Re: Invalid Signature
Didn't recall anything about Invalid Signature in FAQ. I searched on google and found couple of references mentioning the problem regards to mismatch of shared secrets between NAS and clients.conf, suggesting retype of secrets. FAQ also mentions that if shared secrets don't match, the password will be garbled. But when I do the radtest, the password shows correct. And strangely, before it authenticated fine, but now it won't. Because you use CHAP to authenticate, it is fine, if you use PAP, the password shows incorrect. Whenever, if you mismatch shared secrets between NAS and freeRADIUS, the accounting request will report Invalid Signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Invalid Signature
Squirrel User [EMAIL PROTECTED] wrote: Didn't recall anything about Invalid Signature in FAQ. I searched on google and found couple of references mentioning the problem regards to mismatch of shared secrets between NAS and clients.conf, suggesting retype of secrets. FAQ also mentions that if shared secrets don't match, the password will be garbled. Invalid signature means that the shared secret is wrong. But when I do the radtest, the password shows correct. And strangely, before it authenticated fine, but now it won't. Passwords aren't sent in accounting packets. Try sending the server accounting packets. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Invalid Signature
I have this same problem with one of my radius servers. I've checked, and re-checked the shared secrets and they match. Also, if they didn't match then I wouldn't be able to authenticate on the server as the passwords would be garbled. Correct? The users are able to authenticate fine however.. It's very odd.. It's not really a big deal in my situation because all the accounting is handled by the proxy server. Just an annoyance to have the errors shown in the logs. They look something like this.. Sat Mar 29 13:41:42 2003 : Error: Received Accounting-Response packet from 1.2.3.4 with invalid signature! Darren Alan DeKok wrote: Squirrel User [EMAIL PROTECTED] wrote: Didn't recall anything about Invalid Signature in FAQ. I searched on google and found couple of references mentioning the problem regards to mismatch of shared secrets between NAS and clients.conf, suggesting retype of secrets. FAQ also mentions that if shared secrets don't match, the password will be garbled. Invalid signature means that the shared secret is wrong. But when I do the radtest, the password shows correct. And strangely, before it authenticated fine, but now it won't. Passwords aren't sent in accounting packets. Try sending the server accounting packets. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Invalid Signature
Never mind the Login Incorrect Part, that's in my error. But still can't find any reference to invalid signature!. Quoting Squirrel User [EMAIL PROTECTED]: FreeBSD 5.0 and FreeRadius 0.8.1, worked fine with radtest so decided to do a live test in production and almost got fired. I'm getting the error messages below, and dialup users can login. But seems ISDN users on max3 are logging in fine. Also, don't have problem with DNS as it says can't resolve hostname. Thanks for help. nas1 = cisco, max1 = max40xx, max3 = max40xx 204.118.38.10 = max1 Error: Received Accounting-Request packet from 204.118.38.10 with invalid signature! Auth: Login incorrect: [stewart/mypass] (from client nas1 port 176) Error: Accounting: logout: login entry for NAS max1 port 34 not found Auth: Login incorrect: [honda/mycar] (from client max3 port 20223) Error: /usr/local/etc/raddb/radiusd.conf[13]: Failed to look up hostname nas1.isot.com - This mail sent through ISOT. To find out more about ISOT, visit http://isot.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - This mail sent through ISOT. To find out more about ISOT, visit http://isot.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Invalid Signature
FreeBSD 5.0 and FreeRadius 0.8.1, worked fine with radtest so decided to do a live test in production and almost got fired. I'm getting the error messages below, and dialup users can login. But seems ISDN users on max3 are logging in fine. Also, don't have problem with DNS as it says can't resolve hostname. Thanks for help. nas1 = cisco, max1 = max40xx, max3 = max40xx 204.118.38.10 = max1 Error: Received Accounting-Request packet from 204.118.38.10 with invalid signature! Auth: Login incorrect: [stewart/mypass] (from client nas1 port 176) Error: Accounting: logout: login entry for NAS max1 port 34 not found Auth: Login incorrect: [honda/mycar] (from client max3 port 20223) Error: /usr/local/etc/raddb/radiusd.conf[13]: Failed to look up hostname nas1.isot.com - This mail sent through ISOT. To find out more about ISOT, visit http://isot.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
invalid signature and no proper chap pwd
Hi everybody, i have a problem when i run radtest. i do: ./radtest -d /usr/local/etc/raddb/ user password localhost:1812 1900 auth testing123 but i get Access reject packet from host 127.0.0.1:1812 Reply-Message = Hello %u The only problem i can see from the radiusd output is rlm_chap: Could not find proper Chap-Passwords attribute in request module chap returns noop What am i doing wrong? i set the file users, the file proxy.conf and the file radiusd.conf. thanks for your help - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
