how to change the radius default "testing123" password

Clint Petty cpetty at luthresearch.com
Wed Oct 2 23:34:21 CEST 2013


Hi Alan,

Ok, I just changed the StrongSwan:/etc/strongswan/strongswan.conf & the Radius:/etc/raddb/clients.conf files, and left the other files with reference to "testing123" alone.  Restarted the strongswan & radiusd services, and get the same error from my iphone, "VPN Connection - User authentication failed".  I started radiusd -X (debug mode), and get the following:

rad_recv: Access-Request packet from host xx.xx.xx.79 port 49922, id=198, length=137
Received packet from xx.xx.xx.79 with invalid Message-Authenticator!  (Shared secret is incorrect.) Dropping packet without response.
Going to the next request
Waking up in 0.9 seconds.
Cleaning up request 7 ID 198 with timestamp +296
Ready to process requests.

Repeats four times.



-----Original Message-----
From: freeradius-users-bounces+cpetty=luthresearch.com at lists.freeradius.org [mailto:freeradius-users-bounces+cpetty=luthresearch.com at lists.freeradius.org] On Behalf Of Alan DeKok
Sent: Wednesday, October 02, 2013 2:02 PM
To: FreeRadius users mailing list
Subject: Re: how to change the radius default "testing123" password

Clint Petty wrote:
> Hi Alan,
> 
> Thanks for your reply.  However, I have already changed the instances of the password "testing123" in the following files:
>
> StrongSwan:/etc/strongswan/strongswan.conf

  That's good.

> Radius:/etc/raddb/proxy.conf

  That's not good.  The secret there is for home servers, not clients.
I suggest changing it back.

> Radius:/etc/raddb/sites-available/dynamic-clients
> Radius:/etc/raddb/sites-available/originate-coa
> Radius:/etc/raddb/sites-available/robust-proxy-accounting

  That's not good.  Those files are NOT used by the running server.  I
suggest changing it back.

> Radius:/etc/raddb/clients.conf

  That's good.

> After restarting the strongswan and radiusd service, I was not able to authenticate to my LDAP server, and had to change the entries back to "testing123"?  What am I missing here?

  Well, it should work.  What does the debug output say?  That should
tell you *exactly* what's going on.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list