Using OpenWRT nas, identical shared secret, told "Shared secret is incorrect."

Matthew Newton mcn4 at leicester.ac.uk
Wed Nov 11 17:47:35 CET 2015


On Wed, Nov 11, 2015 at 11:28:10AM -0500, Toyam Cox wrote:
...
> radiusd: #### Loading Clients ####
>  client localhost {
>      ipaddr = 127.0.0.1
>      require_message_authenticator = no
>      secret = "testing123"
>      nastype = "other"
>  }
...
> rlm_sql (sql): Read entry nasname=10.0.0.4,shortname=testing,secret=testing123
> rlm_sql (sql): Adding client 10.0.0.4 (testing, server=<none>) to clients list
...
> Ready to process requests.


That's better - same server setup.


> rad_recv: Access-Request packet from host 10.0.0.4 port 3787, id=254, length=133
>     User-Name = "Aviator"
>     NAS-IP-Address = 10.0.0.4
>     NAS-Port = 0
>     Message-Authenticator = 0xbca92aec49da8848ab95b8ac15e7daab
>     MS-CHAP-Challenge = 0x179924b2ec0ad514
>     MS-CHAP-Response =
> 0x0001000000000000000000000000000000000000000000000000b5b672c3217a5fd2ca598435ee57218a92635838e3783684
> # Executing section authorize from file /etc/raddb/sites-enabled/default
> +group authorize {
...

> Sending Access-Accept of id 254 to 10.0.0.4 port 3787
...

And it works. Which gives two likely possibilities

 - shared secret incorrectly defined on NAS
 - NAS is broken.

FreeRADIUS looks fine - investigate or replace your NAS.

Cheers,

Matthew


-- 
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>


More information about the Freeradius-Users mailing list