[RADIATOR] Bad-authenticator
Hugh Irvine
hugh at open.com.au
Tue Apr 30 23:02:02 UTC 2019
Hello -
As mentioned in my previous email, this is a Client parameter - it goes in the Client clause.
<Client …..>
Secret ….
IgnoreAcctSignature
…..
</Client>
regards
Hugh
> On 30 Apr 2019, at 20:23, MEjaz <mejaz at cyberia.net.sa> wrote:
>
> I have added this in the below handler. Is this correct place? Also when I restart the radius to read the new file it gives me an error “Tue Apr 30 13:26:48 2019: ERR: Unknown keyword 'IgnoreAcctSignature' in /opt2/radiator/radius.cfg line 65”
>
>
> <Handler>
> PreProcessingHook file:"/etc/radiator/changeUserName"
> <AuthBy SQL>
> DBSource dbi:Sybase:xxxx
> DBUsername xxxx
> DBAuth xxx
>
> DefaultSimultaneousUse 1
> CaseInsensitivePasswords
> IgnoreAcctSignature
>
>
> Ejaz
>
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: Tuesday, April 30, 2019 1:20 PM
> To: MEjaz <mejaz at cyberia.net.sa>
> Cc: Heikki Vatiainen <hvn at open.com.au>; radiator at lists.open.com.au
> Subject: Re: [RADIATOR] Bad-authenticator
>
>
> Hello -
>
> You can try setting IgnoreAcctSignature in the Client clause, but make doubly sure the shared secret is correct.
>
> regards
>
> Hugh
>
>
> > On 30 Apr 2019, at 19:39, MEjaz <mejaz at cyberia.net.sa> wrote:
> >
> > I made sure from the NAS side the secret is same as what I have
> > configured in Client clause.
> > Is there any other clue?
> >
> > Thanks in advance..
> >
> > -----Original Message-----
> > From: radiator [mailto:radiator-bounces at lists.open.com.au] On Behalf
> > Of Heikki Vatiainen
> > Sent: Monday, April 29, 2019 8:49 PM
> > To: radiator at lists.open.com.au
> > Subject: Re: [RADIATOR] Bad-authenticator
> >
> > On 29/04/2019 12.38, MEjaz wrote:
> >
> >> I'm getting a "Bad Authenticator" message using > Radiator. Cisco,
> >> O/S is Solaris. And with MSSQL database.
> >> Any idea how to fix this? Any help would be appreciated!
> >
> > Check that the secret within <Client 212.119.67.28> matches what's
> > configured on that IP address (RADIUS client). You'll see this error
> > when the server (Radiator) and client (NAS) shared secrets are not equal.
> >
> > Note that the shared secret is not for encrypting the whole message.
> > This is why you see most of the values in clear text in RADIUS
> > requests even if the secret is not correct.
> >
> > Thanks,
> > Heikki
> >
> > --
> > Heikki Vatiainen <hvn at open.com.au>
> >
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active
> > Directory, EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP,
> > TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.
> > _______________________________________________
> > radiator mailing list
> > radiator at lists.open.com.au
> > https://lists.open.com.au/mailman/listinfo/radiator
> >
> > _______________________________________________
> > radiator mailing list
> > radiator at lists.open.com.au
> > https://lists.open.com.au/mailman/listinfo/radiator
>
>
> --
>
> Hugh Irvine
> hugh at open.com.au
>
> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER, SIM, etc.
> Full source on Unix, Linux, Windows, macOS, Solaris, VMS, NetWare etc.
--
Hugh Irvine
hugh at open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER, SIM, etc.
Full source on Unix, Linux, Windows, macOS, Solaris, VMS, NetWare etc.
More information about the radiator
mailing list