(RADIATOR) Problem using Radiator to authenticate VPN access via a Cisco VPN 5001

Hugh Irvine hugh at open.com.au
Thu Sep 6 20:23:20 CDT 2001


Hello Jc -

What you describe is not correct.

The radius packets themselves are not encrypted, neither from the NAS nor 
from Radiator. The shared secret is only used for the encryption of the 
password, and it is the configuration of the NAS that determines this (either 
PAP or CHAP authentication).

In any case, if there is a Cisco bug, please let us know the resolution of 
the problem.

regards

Hugh


On Friday 07 September 2001 05:23, Reynoso, Jc wrote:
> Hello!
> I may have experienced a similar problem.
>
> Radiator sends encrypted radius packets to the cs5001
> The cs5001 cannot understand the encrypted packet.
>
> This is the "shared secret" between radiator and the cs5001.
>
> You will have to send the packet in the clear (bad defeats purpose of pw in
> the clear!)...  very much so.
>
> But cisco is working on this.  They have a software bug trac on it.
>
> There is a way to tell radiator to send the shared secret in the clear.  It
> is a tweak in the .cfg file.  I do not know what it is.  I'm not the
> radiator admin.  Perhaps Hugh would be so kind as to give you the syntax.
>
> I hope this helps you
>
> -jc
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list