Skip to main content

Common FreeRADIUS alerts

RADIUS Shared Secret is Incorrect

FreeRADIUS logs an error in CloudWatch when it receives an authentication or accounting request from an IP it recognises, but the shared secret used by that IP is incorrect.

This means the secret in the request does not match the secret associated with that IP in the clients list loaded at server startup.

CloudWatch is configured with an alarm which monitors these log entries.

An example of an alarm being raised looks like the following:

You are receiving this email because your Amazon CloudWatch Alarm “Shared-secret-is-incorrect” in the EU (London) region has entered the ALARM state, because “Threshold Crossed: 1 datapoint [2.0 (18/03/18 07:14:00)] was greater than or equal to the threshold (1.0).” at “Monday 19 March, 2018 07:14:52 UTC”.

It could be that the Access Point (AP) or Wireless Lan Controller (WLC) has configuration saved for a different site, so the wrong secret is added.

Alternatively it could be that the organisation made a mistake when setting up their AP / WLC.

In either case the organisation may not be aware of this problem until an end user reports connectivity issues to them.

If this alert is in alarm state, notify the Product or Service Manager and use CloudWatch Insights to retrieve the IP of the organisation which has misconfigured its AP/WLC.

RADIUS Unknown Client

FreeRADIUS logs an error when it receives an authentication or accounting request from an IP it doesn’t recognise.

CloudWatch is configured with an alarm which monitors these log entries.

An example of an alarm being raised looks like the following:

You are receiving this email because your Amazon CloudWatch Alarm “RADIUS-unknown-client” in the EU (London) region has entered the ALARM state, because “Threshold Crossed: 1 out of the last 1 datapoints [1.0 (19/03/18 00:13:00)] was greater than the threshold (0.0) (minimum 1 datapoint for OK -> ALARM transition).” at “Monday 19 March, 2018 01:13:25 UTC”.

It could be that the organisation configured the site in the last twenty-four hours, and they need to wait for FreeRADIUS to reload the site list configuration.

It could alternatively be that the organisation has failed to register the site and requires prompting.

An organisation may not be aware of this misconfiguration until an end user reports the problem to them.

If this alert is in alarm state, notify the Product or Service Manager and use CloudWatch Insights to retrieve the IP of the organisation which has this misconfiguration.

This page was last reviewed on 13 July 2021. It needs to be reviewed again on 13 January 2022 by the page owner #govwifi .
This page was set to be reviewed before 13 January 2022 by the page owner #govwifi. This might mean the content is out of date.