Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1200
Views
0
Helpful
2
Replies

Shared Secret mismatch Radius

Alexander Beirlant
Level 1
Level 1

ā€Ž10-23-2015 12:13 PM - edited ā€Ž03-10-2019 11:10 PM

2 of our managed UPS's are currently being used with an incorrect secret and Radius only authentication. Due to this we recently discovered that we are unable to login. Is there a way to allow ACS (we have 5.5) to tell us what the shared secret is that the 2 UPS's are sending us in some logs, or is there a way to allow access from these 2 IP addresses, even though the shared secret is wrong?

 

The cost to get someone out to the branch and console in would be very high, so we wanted to make sure there was not a cheaper/easier way.

 

Thank you!

Labels:
0 Helpful
2 Replies 2

jan.nielsen
Level 7
Level 7

ā€Ž10-23-2015 12:56 PM

No, the secret key is not sent in the radius packets, it is used to protect the users password when being sent over radius, which is why your authentication fails. If you have configured a fallback to a local user in your APS radius config, you could try to block it's access to the radius server to login.

0 Helpful

Alexander Beirlant
Level 1
Level 1
In response to jan.nielsen

ā€Ž10-23-2015 12:58 PM

We tried that, and we are pretty sure that it is set to radius only, and not radius first local authorization second. 

0 Helpful
Customers Also Viewed These Support Documents