On 19 Jul 2013, at 16:32, Anja Ruckdaeschel <anja.ruckdaesc...@rz.uni-regensburg.de> wrote:
> Dear Arran, > > Sorry, about the typo with debug > > I looked at the invalid packet counters. Only shows the requests with wrong > shared secrets in rejects-Counter ... Same thing.... The RADIUS server cannot determine whether the shared secret is correct for Access-Requests without the Message-Authenticator attribute. The User-Password field is decrypted incorrectly and so comparison with the REFERENCE password fails which is why they're seen as a reject. This isn't an issue with the server, it's an issue with the protocol. Accounting-Requests are validated using the Authenticator field and so you get the error message. Arran Cudbard-Bell <a.cudba...@freeradius.org> FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html