Hi all,
got this error from my radius server :
17:11:31 radius,debug,packet sending Access-Request with id 175 to 192.168.4.4:1812
17:11:31 radius,debug,packet Signature = 0x0744bde26bd7eaad4836b25c54ce10a8
17:11:31 radius,debug,packet Service-Type = 2
17:11:31 radius,debug,packet Framed-Protocol = 1
17:11:31 radius,debug,packet NAS-Port = 1091
17:11:31 radius,debug,packet NAS-Port-Type = 15
17:11:31 radius,debug,packet User-Name = "D4CA6D348BA9"
17:11:31 radius,debug,packet Calling-Station-Id = "00:20:A6:F0:D6:D4"
17:11:31 radius,debug,packet Called-Station-Id = "Proxim"
17:11:31 radius,debug,packet NAS-Port-Id = "ether2"
17:11:31 radius,debug,packet MS-CHAP-Challenge = 0x0207b86fe7ff29db7f17b251da295fb2
17:11:31 radius,debug,packet MS-CHAP2-Response = 0x010040dabb2d2689c5bbd26e327b9f74
17:11:31 radius,debug,packet ecbf000000000000000092605cf9b580
17:11:31 radius,debug,packet e6789ae51053aee9fa6c33f191ef9d79
17:11:31 radius,debug,packet d087
17:11:31 radius,debug,packet NAS-Identifier = "PPPoE_srv1"
17:11:31 radius,debug,packet NAS-IP-Address = 192.168.1.25
17:11:31 radius,debug,packet received bad Access-Accept with id 175 from 192.168.4.4:1812
17:11:31 radius,debug,packet Signature = bad 0x7a7f7f7a775c9d1145dd32e63669c9e9
17:11:31 radius,debug,packet MS-CHAP2-Success = 0x01533d30313239363636434135444533
17:11:31 radius,debug,packet 39443145454134393932443733454642
17:11:31 radius,debug,packet 3232464644354244363535
17:11:31 radius,debug,packet User-Name = "D4CA6D348BA9"
17:11:31 radius,debug,packet Unknown-Attribute(vendor=21067, type=1) = 0x34204d627073
17:11:31 radius,debug,packet Reply-Message = "You have successfully logged in"
17:11:31 radius,debug,packet Unknown-Attribute(vendor=21067, type=129) = 0x2a2c
17:11:31 radius,debug,packet Unknown-Attribute(vendor=21067, type=128) = 0x00000002
17:11:31 radius,debug,packet Unknown-Attribute(vendor=21067, type=129) = 0x2a2c
17:11:31 radius,debug,packet Unknown-Attribute(vendor=21067, type=128) = 0x00000002
17:11:31 radius,debug,packet Unknown-Attribute(vendor=21067, type=129) = 0x2a2c
17:11:31 radius,debug,packet Unknown-Attribute(vendor=21067, type=128) = 0x00000002
17:11:31 radius,debug,packet Unknown-Attribute(vendor=21067, type=129) = 0x2a2c
17:11:31 radius,debug,packet Unknown-Attribute(vendor=21067, type=128) = 0x00000002
17:11:31 radius,debug,packet remaining 0x1a0a0000524b81042a2c1a0c0000524b
17:11:31 radius,debug,packet 8006000000021a0a0000524b81042a2c
17:11:31 radius,debug,packet 1a0c0000524b8006000000021a0a0000
17:11:31 radius,debug,packet 524b81042a2c1a0c0000524b80060000
17:11:31 radius,debug,packet 00021a0a0000524b81042a2c1a0c0000
17:11:31 radius,debug,packet 524b8006000000021a0a0000524b8104
17:11:31 radius,debug,packet 2a2c1a0c0000524b8006000000021a0a
17:11:31 radius,debug,packet 0000524b81042a2c1a0c0000524b8006
17:11:31 radius,debug,packet 000000021a0a0000524b81042a2c1a0c
17:11:31 radius,debug,packet 0000524b8006000000021a0a0000524b
17:11:31 radius,debug,packet 81042a2c1a0c0000524b800600000002
17:11:31 radius,debug,packet 1a0a0000524b81042a2c1a0c0000524b
17:11:31 radius,debug,packet 8006000000021a0a0000524b81042a2c
17:11:31 radius,debug,packet 1a0c0000524b8006000000021a0a0000
17:11:31 radius,debug,packet 524b81042a2c1a0c0000524b80060000
17:11:31 radius,debug,packet 0002
17:11:31 radius,debug received packet for 1b:20e with bad signature, dropping
17:11:32 radius,debug timeout for 1b:20e
17:11:32 pppoe,ppp,info <pppoe-0>: terminating... - user D4CA6D348BA9 authentication failed - radius timeout
17:11:32 pppoe,ppp,info <pppoe-0>: disconnected
Could you help ?
Cheers !
Re: bad radius signature, dropping
I've already checked that secret key between NAS Client and Radius server are the same.
Re: bad radius signature, dropping
sounds like the radius server is sending an invalid radius attribute. could be the radius serverhas the wrong nas type selected or is sending some extended radius attributes to the mikrotik that it doesnt understand.
are you using free radius or aradial or something?
are you using free radius or aradial or something?
Re: bad radius signature, dropping
Hi there,
we are using a proprietary Radius server developped in India. Their support team says that the radius server is sending Access-Accept to mokrotik, so mikrotik should accept it....
we are using a proprietary Radius server developped in India. Their support team says that the radius server is sending Access-Accept to mokrotik, so mikrotik should accept it....
Re: bad radius signature, dropping
Triple check shared secret in both mikrotik and the radius server. Packets are signed with that secret so they must be the same.
Also, increase radius timeout in Mikrotik... maybe that radius takes more than the default 300ms to reply, Mikrotik resends the packet and then receives the reply from the previous access-request packet.
OTH, you should ask your radius vendor to implement Mikrotik NAS type (vendor id 14988). Dictionary file is included in the default freeradius distribution and also here:
http://wiki.mikrotik.com/wiki/Manual:RA ... dictionary
Also, increase radius timeout in Mikrotik... maybe that radius takes more than the default 300ms to reply, Mikrotik resends the packet and then receives the reply from the previous access-request packet.
OTH, you should ask your radius vendor to implement Mikrotik NAS type (vendor id 14988). Dictionary file is included in the default freeradius distribution and also here:
http://wiki.mikrotik.com/wiki/Manual:RA ... dictionary
Who is online
Users browsing this forum: Amazon [Bot], Bing [Bot], boingolover, Google [Bot], rodesvera and 130 guests