Never mind. I'm a dumb ass. I had a duplicate entry for this NAS in /usr/local/etc/raddb/clients which was screwing things up (it had a different shared secret).
So I'm stupid. It works fine. I'm going home. :-P --J > -----Original Message----- > From: McNutt, Justin M. > Sent: Monday, April 01, 2002 3:32 PM > To: [EMAIL PROTECTED] > Subject: EAP-MD5 - Can't seem to get it working. > > > We always get this: > > Mon Apr 1 15:14:24 2002 : Error: Received packet from > 128.206.95.215 with invalid Message-Authenticator! > > The password is hard-coded into the users profile in the > raddb file and we've quadruple-checked the RADIUS shared > secret. The NAS is a Nortel Business Policy Switch 2000 and > the EAP client is a Windows XP laptop (username gilpina, > password datiswak, domain [NULL]). Server is a Slackware 7.1 > box running FreeRADIUS 0.5 (release version). > > Ideas? > > Here's the section of the /usr/local/etc/raddb/users file for > this user: > > gilpina Auth-Type := EAP, User-Password == "datiswak" > Port-Priority = Platinum, > Tunnel-Private-Group-Id = "201", > Tunnel-Type = 13, > Tunnel-Medium-Type = 6, > Service-Type = Framed, > NAS-Port-Type = Ethernet > > Here's what "radiusd -X -y" shows: > > Module: Instantiated unix (unix) > Module: Loaded preprocess > preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" > preprocess: hints = "/usr/local/etc/raddb/hints" > preprocess: with_ascend_hack = no > preprocess: ascend_channels_per_line = 23 > preprocess: with_ntdomain_hack = no > preprocess: with_specialix_jetstream_hack = no > preprocess: with_cisco_vsa_hack = no > Module: Instantiated prepro^[[A^[[A > root@dnps-linux1:/var/log/radius# killall radiusd > root@dnps-linux1:/var/log/radius# cd > root@dnps-linux1:~# cat radiusd.debug.log > Starting - reading configuration files ... > reread_config: reading radiusd.conf > Config: including file: /usr/local/etc/raddb/proxy.conf > Config: including file: /usr/local/etc/raddb/clients.conf > Config: including file: /usr/local/etc/raddb/snmp.conf > Config: including file: /usr/local/etc/raddb/sql.conf > main: prefix = "/usr/local" > main: localstatedir = "/var" > main: logdir = "/var/log/radius" > main: libdir = "/usr/local/lib" > main: radacctdir = "/var/log/radius/radacct" > main: hostname_lookups = no > read_config_files: reading dictionary > read_config_files: reading clients > read_config_files: reading realms > read_config_files: reading naslist > main: max_request_time = 30 > main: cleanup_delay = 5 > main: max_requests = 10240 > main: delete_blocked_requests = 0 > main: port = 0 > main: allow_core_dumps = no > main: log_stripped_names = no > main: log_auth = yes > main: log_auth_badpass = no > main: log_auth_goodpass = no > main: pidfile = "/var/run/radiusd.pid" > main: user = "root" > main: group = "root" > main: usercollide = no > main: lower_user = "no" > main: lower_pass = "no" > main: nospace_user = "no" > main: nospace_pass = "no" > main: proxy_requests = yes > proxy: retry_delay = 5 > proxy: retry_count = 3 > proxy: synchronous = no > proxy: default_fallback = yes > proxy: dead_time = 120 > security: max_attributes = 200 > security: reject_delay = 1 > main: debug_level = 0 > read_config_files: entering modules setup > Module: Library search path is /usr/local/lib > Module: Loaded eap > eap: default_eap_type = "md5" > eap: timer_expire = 60 > rlm_eap: Loaded and initialized the type md5 > Module: Instantiated eap (eap) > Module: Loaded Pam > pam: pam_auth = "radiusd" > Module: Instantiated pam (pam) > Module: Loaded System > unix: cache = yes > unix: passwd = "/etc/passwd" > unix: shadow = "/etc/shadow" > unix: group = "/etc/group" > unix: radwtmp = "/var/log/radius/radwtmp" > unix: usegroup = no > unix: cache_reload = 600 > HASH: Reinitializing hash structures and lists for caching... > HASH: user root found in hashtable bucket 11726 > HASH: user bin found in hashtable bucket 86651 > HASH: user daemon found in hashtable bucket 11668 > HASH: user adm found in hashtable bucket 26466 > HASH: user lp found in hashtable bucket 54068 > HASH: user sync found in hashtable bucket 42895 > HASH: user shutdown found in hashtable bucket 71746 > HASH: user halt found in hashtable bucket 7481 > HASH: user mail found in hashtable bucket 79471 > HASH: user news found in hashtable bucket 5375 > HASH: user uucp found in hashtable bucket 38541 > HASH: user operator found in hashtable bucket 21748 > HASH: user games found in hashtable bucket 47657 > HASH: user ftp found in hashtable bucket 56226 > HASH: user gdm found in hashtable bucket 50360 > HASH: user nobody found in hashtable bucket 99723 > HASH: user mcnuttj found in hashtable bucket 94877 > HASH: user rohrss found in hashtable bucket 6971 > HASH: user jscan found in hashtable bucket 11447 > HASH: user gravess found in hashtable bucket 76481 > HASH: user graves found in hashtable bucket 64346 > HASH: user robertsmj found in hashtable bucket 85394 > HASH: user ridgwaye found in hashtable bucket 84016 > HASH: user irovicd found in hashtable bucket 10630 > HASH: user