Using OpenWRT nas, identical shared secret, told "Shared secret is incorrect."
Matthew Newton
mcn4 at leicester.ac.uk
Wed Nov 11 17:47:35 CET 2015
On Wed, Nov 11, 2015 at 11:28:10AM -0500, Toyam Cox wrote:
...
> radiusd: #### Loading Clients ####
> client localhost {
> ipaddr = 127.0.0.1
> require_message_authenticator = no
> secret = "testing123"
> nastype = "other"
> }
...
> rlm_sql (sql): Read entry nasname=10.0.0.4,shortname=testing,secret=testing123
> rlm_sql (sql): Adding client 10.0.0.4 (testing, server=<none>) to clients list
...
> Ready to process requests.
That's better - same server setup.
> rad_recv: Access-Request packet from host 10.0.0.4 port 3787, id=254, length=133
> User-Name = "Aviator"
> NAS-IP-Address = 10.0.0.4
> NAS-Port = 0
> Message-Authenticator = 0xbca92aec49da8848ab95b8ac15e7daab
> MS-CHAP-Challenge = 0x179924b2ec0ad514
> MS-CHAP-Response =
> 0x0001000000000000000000000000000000000000000000000000b5b672c3217a5fd2ca598435ee57218a92635838e3783684
> # Executing section authorize from file /etc/raddb/sites-enabled/default
> +group authorize {
...
> Sending Access-Accept of id 254 to 10.0.0.4 port 3787
...
And it works. Which gives two likely possibilities
- shared secret incorrectly defined on NAS
- NAS is broken.
FreeRADIUS looks fine - investigate or replace your NAS.
Cheers,
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list