freeradius authentication problem

Nathan Ward lists+freeradius at daork.net
Thu Jul 12 10:19:10 CEST 2018



> On 12/07/2018, at 8:02 PM, Mallikarjuna <mallikarjuna.peddappanavara at igrid-td.com> wrote:
> 
> Hi,
> 
> Actually I'm getting password as follows in the terminal
> *
> **User-Name = "bob"**
> **(137)   User-Password = "\273m\000\372\366"*
> 
> But the actual password is "hello".
> I'm using *bob Cleartext-Password := 'hello' *in**users file of freeradius.

Yep.

Check that the shared secret is correct.

In RADIUS, there must be a shared secret configured in both the client and the server. This is *not* the users’ password.
The secret is used to encode the User-Password attribute, so, if you get the secret wrong you get junk in that attribute - just like you are getting - and unsurprisingly, you’re getting 5 characters, the same as the length of “hello”. Also, the response packets do not have the right Authenticator on them so your client should not accept the response.

Check your clients.conf file, see what secret you have configured for the RADIUS client. Just like the output tells you to.

--
Nathan Ward




More information about the Freeradius-Users mailing list