invalid signature
Version: freeRadius 0.7.1 Error: Received Accounting-Request packet from xx.xxx.x.xx with invalid signature! scrounged around the mailing list for this one, and the only things i came up with are: 1) re-enter the secret 2) update the firmware neither of these did it. we are using US Robotics total control hubs and the firmware has been updated as of a couple of weeks ago it currently authenticates users correctly, its just the accounting that isn't working. its also using the older radius ports, but editing /etc/services patched that. is there something else to try? is there a patch to get freeRadius to check the signature validity for the 'broken' models? (or just to turn off the signature check till something better is figured out.) we do have some outdated commercial radius software that is working just fine, but its a little too light on the features. the older radius software is accounting just fine, as well as authenticating. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: invalid signature
On Tuesday 03 December 2002 04:15 pm, Ray wrote: Version: freeRadius 0.7.1 Error: Received Accounting-Request packet from xx.xxx.x.xx with invalid signature! we are using US Robotics total control hubs and the firmware has been updated as of a couple of weeks ago it currently authenticates users correctly, its just the accounting that isn't working... We had this same problem with our Total Control units and were positive the secrets were correct in the 'clients.conf' file. 3Com's suggestion was to re-enter the secrets on the ARCs. We didn't think it would work, but it did. --Josh Snyder, Linux/UNIX Systems Administrator NetNITCO Internet Services [EMAIL PROTECTED] http://www.netnitco.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: invalid signature
yeap, that was the answer. we changed only the accounting_secondary, but we missed that the secondary also has an accounting_secondary secret. now its just a bunch of errors about logout without a login record, but i'm guessing that will just work its self out. On Tuesday 03 December 2002 4:13, you wrote: On Tuesday 03 December 2002 04:15 pm, Ray wrote: Version: freeRadius 0.7.1 Error: Received Accounting-Request packet from xx.xxx.x.xx with invalid signature! we are using US Robotics total control hubs and the firmware has been updated as of a couple of weeks ago it currently authenticates users correctly, its just the accounting that isn't working... We had this same problem with our Total Control units and were positive the secrets were correct in the 'clients.conf' file. 3Com's suggestion was to re-enter the secrets on the ARCs. We didn't think it would work, but it did. --Josh Snyder, Linux/UNIX Systems Administrator NetNITCO Internet Services [EMAIL PROTECTED] http://www.netnitco.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: invalid signature
On Tuesday 03 December 2002 05:04 pm, Ray wrote: now its just a bunch of errors about logout without a login record, but i'm guessing that will just work its self out. Yeah, just ride out that storm and you'll be good to go. --Josh Snyder, Linux/UNIX Systems Administrator NetNITCO Internet Services [EMAIL PROTECTED] http://www.netnitco.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Invalid Signature
Can anyone tell me why my NAS keeps sending those packets? As I told before I have a Total Control as my NAS rad_recv: Accounting-Request packet from host x:1646, id=70, length=90 Received Accounting-Request packet from x with invalid signature! Server rejecting request 1. Finished request 1 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Invalid Signature
Bad shared secret? Drew -Original Message- From: Jamil Buchalla Neto [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 20, 2002 4:22 PM To: [EMAIL PROTECTED] Subject: Invalid Signature Can anyone tell me why my NAS keeps sending those packets? As I told before I have a Total Control as my NAS rad_recv: Accounting-Request packet from host x:1646, id=70, length=90 Received Accounting-Request packet from x with invalid signature! Server rejecting request 1. Finished request 1 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Invalid Signature
Changing all the ports to 1813 didn't worked. the radiusd is still receiving those accouting requests into the 1646 port. I wish to know from where they are comming. Jamil Buchalla Neto wrote: Drew Weaver wrote: Bad shared secret? The secret is right. I can login with normal users and everything is working. And the accouting server is on port 1813 that are the new ports of radius. Only the primary is seted. Primary Server is: xxx.xxx.xxx.xxx Primary First Backup Server is:0.0.0.0 Primary Second Backup Server is: 0.0.0.0 Primary Destination Port is: 1813 Primary First Backup Destination Port: 1646 Primary Second Backup Destination Port:1646 I'll try to change those ports to the new one and see what happens - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius 0.7.0 -- Accounting-Request packet with invalid signature
