Yet another shared secret mismatch issue

Herwin Weststrate herwin at
Thu Jul 12 09:25:25 CEST 2018

On 12-07-18 08:59, Alberto Martínez Setién via Freeradius-Users wrote:
> Hi all,
> I'm trying to configure hardware (MAC) auth using FreeRADIUS.
> It works nice with another provider, but on this new one seems to do shared
> secret signing wrong.
> Fri Jul  6 08:37:40 2018 : Info: Ready to process requests
> Fri Jul  6 08:37:50 2018 : Debug: (0) Received Access-Request Id 4 from
> to length 271
> Fri Jul  6 08:37:50 2018 : Info: Dropping packet without response because
> of error: Received packet from with invalid
> Message-Authenticator!  (Shared secret is incorrect.)
> (....)
> I have no doubt that FR does the right thing, and I'm sure that this is not
> a "maybe you didn't input the same secret in both places" issue. This is
> either a hardcoded secret (not their first time) or a bad implementation.
> They deny any wrongdoing on their part.
> I intend to prove that they are doing RADIUS secret wrong and have locate
> the fr_radius_verify function.
> My questions are:
> Can I brute force the secret somehow?
> Can I make my point to them somehow else?

You could use that to decrypt the User-Password attribute. If it turn
out like garbage it probably used a different shared secret than you

Herwin Weststrate

More information about the Freeradius-Users mailing list