Yet another shared secret mismatch issue

Alberto Martínez Setién alberto.martinez at deusto.es
Thu Jul 12 08:59:37 CEST 2018 

Hi all,

I'm trying to configure hardware (MAC) auth using FreeRADIUS.
It works nice with another provider, but on this new one seems to do shared
secret signing wrong.

Fri Jul  6 08:37:40 2018 : Info: Ready to process requests
Fri Jul  6 08:37:50 2018 : Debug: (0) Received Access-Request Id 4 from
10.70.8.199:44611 to 172.16.250.2:8812 length 271
Fri Jul  6 08:37:50 2018 : Info: Dropping packet without response because
of error: Received packet from 10.70.8.199 with invalid
Message-Authenticator!  (Shared secret is incorrect.)

(wireshark decoding below)
RADIUS Protocol
    Code: Access-Request (1)
    Packet identifier: 0x2 (2)
    Length: 271
    Authenticator: 579f8d81dc3deb6a9f37ebae3d0b7cde
    Attribute Value Pairs
        AVP: l=14 t=User-Name(1): 9068C3435B5A
        AVP: l=18 t=User-Password(2): Encrypted
        AVP: l=6 t=Service-Type(6): Call-Check(10)
        AVP: l=6 t=NAS-IP-Address(4): 10.70.8.199
        AVP: l=22 t=NAS-Identifier(32): WLAN-pruebas_udguest
        AVP: l=30 t=Called-Station-Id(30): DC0856003BF0:pruebas_udguest
        AVP: l=6 t=NAS-Port-Type(61): Wireless-802.11(19)
        AVP: l=6 t=NAS-Port(5): 1
        AVP: l=11 t=NAS-Port-Id(87): wifi-2.4G
        AVP: l=14 t=Calling-Station-Id(31): 9068C3435B5A
        AVP: l=46 t=Acct-Session-Id(44): 10.70.8.199_05/07/2018
12:13:28_9068c3435b5a
        AVP: l=6 t=Framed-MTU(12): 1400
        AVP: l=28 t=Vendor-Specific(26) v=Xylan Corp.(800)
        AVP: l=20 t=Vendor-Specific(26) v=Xylan Corp.(800)
        AVP: l=18 t=Message-Authenticator(80):
7611eb291b65f41849d0451d3f027382


I have no doubt that FR does the right thing, and I'm sure that this is not
a "maybe you didn't input the same secret in both places" issue. This is
either a hardcoded secret (not their first time) or a bad implementation.

They deny any wrongdoing on their part.

I intend to prove that they are doing RADIUS secret wrong and have locate
the fr_radius_verify function.

My questions are:
Can I brute force the secret somehow?
Can I make my point to them somehow else?

Regards,
Alberto

More information about the Freeradius-Users mailing list