[SR-Users] n00b question -- RADIUS authentication.
Måns Nilsson
mansaxel at besserwisser.org
Thu May 8 16:34:38 CEST 2014
Subject: Re: [SR-Users] n00b question -- RADIUS authentication. Date: Mon, May 05, 2014 at 03:33:22PM +0200 Quoting Måns Nilsson (mansaxel at besserwisser.org):
> The core question is why the positive reply from the RADIUS server isn't
> accepted as such. (could this be a problem with the dictionary?)
That was indeed spot on. The shared secret between RADIUS client and
server was too long. ~ 80 chars of random text is too long.
I've not thought out exactly where this occurs, and who is to blame,
but at first sight it looks like it is FreeRadius with its limit of 31
chars is the culprit:
"FreeRADIUS is limited to 31 characters for the shared secret."
http://wiki.freeradius.org/guide/faq#Incoming-Authentication-Request-passwords-are-all-garbage.-Why?
Thanks all for your attention and especially to Olle who stopped by in
person and helped me think. I think he has a patch too; this was hard to
find, since auth_radius module hides the response from radiusclient-ng;
one small adjustment brings the fault code to attention.
--
Måns Nilsson primary/secondary/besserwisser/machina
MN-1334-RIPE +46 705 989668
I am a jelly donut. I am a jelly donut.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20140508/a3b64dae/attachment.pgp>
More information about the sr-users
mailing list