Hi Alan, Ok I understand what you're saying.
I'm just copy-pasting the secret-key to the clients.conf: client x.x.x.x/16 { secret = <secret key with special characters in it> shortname = private-network-2 } You're saying that the only reason for this failure is wrong secret key? In other words they gave me the wrong secret. Regards, Shurbann Martes On Sun, Mar 18, 2012 at 4:20 PM, Alan DeKok <al...@deployingradius.com>wrote: > Shurbann Martes wrote: > > The problem is when FreeRADIUS receives a Accounting-Request it drops > > the packet without response due to a problem with the signature: > > > > rad_recv: Accounting-Request packet from host x.x.x.x port 64514, id=1, > > length=287 > > Received Accounting-Request packet from x.x.x.x with invalid signature! > > (Shared secret is incorrect.) Dropping packet without response. > > That message is pretty clear. > > > The Access-Request are ok: > > No, they're not. > > > rad_recv: Access-Request packet from host x.x.x.x port 64986, id=236, > > length=102 > > User-Name = "test" > > User-Password = "\2517Rq\2308Uv\"\204\220\341\377\244(\363" > > The password is garbage. This means that the shared secret is wrong. > > > [files] users: Matched entry DEFAULT at line 61 > > In which you set "Auth-Type := Accept", which doesn't check the password. > > > The shared secret key has special characters in it such as $-sign and > > /-sign. > > If you enter it correctly, that should work. > > So.. you probably didn't enter it correctly. > > > The client is a Juniper NAS. > > > > These are the questions I have: > > > > * Any issues with FreeRADIUS Accounting-Request in combination with > > a secret key containing special characters? > > No. > > > * Why is the access-request having no issues with these special > > characters? > > Because you edited the default configuration and broke it. > > > * Anyone bumped into a similar problems in combination with a > > juniper NAS > > No. This isn't a Juniper problem. > > > * Is there a way to figure out the secret-key the client is using? > > No. > > Try using a simple shared secret. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html