Testing failure during setup

Elizabeth Fife fifeeliz1 at hotmail.com
Mon Jun 3 09:39:14 CEST 2013


FYI -as this was odd though you would like to know



Given the debug out put and packet collection results 
the anomouls behavior during radius authentication of wifi users was in your mind and mine - clearly 
the fault of the access-point (either in configuration or "hardware"). 
The radius servers were conversely clearly not at fault.
 Cisco
 TAC eventually agreed and sent a replacement - the replacement worked perfectly 
with the same configuration and without alteration to the radius server 
settings - meaning odd behavior was "hardware" failure.
 Thanks to those who thought on this


> Date: Mon, 27 May 2013 09:20:53 -0400
> From: aland at deployingradius.com
> To: freeradius-users at lists.freeradius.org
> Subject: Re: Testing failure during setup
> 
> Elizabeth Fife wrote:
> > I am ready for an earbending likely from Alan but for the record I have
> > read the debug and done as much searching as my brain can handle before
> > this post
> 
>   You'll not that I get cranky when people *don't* follow instructions.
>  You have followed them.  So clearly you're a wonderful person.
> 
> > I have the added each machine as a client of the other for testing in
> > clients.conf they both have the shared secret aaabbb
> 
>   Which should work.
> 
>   In short, the server gets an Access-Request and processes it.  The
> client doesn't like the reply.
> 
>   Both Access-Request and Access-Challenge contain
> Message-Authenticator.  The server processes the Access-Request *only*
> when the Message-Authenticator is correct.  Which in turn depends on the
> shared secret.
> 
>   So the shared secret is the same on both ends.
> 
>   But, the client doesn't like the reply from the server.  Which has a
> Message-Authenticator created using the same secret.
> 
>   I'm not really sure what to suggest here.  This kind of thing should
> *never* happen.
> 
>   Did you install both servers from apt-get?
> 
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130603/fd3c4cae/attachment.html>


More information about the Freeradius-Users mailing list