A low-level mistake delayed a week.

Test the interlock between the NAS device and the Freeradius server before the Spring Festival. The RADIUS service tests correctly regardless of whether the Freeradius radtest program or Jradius code is used. But the password sent from the NAS device is not correct.

began to think that the encryption method is inconsistent, after the UDP capture packet is the PAP method encryption, but the password is determined not correct. Because there is not too much time on the holiday, can only be dragged to the section after debugging.

Spring Festival at home Idle when the Rasius agreement and the realization of the Jradius all look again. Finally determine that there must be a problem with the NAS side configuration. (It turns out that the right judgment saved a lot of time to find the problem)

Because the NAS device is deployed outside the bomb and I don't have permission to log on, the NAS's configuration relies on other people to check. Feedback says there are only a few fields, and the previous configuration is so, the original can work properly.

The person who configured this morning suddenly told me that the original configuration of the 32-bit SHARSERCT retrieve only 25 bits, which may be too long truncated.

Can immediately determine the problem Crux found, but the configuration of the person said if SHARSERCT error, Radtest directly reported incorrect SHARSERCT and should not be a password mismatch. With the spring festival time to understand the RADIUS protocol,

Must be the problem, because the transmission process is not possible to pass sharserct,radtest test when the service side judge incorrect SHARSERCT only because the other errors are excluded and the only possibility of the ride. And now the situation can be determined that 99.99999% is due to sharserct inconsistency. The seed of the encryption is inconsistent, how can the matching result be obtained.

Requires that the NAS's configuration be reconfigured to a 16-bit length and the RADIUS server is consistent, everything is bright.

Problem:

1. Because there is no permission to log on to the NAS device check, only a few simple configurations are a bit too trusting for the NAS's configurator.

2. In fact, the person who configured yesterday found this problem, because of lack of experience, always thought if sharserct inconsistency should be reported incorrect SHARSERCT instead of password mismatch, did not give me feedback.

In fact, with your toes, you should understand that the encryption seed is not the same how the results can be matched.

3. When the password does not match the first thought may be sharserct inconsistent, thinking short-circuiting. Under normal circumstances the same algorithm gets different results certainly is the input has the problem, should think of possibly is the SHARSERCT inconsistency causes.