[RADIATOR] Bad-authenticator

Dubravko Penezic dpenezic at srce.hr
Tue Apr 30 10:30:19 UTC 2019


Hi all,

from my experience check follow :

* secret may contain some special character @ $ ? which are not send to
server
* secret is to long for some client and part of secret is silently deleted.

Regards,
Dubravko

On 4/30/19 12:20 PM, Hugh Irvine wrote:
> 
> Hello -
> 
> You can try setting IgnoreAcctSignature in the Client clause, but make doubly sure the shared secret is correct.
> 
> regards
> 
> Hugh
> 
> 
>> On 30 Apr 2019, at 19:39, MEjaz <mejaz at cyberia.net.sa> wrote:
>>
>> I made sure from the NAS side the secret is same as what I have configured
>> in Client clause. 
>> Is there any other clue?
>>
>> Thanks in advance..
>>
>> -----Original Message-----
>> From: radiator [mailto:radiator-bounces at lists.open.com.au] On Behalf Of
>> Heikki Vatiainen
>> Sent: Monday, April 29, 2019 8:49 PM
>> To: radiator at lists.open.com.au
>> Subject: Re: [RADIATOR] Bad-authenticator
>>
>> On 29/04/2019 12.38, MEjaz wrote:
>>
>>> I'm getting a "Bad Authenticator" message using > Radiator. Cisco,  
>>> O/S is Solaris. And with MSSQL database.
>>> Any idea how to fix this? Any help would be appreciated!
>>
>> Check that the secret within <Client 212.119.67.28> matches what's
>> configured on that IP address (RADIUS client). You'll see this error when
>> the server (Radiator) and client (NAS) shared secrets are not equal.
>>
>> Note that the shared secret is not for encrypting the whole message. 
>> This is why you see most of the values in clear text in RADIUS requests even
>> if the secret is not correct.
>>
>> Thanks,
>> Heikki
>>
>> --
>> Heikki Vatiainen <hvn at open.com.au>
>>
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory, EAP,
>> TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP, DIAMETER etc. Full
>> source on Unix, Windows, MacOSX, Solaris, VMS, etc.
>> _______________________________________________
>> radiator mailing list
>> radiator at lists.open.com.au
>> https://lists.open.com.au/mailman/listinfo/radiator
>>
>> _______________________________________________
>> radiator mailing list
>> radiator at lists.open.com.au
>> https://lists.open.com.au/mailman/listinfo/radiator
> 
> 
> --
> 
> Hugh Irvine
> hugh at open.com.au
> 
> Radiator: the most portable, flexible and configurable RADIUS server 
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER, SIM, etc. 
> Full source on Unix, Linux, Windows, macOS, Solaris, VMS, NetWare etc.
> 
> _______________________________________________
> radiator mailing list
> radiator at lists.open.com.au
> https://lists.open.com.au/mailman/listinfo/radiator
> 

-- 
Dubravko Penezic
Information Systems and Applications Department
SRCE - University of Zagreb University Computing Centre, www.srce.unizg.hr
Dubravko.Penezic at srce.hr, tel: +385 1 616 5555, fax: +385 1 616 5559


More information about the radiator mailing list