Password gets changed while proxying
Phil Mayers
p.mayers at imperial.ac.uk
Wed Oct 2 18:28:47 CEST 2013
On 02/10/13 17:14, JB wrote:
> Hi!
>
> We're proxying auth requests to another RADIUS service and encounter the following problem:
> The password seems to get changed somewhere along the way.
> In our case, a 9 character password arrives as 16 character garbage at the home server, which then -of course- rejects the access request.
You've got the shared secret wrong. This causes password decryption to fail.
If you were using Message-Authenticator (as you, and indeed everyone,
should be) the entire packet would fail the MA check and be dropped; but
since you're not, only the fields encrypted by the shared secret are
affected.
More information about the Freeradius-Users
mailing list