Accounting-Request with invalid signature

Shurbann Martes shurbann at gmail.com
Sun Mar 18 22:21:23 CET 2012 

One more question:

Are there any limitation to the secret key? I.e. some special characters
not allowed or length?

I'm asking this because I can not believe this problem is caused by to this
person giving me the wrong secret-key.

Regards,
Shurbann Martes


On Sun, Mar 18, 2012 at 5:15 PM, Shurbann Martes <shurbann at gmail.com> wrote:

> Hi Alan,
>
> Ok I understand what you're saying.
>
> I'm just copy-pasting the secret-key to the clients.conf:
>
> client x.x.x.x/16 {
>         secret          = <secret key with special characters in it>
>         shortname       = private-network-2
> }
>
> You're saying that the only reason for this failure is wrong secret key?
> In other words they gave me the wrong secret.
>
> Regards,
> Shurbann Martes
>
>
> On Sun, Mar 18, 2012 at 4:20 PM, Alan DeKok <aland at deployingradius.com>wrote:
>
>> Shurbann Martes wrote:
>> > The problem is when FreeRADIUS receives a Accounting-Request it drops
>> > the packet without response due to a problem with the signature:
>> >
>> > rad_recv: Accounting-Request packet from host x.x.x.x port 64514, id=1,
>> > length=287
>> > Received Accounting-Request packet from x.x.x.x with invalid signature!
>> >  (Shared secret is incorrect.) Dropping packet without response.
>>
>>   That message is pretty clear.
>>
>> > The Access-Request are ok:
>>
>>  No, they're not.
>>
>> > rad_recv: Access-Request packet from host x.x.x.x port 64986, id=236,
>> > length=102
>> >         User-Name = "test"
>> >         User-Password = "\2517Rq\2308Uv\"\204\220\341\377\244(\363"
>>
>>   The password is garbage.  This means that the shared secret is wrong.
>>
>> > [files] users: Matched entry DEFAULT at line 61
>>
>>   In which you set "Auth-Type := Accept", which doesn't check the
>> password.
>>
>> > The shared secret key has special characters in it such as $-sign and
>> > /-sign.
>>
>>   If you enter it correctly, that should work.
>>
>>  So.. you probably didn't enter it correctly.
>>
>> > The client is a Juniper NAS.
>> >
>> > These are the questions I have:
>> >
>> >     * Any issues with FreeRADIUS Accounting-Request in combination with
>> >       a secret key containing special characters?
>>
>>  No.
>>
>> >     * Why is the access-request having no issues with these special
>> >       characters?
>>
>>  Because you edited the default configuration and broke it.
>>
>> >     * Anyone bumped into a similar problems in combination with a
>> >       juniper NAS
>>
>>  No.  This isn't a Juniper problem.
>>
>> >     * Is there a way to figure out the secret-key the client is using?
>>
>>  No.
>>
>>  Try using a simple shared secret.
>>
>>  Alan DeKok.
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120318/ab70938c/attachment.html>

More information about the Freeradius-Users mailing list