Hi, > I have been asked if our Riverbed console users can also be authenticated > through freeRadius. Riverbed has RiOS running, which is almost Cisco IOS and > a Radius Server can be configured so I did. In freeRadius I added the > Riverbed as client but unfortunately it was not that easy (is it ever?). > > rad_recv: Access-Request packet from host 10.1.1.27 port 9538, id=37, > length=71 > User-Name = "username" > User-Password = "/\227\334\377\374\302\343\204\345\001'O\227" > NAS-Identifier = "webasd" > NAS-Port = 8513 > NAS-Port-Type = Virtual > Service-Type = Authenticate-Only > > That is not the password I entered, my conclusion is that Riverbed encrypts > the password before the entire request is encrypted using the shared secret.
This looks like a typical case of shared secret mismatch. Are you *sure* that the shared secret is exactly the same on RiOS and FreeRADIUS? > I cannot find a way to change how Riverbed sends the request, though I am > writing a ticket there as well. My question to you, can freeRadius work with > encrypted passwords? It can, in a multitude of ways. None of these ways is about en-/dycrypting the password within the User-Password attribute though. That is very odd. My strong guess is a shared secret mismatch instead. Greetings, Stefan Winter -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473
signature.asc
Description: OpenPGP digital signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
