Radtest Failure and Radius Timeout Errors

1,895 views
Skip to first unread message

Ben Caston

unread,
Jan 21, 2014, 5:10:32 PM1/21/14
to rcdevs-t...@googlegroups.com
Currently I am unable to successfully run Radtest against 127.0.0.1.. Here are the results I get.. 

sudo ./radtest admin-bc XXXXXXXXX 127.0.0.1:1812 Testing123
Sending Access-Request of id 2 to 127.0.0.1 port 1812
        User-Name = "admin-bc"
        User-Password = "XXXXXXXXX"
        Login-IP-Host = 127.0.0.1
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=2, length=20
rad_verify: Received Access-Reject packet from home server 127.0.0.1 port 1812 with invalid signature!  (Shared secret is incorrect.)
Sending Access-Request of id 2 to 127.0.0.1 port 1812
        User-Name = "admin-bc"
        User-Password = "XXXXXXXXX"
        Login-IP-Host = 127.0.0.1
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=2, length=20
rad_verify: Received Access-Reject packet from home server 127.0.0.1 port 1812 with invalid signature!  (Shared secret is incorrect.)
Sending Access-Request of id 2 to 127.0.0.1 port 1812
        User-Name = "admin-bc"
        User-Password = "XXXXXXXXX"
        Login-IP-Host = 127.0.0.1
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=2, length=20
rad_verify: Received Access-Reject packet from home server 127.0.0.1 port 1812 with invalid signature!  (Shared secret is incorrect.)

Now I have checked and double checked to ensure my secret is correct.. When running it against the Local Host, and when I run it against the OpenVPN server I make sure it is updated on the Admin Web portal on the Open VPN server and update the settings.. Is that the only place that it needs to be updated? Is there another place on the Radius server or OpenVPN server it needs to be updated?

Here is my Clients.Conf File 
# By default, OpenOTP Radius Bridge allows any client to connect
#
client 0.0.0.0/0 {
        secret          = testing123
        shortname       = any
}
        secret          = Testing123
        shortname       = ALTAIRVPN01
}
client 127.0.0.1 {
        secret          = Testing123
        shortname       = localhost
{

I have been told that I need to be able to run Radtest against the local host successfully before worrying about running it against the OpenVPN server.. Please let me know what I need to change or why this is not working.. I have done everything I know to do! 

Thank you in advanced for your advice and help. 


Administrators

unread,
Jan 21, 2014, 5:14:58 PM1/21/14
to rcdevs-t...@googlegroups.com
client 0.0.0.0/0 means any client IP and is listed first. So it matches all the time.
drop the client 0.0.0.0/0  from the RB clients.conf.

Ben Caston

unread,
Jan 21, 2014, 5:27:18 PM1/21/14
to rcdevs-t...@googlegroups.com
So this would be correct?


# By default, OpenOTP Radius Bridge allows any client to connect
#
}
        secret          = OpenUpForM3!
        shortname       = ALTAIRVPN01
}
client 127.0.0.1 {
        secret          = Testing123
        shortname       = localhost
{

Thank you for your quick response!

Ben Caston

unread,
Jan 21, 2014, 5:31:25 PM1/21/14
to rcdevs-t...@googlegroups.com
It still shows me the same Error.. 

Sending Access-Request of id 55 to 127.0.0.1 port 1812
        User-Name = "admin-bc"
        User-Password = "PasswordBC!"
        Login-IP-Host = 127.0.0.1
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=55, length=20
rad_verify: Received Access-Reject packet from home server 127.0.0.1 port 1812 with invalid signature!  (Shared secret is incorrect.)

Administrators

unread,
Jan 22, 2014, 5:35:33 AM1/22/14
to rcdevs-t...@googlegroups.com
I think it's just in the test tool that it fails for ex. because you have ! in the password
Try with quote from command line:
./radtest "admin-bc" "XXXXXXXXX" 127.0.0.1:1812 Testing123

Reply all
Reply to author
Forward
0 new messages