how to change the radius default "testing123" password
Clint Petty
cpetty at luthresearch.com
Wed Oct 2 23:34:21 CEST 2013
Hi Alan,
Ok, I just changed the StrongSwan:/etc/strongswan/strongswan.conf & the Radius:/etc/raddb/clients.conf files, and left the other files with reference to "testing123" alone. Restarted the strongswan & radiusd services, and get the same error from my iphone, "VPN Connection - User authentication failed". I started radiusd -X (debug mode), and get the following:
rad_recv: Access-Request packet from host xx.xx.xx.79 port 49922, id=198, length=137
Received packet from xx.xx.xx.79 with invalid Message-Authenticator! (Shared secret is incorrect.) Dropping packet without response.
Going to the next request
Waking up in 0.9 seconds.
Cleaning up request 7 ID 198 with timestamp +296
Ready to process requests.
Repeats four times.
-----Original Message-----
From: freeradius-users-bounces+cpetty=luthresearch.com at lists.freeradius.org [mailto:freeradius-users-bounces+cpetty=luthresearch.com at lists.freeradius.org] On Behalf Of Alan DeKok
Sent: Wednesday, October 02, 2013 2:02 PM
To: FreeRadius users mailing list
Subject: Re: how to change the radius default "testing123" password
Clint Petty wrote:
> Hi Alan,
>
> Thanks for your reply. However, I have already changed the instances of the password "testing123" in the following files:
>
> StrongSwan:/etc/strongswan/strongswan.conf
That's good.
> Radius:/etc/raddb/proxy.conf
That's not good. The secret there is for home servers, not clients.
I suggest changing it back.
> Radius:/etc/raddb/sites-available/dynamic-clients
> Radius:/etc/raddb/sites-available/originate-coa
> Radius:/etc/raddb/sites-available/robust-proxy-accounting
That's not good. Those files are NOT used by the running server. I
suggest changing it back.
> Radius:/etc/raddb/clients.conf
That's good.
> After restarting the strongswan and radiusd service, I was not able to authenticate to my LDAP server, and had to change the entries back to "testing123"? What am I missing here?
Well, it should work. What does the debug output say? That should
tell you *exactly* what's going on.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list