Using OpenWRT nas, identical shared secret, told "Shared secret is incorrect."
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Wed Nov 11 20:01:41 CET 2015
Hi,
> Is there any way to see the request the client is sending the server?
err, yes - you posted it - its in the debug output!
> User-Name = "Aviator"
> NAS-IP-Address = 10.0.0.4
> NAS-Port = 0
> Message-Authenticator = 0xe601d87c9065c214eb5461f06cf2c55b
> MS-CHAP-Challenge = 0xd2f6a4ad2ddb942b
> MS-CHAP-Response =
> 0x00010000000000000000000000000000000000000000000000007da48d7397f9b0eebf6182b70846bd09671dd019baa4eea8
and the reject is caused by this:
> ++policy filter_username {
> +++? if (User-Name =~ / /)
> ? Evaluating (User-Name =~ / /) -> FALSE
> +++? if (User-Name =~ / /) -> FALSE
> +++? if (User-Name =~ /@.*@/ )
> ? Evaluating (User-Name =~ /@.*@/) -> FALSE
> +++? if (User-Name =~ /@.*@/ ) -> FALSE
> +++? if (User-Name =~ /\\.\\./ )
> ? Evaluating (User-Name =~ /\\.\\./) -> FALSE
> +++? if (User-Name =~ /\\.\\./ ) -> FALSE
> +++? if (User-Name !~ /@(.+)\\.(.+)$/)
> ? Evaluating (User-Name !~ /@(.+)\\.(.+)$/) -> TRUE
> +++? if (User-Name !~ /@(.+)\\.(.+)$/) -> TRUE
> +++if (User-Name !~ /@(.+)\\.(.+)$/) {
> ++++update reply {
> ++++} # update reply = noop
> ++++[reject] = reject
this policy is looking for an "@" to be present...which is isnt in the username "Aviator" - so if
you dont need such a policy, then edit the default virtual server to comment out the filter_username
policy or edit the policy.
alan
More information about the Freeradius-Users
mailing list