FreeRadius sends Access-Reject for MAC-AUTH, if shared secret on NAS and server differ

Phani Siriki yvsg.phanis at gmail.com
Sun Apr 14 23:48:21 CEST 2019


Hi Matthew

>> Bit pointless (and rather antisocial) to a public mailing list.
Sorry about this. I will make sure this wont happen again.

My main question is, why does FreeRadius not send Access-Reject(if
shared secret is not correct) when I try to do EAP authentication?
Could you please let me know if I am missing anything? Please see req
1, 2, 3.

(1) Received Accounting-Request Id 1 from 172.24.85.69:35478 to
172.24.66.67:1813 length 121
Dropping packet without response because of error: Received
Accounting-Request packet from client 172.24.85.69 with invalid
Request Authenticator!  (Shared secret is incorrect.)
Waking up in 0.3 seconds.
(1) Cleaning up request packet ID 1 with timestamp +41
Ready to process requests
(2) Received Access-Request Id 1 from 172.24.85.69:60091 to
172.24.66.67:1812 length 141
Dropping packet without response because of error: Received packet
from 172.24.85.69 with invalid Message-Authenticator!  (Shared secret
is incorrect.)
Waking up in 0.3 seconds.
(2) Cleaning up request packet ID 1 with timestamp +44
Ready to process requests
(3) Received Access-Request Id 1 from 172.24.85.69:60091 to
172.24.66.67:1812 length 141
Dropping packet without response because of error: Received packet
from 172.24.85.69 with invalid Message-Authenticator!  (Shared secret
is incorrect.)
Waking up in 0.3 seconds.
(3) Cleaning up request packet ID 1 with timestamp +49
Ready to process requests

Best Regards
Phani

On Sun, Apr 14, 2019 at 1:50 PM Matthew Newton <mcn at freeradius.org> wrote:
>
> On Sun, 2019-04-14 at 13:01 -0700, Phani Siriki wrote:
> >    Phani Siriki has sent you an email via Gmail confidential mode:
>
> Bit pointless (and rather antisocial) to a public mailing list.
>
>
> >    FreeRadius sends Access-Reject for MAC-AUTH, if shared
> >    secret on NAS and server differ
>
> Yes. The secret needs to be the same on both. That's rather the whole
> point of it being a "shared" secret.
>
> --
> Matthew
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list