Freeradius Users - The University of the Virgin Islands is running freeradius version 0.7.0 on Red Hat 7.2. To install, I built a source rpm using the spec file provided with a few modifications. I've configured rlm_ldap to authorize and authenticate remote users that dial in to a Livingston Portmaster Communications Server. To install, I built a source rpm using the spec file provided with a few modifications. Everything works great, but when a user connects or disconnects, I get the following error in /var/log/radius/radius.log: . . . Thu Sep 26 09:45:54 2002 : Error: Received Accounting-Request packet from 10.96.2.11 with invalid signature! . . . Freeradius also dies mysteriously (with no exit status) and I suspect it may be related to this error. I'm building a new RPM from the latest release, freeradius-0.7.1 in an effort to correct this problem. Configuration files and setup available upon request. Thank you for your attention to this matter. -- Jeremy Hasty Consultant - Network Operations University of the Virgin Islands Information Technology Department Email: [EMAIL PROTECTED] Phone: 340.693.1537 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: invalid signature
Gillou [EMAIL PROTECTED] wrote: In debug mode i see these messages :=20 Received Accounting-Request packed from IP with invalid signature! what does it mean ? Have you read the FAQ? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: invalid signature
On Sat, Jan 26, 2002 at 08:02:45AM -1000, Gillou wrote: In debug mode i see these messages :=20 Received Accounting-Request packed from IP with invalid signature! what does it mean ? Have you read the FAQ? Alan DeKok. Yes I read the FAQ and I can't find anything concerning Accounting packet with invalid signature In my experience, this has meant that I had the wrong secret for the client attempting to access the server. Bill -- INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC UUCP: camco!bill PO Box 820; 6641 E. Mercer Way FAX:(206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676 URL: http://www.celestial.com/ Instead of giving money to found colleges to promote learning, why don't they pass a constitutional amendment prohibiting anybody from learning anything? If it works as good as the Prohibition one did, why, in five years we would have the smartest race of people on earth. -- The Best of Will Rogers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: invalid signature
You're right, after changing the secret on the NAS ( with the same one ! ) I can't see any invalid signature Thanks a lot Le Samedi 26 Janvier 2002 08:10, vous avez écrit : On Sat, Jan 26, 2002 at 08:02:45AM -1000, Gillou wrote: In debug mode i see these messages :=20 Received Accounting-Request packed from IP with invalid signature! what does it mean ? Have you read the FAQ? Alan DeKok. Yes I read the FAQ and I can't find anything concerning Accounting packet with invalid signature In my experience, this has meant that I had the wrong secret for the client attempting to access the server. Bill -- Gilles HAUTZ MANA S.A., APNIC MemberIAP/ISP of Tahiti and her Islands Box 14 174 Arue - 98701 TAHITI - FRENCH POLYNESIA Phone : (689) 50 88 88 - Fax : (689) 50 88 89 E-mail : [EMAIL PROTECTED] http://www.mana.pf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting-Request packet with invalid signature!
jason [EMAIL PROTECTED] wrote: Hmm, I think I'm seeing something different occur.. my authentication works fine ( as long as the server is able to stay up ) but I'm getting and accounting request error, but not an error from auth. Any ideas here? I have pretty much the same comments. Maybe the signature IS bad. Maybe there's a race condition that happens only under high load. Well it doesn't just happen under high load, in this case. It seems to be related to the equipment of some of the termservers, because I have another termserver ( Livingston ) that works fine. Anyway the troublesome ones are TC1 is a USR Total Control (old version) Netserver card. TC2..TC6 is a USR Total Control (new version) HiPerArc card. And if I recall correctly these worked fine with stock 1.6.4 Cistron server.. Unfortunately, I wasn't the one that set up that particular server, so I don't know as much about howit was set up. Any help is appreciated. -jason - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Accounting-Request packet with invalid signature!
jason [EMAIL PROTECTED] wrote: Hmm, I think I'm seeing something different occur.. my authentication works fine ( as long as the server is able to stay up ) but I'm getting and accounting request error, but not an error from auth. Any ideas here? I have pretty much the same comments. Maybe the signature IS bad. Maybe there's a race condition that happens only under high load. Well it doesn't just happen under high load, in this case. It seems to be related to the equipment of some of the termservers, because I have another termserver ( Livingston ) that works fine. Anyway the troublesome ones are TC1 is a USR Total Control (old version) Netserver card. TC2..TC6 is a USR Total Control (new version) HiPerArc card. And if I recall correctly these worked fine with stock 1.6.4 Cistron server.. Unfortunately, I wasn't the one that set up that particular server, so I don't know as much about howit was set up. Any help is appreciated. hmm i think actually it may just be the newer models of the Total Control Unit spewing that message.. TC1 seems to be sending accounting packets just fine.. -jason - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html