Re: Problem to verify radius settings

2012-10-15T15:22:37+01:00

Hello,

It seems that you have not provided the right shared secret to the radtest.

Please make sure your clients.conf should have the shared secret entry as per your radtest.

Eg.
client 127.0.0.1 {
secret = xxxxx
shortname = 1_127.0.0.1
}

If you are still facing the same issue, please write to "support@yubico.com" along with error screenshot and log details.

Thanks and best regards,
Samir.

Statistics: Posted by samir — Mon Oct 15, 2012 3:22 pm

Problem to verify radius settings

2012-10-13T18:07:40+01:00

I have done the setup according to the instruction for YubiRADIUS Virtual Appliance version 3.5.3 but have a problem to verify my radius-settings. I can validate OTP and ping localhost from the YubiRADIUS server.

When i try to verify my settings withh RadTest I get the following result:

Code:

RadTest Response:  Failed!
rad_verify: Received Access-Reject packet from home server 127.0.0.1 port 1812 with invalid signature!  (Shared secret is incorrect.)
rad_verify: Received Access-Reject packet from home server 127.0.0.1 port 1812 with invalid signature!  (Shared secret is incorrect.)
rad_verify: Received Access-Reject packet from home server 127.0.0.1 port 1812 with invalid signature!  (Shared secret is incorrect.)
radclient: no response from server for ID 139 socket 3
Sending Access-Request of id 139 to 127.0.0.1 port 1812
   User-Name = "xxxx.yyy"
   User-Password = "XXXXXXXyyyyyyyyyyyyyyyyyyyyyyyyyyyy"
   NAS-IP-Address = 127.0.0.1
   NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=139, length=20
Sending Access-Request of id 139 to 127.0.0.1 port 1812
   User-Name = "xxxx.yyy"
   User-Password = "XXXXXXXyyyyyyyyyyyyyyyyyyyyyyyyyyyy"
   NAS-IP-Address = 127.0.0.1
   NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=139, length=20
Sending Access-Request of id 139 to 127.0.0.1 port 1812
   User-Name = "xxxx.yyy"
   User-Password = "XXXXXXXyyyyyyyyyyyyyyyyyyyyyyyyyyyy"
   NAS-IP-Address = 127.0.0.1
   NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=139, length=20

I have set my shared secret for the following networks, 127.0.0.1 network was for debugging purposes:

Code:

127.0.0.1/24   2012-10-13 18:29:27   
192.168.1.0/24   2012-10-13 18:18:04

The freeradius log is almost empty, I have checked that I have logging enabled.

Code:

/var/log/freeradius/radius.log
Sat Oct 13 18:29:27 2012 : Info: Exiting normally.
Sat Oct 13 18:29:27 2012 : Info: Loaded virtual server inner-tunnel
Sat Oct 13 18:29:27 2012 : Info: Loaded virtual server 
Sat Oct 13 18:29:27 2012 : Info: Ready to process requests.

The three logfiles yk*.log contain no or no usable information.

I have also tried with an external radius client on the 192.168.1.0/24 network with the following result:

Code:

RADIUS access denied

Statistics: Posted by Pete — Sat Oct 13, 2012 6:07 pm

Yubico Forum

Re: Problem to verify radius settings

Problem to verify radius settings