how to change the radius default testing123 password
I changed all instances of the password testing123, to a random password on both the StrongSwan server and the Radius server, and restarted the strongswan and radiusd services. However, this broke the connection to authenticate to the LDAP server, so I had to put it back to testing123 to get it to work again. How can I change the radius default testing123 password? Is there a command I need to run to do this? Thanks for any help with this. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how to change the radius default testing123 password
Clint Petty wrote: How can I change the radius default testing123 password? Is there a command I need to run to do this? Edit raddb/clients.conf. Look for testing123. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: how to change the radius default testing123 password
Hi Alan, Thanks for your reply. However, I have already changed the instances of the password testing123 in the following files: StrongSwan:/etc/strongswan/strongswan.conf Radius:/etc/raddb/proxy.conf Radius:/etc/raddb/sites-available/dynamic-clients Radius:/etc/raddb/sites-available/originate-coa Radius:/etc/raddb/sites-available/robust-proxy-accounting Radius:/etc/raddb/clients.conf After restarting the strongswan and radiusd service, I was not able to authenticate to my LDAP server, and had to change the entries back to testing123? What am I missing here? -Original Message- From: freeradius-users-bounces+cpetty=luthresearch@lists.freeradius.org [mailto:freeradius-users-bounces+cpetty=luthresearch@lists.freeradius.org] On Behalf Of Alan DeKok Sent: Wednesday, October 02, 2013 12:50 PM To: FreeRadius users mailing list Subject: Re: how to change the radius default testing123 password cpetty wrote: How can I change the radius default testing123 password? Is there a command I need to run to do this? Edit raddb/clients.conf. Look for testing123. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how to change the radius default testing123 password
Clint Petty wrote: Hi Alan, Thanks for your reply. However, I have already changed the instances of the password testing123 in the following files: StrongSwan:/etc/strongswan/strongswan.conf That's good. Radius:/etc/raddb/proxy.conf That's not good. The secret there is for home servers, not clients. I suggest changing it back. Radius:/etc/raddb/sites-available/dynamic-clients Radius:/etc/raddb/sites-available/originate-coa Radius:/etc/raddb/sites-available/robust-proxy-accounting That's not good. Those files are NOT used by the running server. I suggest changing it back. Radius:/etc/raddb/clients.conf That's good. After restarting the strongswan and radiusd service, I was not able to authenticate to my LDAP server, and had to change the entries back to testing123? What am I missing here? Well, it should work. What does the debug output say? That should tell you *exactly* what's going on. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: how to change the radius default testing123 password
Hi Alan, Ok, I just changed the StrongSwan:/etc/strongswan/strongswan.conf the Radius:/etc/raddb/clients.conf files, and left the other files with reference to testing123 alone. Restarted the strongswan radiusd services, and get the same error from my iphone, VPN Connection - User authentication failed. I started radiusd -X (debug mode), and get the following: rad_recv: Access-Request packet from host xx.xx.xx.79 port 49922, id=198, length=137 Received packet from xx.xx.xx.79 with invalid Message-Authenticator! (Shared secret is incorrect.) Dropping packet without response. Going to the next request Waking up in 0.9 seconds. Cleaning up request 7 ID 198 with timestamp +296 Ready to process requests. Repeats four times. -Original Message- From: freeradius-users-bounces+cpetty=luthresearch@lists.freeradius.org [mailto:freeradius-users-bounces+cpetty=luthresearch@lists.freeradius.org] On Behalf Of Alan DeKok Sent: Wednesday, October 02, 2013 2:02 PM To: FreeRadius users mailing list Subject: Re: how to change the radius default testing123 password Clint Petty wrote: Hi Alan, Thanks for your reply. However, I have already changed the instances of the password testing123 in the following files: StrongSwan:/etc/strongswan/strongswan.conf That's good. Radius:/etc/raddb/proxy.conf That's not good. The secret there is for home servers, not clients. I suggest changing it back. Radius:/etc/raddb/sites-available/dynamic-clients Radius:/etc/raddb/sites-available/originate-coa Radius:/etc/raddb/sites-available/robust-proxy-accounting That's not good. Those files are NOT used by the running server. I suggest changing it back. Radius:/etc/raddb/clients.conf That's good. After restarting the strongswan and radiusd service, I was not able to authenticate to my LDAP server, and had to change the entries back to testing123? What am I missing here? Well, it should work. What does the debug output say? That should tell you *exactly* what's going on. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how to change the radius default testing123 password
Hi, Thanks for your reply. However, I have already changed the instances of the password testing123 in the following files: if you are dealing with a shared secret between a NAS and the FreeRADIUS server, there are only 2 thigns to configure 1) the shared secret on the NAS - I would guess this is storngswan.conf for you 2) the shared secret in the clients.conf file - this is whats used to reference the incoming request from the NAS all other parts are system components eg proxy.conf has a default internal one - and if you were proxying to OTHER RADIUS servers, then you would change their entries IF you has set them to testing123 - most people wouldnt - they would use their own choices. of course, when thigns go wrong, run in full debug mode and see whats printed out when you connect via the NAS alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: how to change the radius default testing123 password
Hi Alan, Ok, I figured out why I wasn't able to change the testing123 password. I was surrounding the new random password in quotes. Once I removed the quotes, it worked. Clint -Original Message- From: freeradius-users-bounces+cpetty=luthresearch@lists.freeradius.org [mailto:freeradius-users-bounces+cpetty=luthresearch@lists.freeradius.org] On Behalf Of Alan DeKok Sent: Wednesday, October 02, 2013 2:02 PM To: FreeRadius users mailing list Subject: Re: how to change the radius default testing123 password Clint Petty wrote: Hi Alan, Thanks for your reply. However, I have already changed the instances of the password testing123 in the following files: StrongSwan:/etc/strongswan/strongswan.conf That's good. Radius:/etc/raddb/proxy.conf That's not good. The secret there is for home servers, not clients. I suggest changing it back. Radius:/etc/raddb/sites-available/dynamic-clients Radius:/etc/raddb/sites-available/originate-coa Radius:/etc/raddb/sites-available/robust-proxy-accounting That's not good. Those files are NOT used by the running server. I suggest changing it back. Radius:/etc/raddb/clients.conf That's good. After restarting the strongswan and radiusd service, I was not able to authenticate to my LDAP server, and had to change the entries back to testing123? What am I missing here? Well, it should work. What does the debug output say? That should tell you *exactly* what's going on. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: how to change the radius default testing123 password
hi, pretty definitive. incorrect shared secret - are you SURE that you havent got any white spaces etc lurking around? keep the shared secret in quotes if in doubt alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: how to change the radius default testing123 password
Alan, That was actually the problem. I surrounded the new password in quotes, and didn't like that. Once I removed the quotes, it worked! Clint -Original Message- From: freeradius-users-bounces+cpetty=luthresearch@lists.freeradius.org [mailto:freeradius-users-bounces+cpetty=luthresearch@lists.freeradius.org] On Behalf Of Alan Buxey Sent: Wednesday, October 02, 2013 3:31 PM To: FreeRadius users mailing list Subject: RE: how to change the radius default testing123 password hi, pretty definitive. incorrect shared secret - are you SURE that you havent got any white spaces etc lurking around? keep the shared secret in quotes if in doubt alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html