems in combination with a
>       juniper NAS

  No.  This isn't a Juniper problem.

>     * Is there a way to figure out the secret-key the client is using?

  No.

  Try using a simple shared secret.

  Alan DeKok.


More information about the Freeradius-Users mailing list