--On 21 November 2002 09:40 +0200 Angelos Karageorgiou <[EMAIL PROTECTED]> wrote:
Yes, we have that problem here... We're running FreeRADIUS 0.8, we have it 'talking' to three other companies / sites...Has anyone noticed freeradius giving errors for accounting packets with "Invalid shared secrets"?
Two of them work fine for both Auth, and Accouting. One remote system runs RADIATOR, the other two I don't know what they run, and can't find out [simply because, in their wisdom, they won't tell us].
For the third - auth works fine, accounting always shows "Invalid Signature". The people running the third system are not brilliantly helpful. They insist they've thoroughly checked their side, and they are signing the packets with the same shared secret as the Auth packets (which work fine).
Ours always does this with no regard to load, but to only 1 out of 3 systems. Interestingly, the people using RADITOR also talk to the 3rd problem site, and don't have the same problem with it (and we can talk to that RADIATOR site fine).Sometimes , mostly under heavy load, both radiuses nag about "invalid shared secret" which goes away after a while.
I've got tcpdump's here - I'm not sure (because of the way the secrets work) that you can do anything with them, other than tell whether or not the packet was signed with the one you have (i.e. you can't tell what secret was used to sign a packet, only that it does or doesn't match yours). Be interesting to know if you could run this test outside FreeRADIUS (i.e. "Heres a packet, does it have a valid signature?").I have not been able to pinpoint the problem, yet I will try to tcpdump and grab the raw data, I was just wondering if anyone has seen this behaviour in the wild.
Theres another guy on the list at the moment, who also has problems with "Invalid Signature" - but he's also battling port number problems as well...
-Kp
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
