Accounting-Request with invalid signature

Shurbann Martes shurbann at gmail.com
Sun Mar 18 22:15:55 CET 2012 

Hi Alan,

Ok I understand what you're saying.

I'm just copy-pasting the secret-key to the clients.conf:

client x.x.x.x/16 {
        secret          = <secret key with special characters in it>
        shortname       = private-network-2
}

You're saying that the only reason for this failure is wrong secret key?
In other words they gave me the wrong secret.

Regards,
Shurbann Martes


On Sun, Mar 18, 2012 at 4:20 PM, Alan DeKok <aland at deployingradius.com>wrote:

> Shurbann Martes wrote:
> > The problem is when FreeRADIUS receives a Accounting-Request it drops
> > the packet without response due to a problem with the signature:
> >
> > rad_recv: Accounting-Request packet from host x.x.x.x port 64514, id=1,
> > length=287
> > Received Accounting-Request packet from x.x.x.x with invalid signature!
> >  (Shared secret is incorrect.) Dropping packet without response.
>
>   That message is pretty clear.
>
> > The Access-Request are ok:
>
>  No, they're not.
>
> > rad_recv: Access-Request packet from host x.x.x.x port 64986, id=236,
> > length=102
> >         User-Name = "test"
> >         User-Password = "\2517Rq\2308Uv\"\204\220\341\377\244(\363"
>
>   The password is garbage.  This means that the shared secret is wrong.
>
> > [files] users: Matched entry DEFAULT at line 61
>
>   In which you set "Auth-Type := Accept", which doesn't check the password.
>
> > The shared secret key has special characters in it such as $-sign and
> > /-sign.
>
>   If you enter it correctly, that should work.
>
>  So.. you probably didn't enter it correctly.
>
> > The client is a Juniper NAS.
> >
> > These are the questions I have:
> >
> >     * Any issues with FreeRADIUS Accounting-Request in combination with
> >       a secret key containing special characters?
>
>  No.
>
> >     * Why is the access-request having no issues with these special
> >       characters?
>
>  Because you edited the default configuration and broke it.
>
> >     * Anyone bumped into a similar problems in combination with a
> >       juniper NAS
>
>  No.  This isn't a Juniper problem.
>
> >     * Is there a way to figure out the secret-key the client is using?
>
>  No.
>
>  Try using a simple shared secret.
>
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120318/d641d87d/attachment-0001.html>

More information about the Freeradius-Users mailing list