Sometimes passwords are coming in with junk
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Fri Nov 9 19:04:03 CET 2018
> On Nov 9, 2018, at 12:58 PM, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:
>
>
>
>> On Nov 7, 2018, at 4:47 PM, Sam T <givemesam at gmail.com> wrote:
>>
>> Hi!
>>
>> We are getting close to a workable solution with freeradius!
>>
>> When running freeradius in debug mode we can see that sometimes it comes in
>> correctly, and other times in some kind of junky value.
>
> The shared secret is wrong. If your NAS supports Message-Authenticator, enable it and FreeRADIUS will tell you that the shared secret is wrong.
The other things it could be are an intermediary proxy, not decrypting/re-encrypting the password value correctly.
Bytes being overwritten in the message authenticator. Bytes being overwritten in the User-Password attributes.
Packets coming from different source IPs (with different shared secrets).
Uninitialised memory in the RADIUS client screwing up the encryption, etc..
Use radsniff with captured packets and pass -s to verify it's not a client lookup issue.
Send packets directly if you're using a proxy.
Verify PCAPs on the NAS and RADIUS server have the same content.
-Arran
More information about the Freeradius-Users
mailing list