Shared secret incorrect errors.

Home Page Forums Network Management ZeroShell Shared secret incorrect errors.

This topic contains 2 replies, has 0 voices, and was last updated by  Nyle 11 years, 10 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #40790

    Nyle
    Member

    Everything works fine with only one access point configured in the Radius section with a shared secret. When I add another access point the new one works and the old one gets a Shared secret incorrect error.

    Access point 1 – 172.18.184.106/21 – bobsap
    Access point 2 – 172.18.184.107/21 – bobsap2

    Zeroshell IP – 172.18.184.105/21

    Log entry –
    13:03:38 Ready to process requests.
    13:06:01 Received packet from 172.18.184.106 with invalid Message-Authenticator! (Shared secret is incorrect.) Dropping packet without response.

    I’ve changed the shared secret several times on the Zeroshell and the AP but keep receiving the error. If I restore to my previous configuration with just the first AP in place it works again. The minute I add the second AP with a different shared secret the error starts again.

    Any ideas are greatly appreciated. I have a school laptop cart that isn’t functional right now because of the issue. My name is mud. 😳

    Thanks,
    -Nyle

    #45922

    imported_fulvio
    Participant

    I don’t understand why you specify /21.
    The CIDR notation (Classless Inter-Domain Routing) 172.18.184.106/21 and 172.18.184.107/21 are network address and not host IP address and the problem is that they rappresent the same subnet:

    Infact the binary notation of the netmask is:
    1111111.1111111.11111000.00000000 (21 ones)
    therefore when FreeRADIUS applies the logical AND operation the last byte of both the networks is zero. In other words you have:

    172.18.184.106/21 = 172.18.184.107/21 = 172.18.184.0/21

    To verify these things you could use the commands:
    ipcalc -n 172.18.184.106/21
    ipcalc -n 172.18.184.107/21
    the output is for both:
    NETWORK=172.18.184.0

    This means that FreeRadius uses the last shared secret you specified.
    To solve the issue you have to specify the IP address of the Access Points as 172.18.184.106 and 172.18.184.107 or if you want use CIDR notation 172.18.184.106/32 and 172.18.184.107/32.

    Regards
    Fulvio

    #45923

    Nyle
    Member

    (Deleted by user)

    #45924

    Nyle
    Member

    @fulvio wrote:

    I don’t understand why you specify /21.
    The CIDR notation (Classless Inter-Domain Routing) 172.18.184.106/21 and 172.18.184.107/21 are network address and not host IP address and the problem is that they rappresent the same subnet:

    Infact the binary notation of the netmask is:
    1111111.1111111.11111000.00000000 (21 ones)
    therefore when FreeRADIUS applies the logical AND operation the last byte of both the networks is zero. In other words you have:

    Thanks Fulvio, 😀

    Ok, I feel like a total N00B now but at least I learned something additional today. I never work with CIDR notation and always just IP/Mask. I completely understand the behavior now. The interface threw me for a loop, I thought the /# was required not optional. When using a subnet calculator to find out my CIDR, I didn’t catch that IP/CIDR corresponds to a subnet not an IP and MASK.

    I entered the IPs alone and it’s all set now.

    Every thing’s up and working now. I appreciate your time and not just telling me to RTM. Sorry about that. 😳

    -Nyle

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.