[Jradius] JRadius Proxy mangles User-Password
murray at skyrove.com
Thu Aug 19 13:11:13 UTC 2010
Hi David, Jradius LIst,
After further testing I'm doubting this is a shared secret problem:
If I intentionally send the wrong shared secret from client-->Jradius,
Jradius gives me and error saying:
"Bad RadSec tunnel shared secret, set to radsec"
If I intentionally set the wrong shared secret for the Jradius-->freeradius
connection, freeradius gives me an error saying:
"Received packet from 127.0.0.1 with invalid Message-Authenticator! (Shared
secret is incorrect.) Dropping packet without response."
If I use the correct shared secrets on both sides, I get no error messages,
only garbled passwords.
Is there any way to get Jradius to log packets before it proxys them? So I
can at least isolate the problem to the client-->jradius connection or the
On Thu, Aug 19, 2010 at 8:21 AM, wlanmac <wlan at mac.com> wrote:
> The User-Password is always encoded ("encrypted") with the shared secret
> on the wire. Changes are that there is a shared secret mix up
> On Wed, 2010-08-18 at 17:31 +0200, Murray Long wrote:
> > Hi Everyone,
> > I'm trying to set up JRadius to accept Radsec connections and proxy
> > them onto freeradius.
> > I've set up jardius as described on coova.org, and it seems to work
> > well, except the User-Password is encrypted by the time it reaches
> > freeradius
> > I get the following reported on the freeradius side:
> > User-Name = "testuser"
> > User-Password = "\212\230\306\310\313}\010\231\257\211F\237.l
> > \365JJ\2173\240b\367\215+ҵu\177=\237\304\001"
> > My NAS is sending plaintext passwords so I'm pretty sure Jradius is
> > mangling the User-Password somehow.
> > Does anyone know why this would be happening and how to prevent it?
> > I did notice "dictionary.rfc2865" had a line:
> > User-Password 2 string encrypt=1
> > but setting encrypt=0 dosn't seem to make a difference.
> > Thanks,
> > Murray
> > _______________________________________________
> > Jradius mailing list
> > Jradius at coova.org
> > http://lists.coova.org/cgi-bin/mailman/listinfo/jradius
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Jradius