Hello everyone!
I’m failing make VyOS 1.1.7 authorize CLI users in FreeRADIUS 3.0.15.
I’ve found posts on the forum saying that it is possible I’m but not sure how.
The issue itself is in the fact that FreeRADIUS is not able to decode the incoming User-Password AVP.
The password 1qazXSW@ is encoded as below in radiusd -X debug logs:
And in tshark:
AVP: l=18 t=User-Password(2): Encrypted
AVP Type: 2
AVP Length: 18
User-Password (encrypted): 5de414c0b637273fc2cc5cd36ffe4d54
FreeRADIUS gives pretty clear explanation in logs:
i WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS![/i]
The secrets are equal of course…
VyOS configuration:
aeg@VyOS-1-1# show system login radius-server
radius-server 10.0.0.56 {
secret 12345678
}
FreeRADIUS configuration:
client vyos-1-1 {
ipaddr = 10.0.0.57
secret = 12345678
require_message_authenticator = no
nas_type = other
limit {
max_connections = 5
lifetime = 0
idle_timeout = 30
}
}
No spaces left after the last secret digit
The main reason why I’m here, rather than on FreeRADIUS forum is that wireshark also decodes the AVP as “\010\n\r\177INCORRECT” when I specify the secret.
Does anyone have an idea what else I should check?