We always get this: Mon Apr 1 15:14:24 2002 : Error: Received packet from 128.206.95.215 with invalid Message-Authenticator!
The password is hard-coded into the users profile in the raddb file and we've quadruple-checked the RADIUS shared secret. The NAS is a Nortel Business Policy Switch 2000 and the EAP client is a Windows XP laptop (username gilpina, password datiswak, domain [NULL]). Server is a Slackware 7.1 box running FreeRADIUS 0.5 (release version). Ideas? Here's the section of the /usr/local/etc/raddb/users file for this user: gilpina Auth-Type := EAP, User-Password == "datiswak" Port-Priority = Platinum, Tunnel-Private-Group-Id = "201", Tunnel-Type = 13, Tunnel-Medium-Type = 6, Service-Type = Framed, NAS-Port-Type = Ethernet Here's what "radiusd -X -y" shows: Module: Instantiated unix (unix) Module: Loaded preprocess preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" preprocess: hints = "/usr/local/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated prepro^[[A^[[A root@dnps-linux1:/var/log/radius# killall radiusd root@dnps-linux1:/var/log/radius# cd root@dnps-linux1:~# cat radiusd.debug.log Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/var" main: logdir = "/var/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/var/log/radius/radacct" main: hostname_lookups = no read_config_files: reading dictionary read_config_files: reading clients read_config_files: reading realms read_config_files: reading naslist main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 10240 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_auth = yes main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/var/run/radiusd.pid" main: user = "root" main: group = "root" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 security: max_attributes = 200 security: reject_delay = 1 main: debug_level = 0 read_config_files: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded eap eap: default_eap_type = "md5" eap: timer_expire = 60 rlm_eap: Loaded and initialized the type md5 Module: Instantiated eap (eap) Module: Loaded Pam pam: pam_auth = "radiusd" Module: Instantiated pam (pam) Module: Loaded System unix: cache = yes unix: passwd = "/etc/passwd" unix: shadow = "/etc/shadow" unix: group = "/etc/group" unix: radwtmp = "/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 HASH: Reinitializing hash structures and lists for caching... HASH: user root found in hashtable bucket 11726 HASH: user bin found in hashtable bucket 86651 HASH: user daemon found in hashtable bucket 11668 HASH: user adm found in hashtable bucket 26466 HASH: user lp found in hashtable bucket 54068 HASH: user sync found in hashtable bucket 42895 HASH: user shutdown found in hashtable bucket 71746 HASH: user halt found in hashtable bucket 7481 HASH: user mail found in hashtable bucket 79471 HASH: user news found in hashtable bucket 5375 HASH: user uucp found in hashtable bucket 38541 HASH: user operator found in hashtable bucket 21748 HASH: user games found in hashtable bucket 47657 HASH: user ftp found in hashtable bucket 56226 HASH: user gdm found in hashtable bucket 50360 HASH: user nobody found in hashtable bucket 99723 HASH: user mcnuttj found in hashtable bucket 94877 HASH: user rohrss found in hashtable bucket 6971 HASH: user jscan found in hashtable bucket 11447 HASH: user gravess found in hashtable bucket 76481 HASH: user graves found in hashtable bucket 64346 HASH: user robertsmj found in hashtable bucket 85394 HASH: user ridgwaye found in hashtable bucket 84016 HASH: user irovicd found in hashtable bucket 10630 HASH: user gilpina found in hashtable bucket 40370 HASH: user blackwellta found in hashtable bucket 34722 HASH: user simmonsw found in hashtable bucket 1161 HASH: user waageb found in hashtable bucket 10993 HASH: user perryd found in hashtable bucket 21500 HASH: user Manager found in hashtable bucket 3361 HASH: user northt found in hashtable bucket 21647 HASH: Stored 31 entries from /etc/passwd HASH: Stored 23 entries from /etc/group Module: Instantiated unix (unix) Module: Loaded preprocess preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" preprocess: hints = "/usr/local/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/usr/local/etc/raddb/users" files: acctusersfile = "/usr/local/etc/raddb/acct_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded detail detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail" detail: detailperm = 384 detail: dirperm = 493 Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) main: smux_password = "" main: snmp_write_access = no SMUX connect try 1 Can't connect to SNMP agent with SMUX: Connection refused Initializing the thread pool... thread: start_servers = 5 thread: max_servers = 32 thread: min_spare_servers = 3 thread: max_spare_servers = 10 thread: max_requests_per_server = 0 thread: cleanup_delay = 5 Thread 1 waiting to be assigned a request Thread spawned new child 1. Total threads in pool: 1 Thread spawned new child 2. Total threads in pool: 2 Thread 2 waiting to be assigned a request Thread 3 waiting to be assigned a request Thread spawned new child 3. Total threads in pool: 3 Thread 4 waiting to be assigned a request Thread spawned new child 4. Total threads in pool: 4 Thread spawned new child 5. Total threads in pool: 5 Listening on IP address *, ports 1645/udp and 1646/udp, with proxy on 1647/udp. Ready to process requests. Thread 5 waiting to be assigned a request rad_recv: Access-Request packet from host 128.206.95.215:1024, id=14, length=111 Thread 1 assigned request 0 SMUX connect try 2 Thread 1 handling request 0, (1 handled so far) Received packet from 128.206.95.215 with invalid Message-Authenticator! Server rejecting request 0. Finished request 0 Going to the next request Thread 1 waiting to be assigned a request Can't connect to SNMP agent with SMUX: Connection refused --- Walking the entire request list --- Threads: total/active/spare threads = 5/0/5 Waking up in 1 seconds... SMUX connect try 3 Can't connect to SNMP agent with SMUX: Connection refused --- Walking the entire request list --- Waking up in 1 seconds... rad_recv: Access-Request packet from host 128.206.95.215:1024, id=14, length=111 Sending duplicate authentication reply to client 128.206.95.215:1024 - ID: 14 Sending Access-Reject of id 14 to 128.206.95.215:1024 --- Walking the entire request list --- Sending Access-Reject of id 14 to 128.206.95.215 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 14 with timestamp 3ca8cf3d Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 128.206.95.215:1024, id=15, length=111 Thread 2 assigned request 2 Thread 2 handling request 2, (1 handled so far) Received packet from 128.206.95.215 with invalid Message-Authenticator! Server rejecting request 2. Finished request 2 Going to the next request Thread 2 waiting to be assigned a request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... rad_recv: Access-Request packet from host 128.206.95.215:1024, id=15, length=111 Sending duplicate authentication reply to client 128.206.95.215:1024 - ID: 15 Sending Access-Reject of id 15 to 128.206.95.215:1024 --- Walking the entire request list --- Sending Access-Reject of id 15 to 128.206.95.215 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 2 ID 15 with timestamp 3ca8cf6b Nothing to do. Sleeping until we see a request. MASTER: exit. Later... Justin McNutt Network Systems Analyst - Expert DNPS, Mizzou Telecom (573) 882-5183 One IP to rule them all, one IP to find them, One IP to bring them all, and in the darkness BIND them, In the land of Ether, where the packets fly. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html