Problem with multiple clients.conf
Bjørn Mork
bjorn at mork.no
Fri Aug 27 10:47:24 CEST 2021
Klemen forneci <forneci at gmail.com> writes:
> Hello.
>
> In my environment (migrated from v2 to v3) I have multiple clients defined:
>
> client net {
> ipaddr = 192.168.0.0
> netmask = 16
> secret = removed
> shortname = mass
> nastype = other
> }
>
> client hivemanager {
> ipaddr = 192.168.1.1
> netmask = 24
> secret = removed_2
> shortname = HM
> nastype = other
> }
>
> This configuration works on the v2. On the v3, the problem is that i'm
> getting a incorrect secret error:
>
> Dropping packet without response because of error: Received packet
> from 192.168.1.15 with invalid Message-Authenticator! (Shared secret
> is incorrect.)
>
> Like the package is managed by client NET and not hivemanager (the
> secrets are not the same). Is there a order in which the clients must
> be listed inside the configuration file (finds the first and ignores
> the others)?
The documentations says:
# You can now specify one secret for a network of clients.
# When a client request comes in, the BEST match is chosen.
# i.e. The entry from the smallest possible network.
ref
https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/raddb/clients.conf#L237
It's not clear to me which of the two client entries you believe should
match, but according to that doc 192.168.1.15 should match hivemanager.
One issue might be the bogus network address. You should probably use
192.168.1.0
Bjørn
More information about the Freeradius-Users
mailing list