| Yubico Forum https://forum.yubico.com/ |
|
| Problem to verify radius settings https://forum.yubico.com/viewtopic.php?f=3&t=869 |
Page 1 of 1 |
| Author: | Pete [ Sat Oct 13, 2012 6:07 pm ] |
| Post subject: | Problem to verify radius settings |
I have done the setup according to the instruction for YubiRADIUS Virtual Appliance version 3.5.3 but have a problem to verify my radius-settings. I can validate OTP and ping localhost from the YubiRADIUS server. When i try to verify my settings withh RadTest I get the following result: Code: RadTest Response: Failed! rad_verify: Received Access-Reject packet from home server 127.0.0.1 port 1812 with invalid signature! (Shared secret is incorrect.) rad_verify: Received Access-Reject packet from home server 127.0.0.1 port 1812 with invalid signature! (Shared secret is incorrect.) rad_verify: Received Access-Reject packet from home server 127.0.0.1 port 1812 with invalid signature! (Shared secret is incorrect.) radclient: no response from server for ID 139 socket 3 Sending Access-Request of id 139 to 127.0.0.1 port 1812 User-Name = "xxxx.yyy" User-Password = "XXXXXXXyyyyyyyyyyyyyyyyyyyyyyyyyyyy" NAS-IP-Address = 127.0.0.1 NAS-Port = 0 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=139, length=20 Sending Access-Request of id 139 to 127.0.0.1 port 1812 User-Name = "xxxx.yyy" User-Password = "XXXXXXXyyyyyyyyyyyyyyyyyyyyyyyyyyyy" NAS-IP-Address = 127.0.0.1 NAS-Port = 0 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=139, length=20 Sending Access-Request of id 139 to 127.0.0.1 port 1812 User-Name = "xxxx.yyy" User-Password = "XXXXXXXyyyyyyyyyyyyyyyyyyyyyyyyyyyy" NAS-IP-Address = 127.0.0.1 NAS-Port = 0 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=139, length=20 I have set my shared secret for the following networks, 127.0.0.1 network was for debugging purposes: Code: 127.0.0.1/24 2012-10-13 18:29:27 192.168.1.0/24 2012-10-13 18:18:04 The freeradius log is almost empty, I have checked that I have logging enabled. Code: /var/log/freeradius/radius.log Sat Oct 13 18:29:27 2012 : Info: Exiting normally. Sat Oct 13 18:29:27 2012 : Info: Loaded virtual server inner-tunnel Sat Oct 13 18:29:27 2012 : Info: Loaded virtual server <default> Sat Oct 13 18:29:27 2012 : Info: Ready to process requests. The three logfiles yk*.log contain no or no usable information. I have also tried with an external radius client on the 192.168.1.0/24 network with the following result: Code: RADIUS access denied
|
|
| Author: | samir [ Mon Oct 15, 2012 3:22 pm ] |
| Post subject: | Re: Problem to verify radius settings |
Hello, It seems that you have not provided the right shared secret to the radtest. Please make sure your clients.conf should have the shared secret entry as per your radtest. Eg. client 127.0.0.1 { secret = xxxxx shortname = 1_127.0.0.1 } If you are still facing the same issue, please write to "support@yubico.com" along with error screenshot and log details. Thanks and best regards, Samir. |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|