2.2.0 - Shared Secret is incorrect

Arran Cudbard-Bell a.cudbardb at freeradius.org
Fri Jul 19 18:26:39 CEST 2013

On 19 Jul 2013, at 16:32, Anja Ruckdaeschel <Anja.Ruckdaeschel at rz.uni-regensburg.de> wrote:

> Dear Arran,
> Sorry, about the typo with debug
> I looked at the invalid packet counters. Only shows the requests with wrong
> shared secrets  in rejects-Counter ... Same thing....

The RADIUS server cannot determine whether the shared secret is correct for Access-Requests
without the Message-Authenticator attribute.  The User-Password field is decrypted incorrectly
and so comparison with the REFERENCE password fails which is why they're seen as a reject.

This isn't an issue with the server, it's an issue with the protocol. Accounting-Requests 
are validated using the Authenticator field and so you get the error message.

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

More information about the Freeradius-Users mailing list