At 08:52 AM 5/31/2002 +0200, Simon wrote:
>On Thu, May 30, 2002 at 07:14:14PM -0500, Nick Davis wrote:
>
>[...]
>
> > root@localhost# radtest radman2 testing localhost 10 <sekret> 2 <NAS
> hostname>
> > Sending Access-Request of id 128 to 127.0.0.1:1812
> > User-Name = "radman2"
> > User-Password = "\2529M\234\353,\006w\2657K\346m\301\022@"
> > NAS-IP-Address = <NAS hostname>
> > NAS-Port-Id = "10"
> > Framed-Protocol = PPP
> > rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=128, length=20
> > rad_decode: Received Access-Reject packet from 127.0.0.1 with invalid
> > signature! ^^^^^^^
> ^^^^^^^^^
>
>Are you _really really_ sure you have your shared secret correct? Both
>the "invalid signature" error radtest gives and the warning from radiusd
>indicate that the shared secrets don't match.
>Could you paste the relevant section from raddb/clients.conf?
It is most likely just really old code on the NAS. Quite a few NAS
in older code revs didn't sign Accounting-Request packets properly.
Livingston Portmasters were one. I'd highly recommend looking at
upgrading the NAS code as the suspect here.
Also, if this is an older Ascend box, Ascend didn't quite follow the RFC
method of encrypting PAP passwords when sending to the NAS ( they added
additional NULL pads ). Newer Ascend/Lucent allow you to switch to an
RFC compliant mode.
-Chris
--
\\\|||/// \ StarNet Inc. \ Chris Parker
\ ~ ~ / \ WX *is* Wireless! \ Director, Engineering
| @ @ | \ http://www.starnetwx.net \ (847) 963-0116
oOo---(_)---oOo--\------------------------------------------------------
\ Wholesale Internet Services - http://www.megapop.net
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