gilpina found in hashtable bucket 40370 > HASH: user blackwellta found in hashtable bucket 34722 > HASH: user simmonsw found in hashtable bucket 1161 > HASH: user waageb found in hashtable bucket 10993 > HASH: user perryd found in hashtable bucket 21500 > HASH: user Manager found in hashtable bucket 3361 > HASH: user northt found in hashtable bucket 21647 > HASH: Stored 31 entries from /etc/passwd > HASH: Stored 23 entries from /etc/group > Module: Instantiated unix (unix) > Module: Loaded preprocess > preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" > preprocess: hints = "/usr/local/etc/raddb/hints" > preprocess: with_ascend_hack = no > preprocess: ascend_channels_per_line = 23 > preprocess: with_ntdomain_hack = no > preprocess: with_specialix_jetstream_hack = no > preprocess: with_cisco_vsa_hack = no > Module: Instantiated preprocess (preprocess) > Module: Loaded realm > realm: format = "suffix" > realm: delimiter = "@" > Module: Instantiated realm (suffix) > Module: Loaded files > files: usersfile = "/usr/local/etc/raddb/users" > files: acctusersfile = "/usr/local/etc/raddb/acct_users" > files: compat = "no" > Module: Instantiated files (files) > Module: Loaded detail > detail: detailfile = > "/var/log/radius/radacct/%{Client-IP-Address}/detail" > detail: detailperm = 384 > detail: dirperm = 493 > Module: Instantiated detail (detail) > Module: Loaded radutmp > radutmp: filename = "/var/log/radius/radutmp" > radutmp: username = "%{User-Name}" > radutmp: perm = 384 > radutmp: callerid = yes > Module: Instantiated radutmp (radutmp) > main: smux_password = "" > main: snmp_write_access = no > SMUX connect try 1 > Can't connect to SNMP agent with SMUX: Connection refused > Initializing the thread pool... > thread: start_servers = 5 > thread: max_servers = 32 > thread: min_spare_servers = 3 > thread: max_spare_servers = 10 > thread: max_requests_per_server = 0 > thread: cleanup_delay = 5 > Thread 1 waiting to be assigned a request > Thread spawned new child 1. Total threads in pool: 1 > Thread spawned new child 2. Total threads in pool: 2 > Thread 2 waiting to be assigned a request > Thread 3 waiting to be assigned a request > Thread spawned new child 3. Total threads in pool: 3 > Thread 4 waiting to be assigned a request > Thread spawned new child 4. Total threads in pool: 4 > Thread spawned new child 5. Total threads in pool: 5 > Listening on IP address *, ports 1645/udp and 1646/udp, with > proxy on 1647/udp. > Ready to process requests. > Thread 5 waiting to be assigned a request > rad_recv: Access-Request packet from host > 128.206.95.215:1024, id=14, length=111 > Thread 1 assigned request 0 > SMUX connect try 2 > Thread 1 handling request 0, (1 handled so far) > Received packet from 128.206.95.215 with invalid > Message-Authenticator! > Server rejecting request 0. > Finished request 0 > Going to the next request > Thread 1 waiting to be assigned a request > Can't connect to SNMP agent with SMUX: Connection refused > --- Walking the entire request list --- > Threads: total/active/spare threads = 5/0/5 > Waking up in 1 seconds... > SMUX connect try 3 > Can't connect to SNMP agent with SMUX: Connection refused > --- Walking the entire request list --- > Waking up in 1 seconds... > rad_recv: Access-Request packet from host > 128.206.95.215:1024, id=14, length=111 > Sending duplicate authentication reply to client > 128.206.95.215:1024 - ID: 14 > Sending Access-Reject of id 14 to 128.206.95.215:1024 > --- Walking the entire request list --- > Sending Access-Reject of id 14 to 128.206.95.215 > Waking up in 4 seconds... > --- Walking the entire request list --- > Cleaning up request 0 ID 14 with timestamp 3ca8cf3d > Nothing to do. Sleeping until we see a request. > rad_recv: Access-Request packet from host > 128.206.95.215:1024, id=15, length=111 > Thread 2 assigned request 2 > Thread 2 handling request 2, (1 handled so far) > Received packet from 128.206.95.215 with invalid > Message-Authenticator! > Server rejecting request 2. > Finished request 2 > Going to the next request > Thread 2 waiting to be assigned a request > --- Walking the entire request list --- > Waking up in 1 seconds... > --- Walking the entire request list --- > Waking up in 1 seconds... > rad_recv: Access-Request packet from host > 128.206.95.215:1024, id=15, length=111 > Sending duplicate authentication reply to client > 128.206.95.215:1024 - ID: 15 > Sending Access-Reject of id 15 to 128.206.95.215:1024 > --- Walking the entire request list --- > Sending Access-Reject of id 15 to 128.206.95.215 > Waking up in 4 seconds... > --- Walking the entire request list --- > Cleaning up request 2 ID 15 with timestamp 3ca8cf6b > Nothing to do. Sleeping until we see a request. > MASTER: exit. > > Later... > > Justin McNutt > Network Systems Analyst - Expert > DNPS, Mizzou Telecom > (573) 882-5183 > > One IP to rule them all, one IP to find them, > One IP to bring them all, and in the darkness BIND them, > In the land of Ether, where the packets fly. > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html