Incoming Request Passwords Are Gibberish
Gibberish is usually indicative of
an
incorrectly formed or mismatched shared secret, the phrase shared
between the server and the RADIUS client machine and used to perform
secure encryption on packets. To identify the problem, run the server
in debugging mode, as described previously. The first password
printed to the console screen will be inside a RADIUS attribute
(e.g., Password = "rneis\dfkjdf7482odf“) and the
second will be in a logged message (e.g., Login failed [rneis/dfkjdf7482odf]). If the data after the slash is
gibberish—ensure it’s not just a really secure
password—then the shared secret is not consistent between the
server and the RADIUS client. This may even be due to hidden
characters, so to be completely sure both are the same, delete and
re-enter the secret on both machines.
The gibberish may also result from a shared secret that is too long. FreeRADIUS limits the secret length to 16 characters, since some NAS equipment has limitations on the length of the secret yet don’t make it evident in error logs or the documentation.