Common FreeRADIUS Errors in Cloudwatch
RADIUS Shared Secret is Incorrect
FreeRADIUS logs an error in CloudWatch when it receives an authentication or accounting request from an IP it recognises, but the shared secret used by that IP is incorrect.
This means the secret in the request does not match the secret associated with that IP in the clients list loaded at server startup.
It could be that the Access Point (AP) or Wireless Lan Controller (WLC) has configuration saved for a different site, so the wrong secret is added.
Alternatively it could be that the organisation made a mistake when setting up their AP / WLC.
In either case the organisation may not be aware of this problem until an end user reports connectivity issues to them.
CloudWatch Insights can be used to retrieve the IP which generated the log entry.
RADIUS Unknown Client
FreeRADIUS logs an error when it receives an authentication or accounting request from an IP it doesn’t recognise.
It could be that the organisation configured the site in the last twenty-four hours, and they need to wait for FreeRADIUS to reload the site list configuration.
It could alternatively be that the organisation has failed to register the site and requires prompting.
An organisation may not be aware of this misconfiguration until an end user reports the problem to them.
CloudWatch Insights can be used to retrieve the IP which generated the log entry.