Yet another shared secret mismatch issue

Alberto Martínez Setién alberto.martinez at
Thu Jul 12 08:59:37 CEST 2018

Hi all,

I'm trying to configure hardware (MAC) auth using FreeRADIUS.
It works nice with another provider, but on this new one seems to do shared
secret signing wrong.

Fri Jul  6 08:37:40 2018 : Info: Ready to process requests
Fri Jul  6 08:37:50 2018 : Debug: (0) Received Access-Request Id 4 from to length 271
Fri Jul  6 08:37:50 2018 : Info: Dropping packet without response because
of error: Received packet from with invalid
Message-Authenticator!  (Shared secret is incorrect.)

(wireshark decoding below)
RADIUS Protocol
    Code: Access-Request (1)
    Packet identifier: 0x2 (2)
    Length: 271
    Authenticator: 579f8d81dc3deb6a9f37ebae3d0b7cde
    Attribute Value Pairs
        AVP: l=14 t=User-Name(1): 9068C3435B5A
        AVP: l=18 t=User-Password(2): Encrypted
        AVP: l=6 t=Service-Type(6): Call-Check(10)
        AVP: l=6 t=NAS-IP-Address(4):
        AVP: l=22 t=NAS-Identifier(32): WLAN-pruebas_udguest
        AVP: l=30 t=Called-Station-Id(30): DC0856003BF0:pruebas_udguest
        AVP: l=6 t=NAS-Port-Type(61): Wireless-802.11(19)
        AVP: l=6 t=NAS-Port(5): 1
        AVP: l=11 t=NAS-Port-Id(87): wifi-2.4G
        AVP: l=14 t=Calling-Station-Id(31): 9068C3435B5A
        AVP: l=46 t=Acct-Session-Id(44):
        AVP: l=6 t=Framed-MTU(12): 1400
        AVP: l=28 t=Vendor-Specific(26) v=Xylan Corp.(800)
        AVP: l=20 t=Vendor-Specific(26) v=Xylan Corp.(800)
        AVP: l=18 t=Message-Authenticator(80):

I have no doubt that FR does the right thing, and I'm sure that this is not
a "maybe you didn't input the same secret in both places" issue. This is
either a hardcoded secret (not their first time) or a bad implementation.

They deny any wrongdoing on their part.

I intend to prove that they are doing RADIUS secret wrong and have locate
the fr_radius_verify function.

My questions are:
Can I brute force the secret somehow?
Can I make my point to them somehow else?


More information about the Freeradius-Users mailing list