Accounting-Request packet shared secret fail

Alan DeKok aland at deployingradius.com
Wed Aug 8 00:24:30 CEST 2018


On Aug 7, 2018, at 6:04 PM, Kevin Virk <Kevin.Virk at faithlife.com> wrote:
> 
> I am having an issue with configuring my cisco switch to authenticate with freeradius. My secret is the same on both sides but I keep getting error that the shared secret is not correct.

  Then the shared secret isn't correct.

> I did a tcpdump of the traffic and then opened in wireshark to see. The password is coming through encrypted as I would suspect. Could this encrypted password be the reason that I am not able to authenticate.

  The password is encrypted with the shared secret.  If the shared secret is wrong, then FreeRADIUS can't decrypt the password.

> Side note: Using wpa supplicant and eapol_test I was able to get a successful test. Only non success is this cisco switch.

  Likely because they're using different IP addresses.

  Are you editing the "client" configuration for the Cisco switch?

  Have you tried setting the shared secret to something like "hello" ?

  TBH, your choices here are:

a) the Cisco firmware works for everyone else, but not for you

b) FreeRADIUS works for everyone else, but not for you

c) you're entering the wrong shared secret, or maybe the correct shared secret, but in the wrong place.

  Alan DeKok.




More information about the Freeradius-Users mailing list