RADIUS Shared Secrets – Manage Client-Server Authentication Keys
Overview
Section titled “Overview”The RADIUS Shared Secrets page manages the cryptographic keys used to authenticate communication between RADIUS clients and MideyeServer. Each shared secret is associated with a source IP address (or CIDR range) and optionally linked to specific RADIUS servers. Shared secrets are stored encrypted and can be verified or changed without exposing the current value.
Per RFC 2865, shared secrets should be at least 16 octets long for adequate security. MideyeServer enforces a minimum length of 1 character and a maximum of 255 characters.
Access & Permissions
Section titled “Access & Permissions”Required Role: ROOT, SUPER_ADMIN, or ADMIN
Navigation: Home → RADIUS Settings → RADIUS Shared Secrets
| Role | View | Create / Edit / Delete | Verify | Change |
|---|---|---|---|---|
| ROOT | ✅ | ✅ | ✅ | ✅ |
| SUPER_ADMIN | ✅ | ✅ | ✅ | ✅ |
| ADMIN | ✅ | ✅ | ✅ | ✅ |
| OPERATOR | ❌ | ❌ | ❌ | ❌ |
Features & Configuration
Section titled “Features & Configuration”Data Grid Columns
Section titled “Data Grid Columns”| Column | Description |
|---|---|
| Source IP | IPv4 address, hostname, or CIDR range of the client |
| RADIUS Servers | Associated RADIUS servers (clickable links showing server name and port) |
| Comment | Optional administrator note |
| Action | Edit, Delete, and Settings menu (Verify / Change secret) |
Action Buttons
Section titled “Action Buttons”| Action | Description |
|---|---|
| Edit | Modify source IP, comment, and server associations (secret is not editable here) |
| Delete | Remove the shared secret after confirmation |
| Verify Shared Secret | Check if a given secret matches the stored value (via Settings menu) |
| Change Shared Secret | Replace the stored secret with a new value (via Settings menu) |
Create / Edit Form
Section titled “Create / Edit Form”Creating a Shared Secret
Section titled “Creating a Shared Secret”| Field | Type | Required | Validation | Description |
|---|---|---|---|---|
| Source IP | Text | Yes | Must be valid IPv4, hostname, or CIDR notation (async validation) | Client address this secret applies to |
| Secret | Password | Yes (create only) | Min: 1, Max: 255 characters | The shared secret value. Only shown during creation |
| Comment | Text | No | Max: 255 characters | Administrative note |
| RADIUS Servers | Multi-select | No | — | Limit this secret to specific servers (leave empty for all servers) |
Collision Detection
Section titled “Collision Detection”MideyeServer prevents duplicate source IP configurations:
- If no RADIUS servers are specified, the source IP must be unique across all unscoped secrets.
- If RADIUS servers are specified, the source IP + server port combination must be unique.
Verify Shared Secret
Section titled “Verify Shared Secret”The Verify dialog allows you to confirm that a shared secret matches without revealing the stored value.
Steps:
- Click the gear icon in the Action column and select Verify shared secret.
- The Source IP is displayed (read-only).
- Enter the shared secret to verify.
- Click Verify.
Results:
- ✅ Success: “Shared secret is correct.”
- ⚠️ Warning: “Shared secret is incorrect.”
Change Shared Secret
Section titled “Change Shared Secret”The Change dialog replaces the stored shared secret with a new value.
Steps:
- Click the gear icon in the Action column and select Change shared secret.
- The Source IP is displayed (read-only).
- Enter the new shared secret.
- Re-enter the new shared secret in the confirmation field.
- Click Save.
| Field | Type | Required | Validation | Description |
|---|---|---|---|---|
| Shared Secret | Password | Yes | — | New secret value |
| Confirm Shared Secret | Password | Yes | Must match the secret field | Confirmation of the new secret |
Common Use Cases
Section titled “Common Use Cases”Adding a New VPN Concentrator Secret
Section titled “Adding a New VPN Concentrator Secret”- Click Add New.
- Enter the VPN device’s source IP address.
- Enter the shared secret configured on the VPN device.
- Optionally select specific RADIUS servers.
- Click Save.
Rotating a Shared Secret
Section titled “Rotating a Shared Secret”- Update the shared secret on the client device first.
- In MideyeServer, use Change Shared Secret to set the new value.
- Use Verify Shared Secret with the old value to confirm it no longer matches.
Verifying Configuration After Deployment
Section titled “Verifying Configuration After Deployment”- Use Verify Shared Secret with the value configured on the client device.
- If verification fails, check for typos or encoding differences.
Troubleshooting
Section titled “Troubleshooting”| Issue | Possible Cause | Resolution |
|---|---|---|
| Cannot save — collision error | Duplicate source IP and server combination | Use a different source IP or assign different RADIUS servers |
| Verify returns incorrect | Secret mismatch or encoding issue | Re-enter carefully; check for trailing spaces or special characters |
| Source IP validation fails | Invalid format | Use valid IPv4 address, hostname, or CIDR notation |
| Page not accessible | Insufficient role | Requires ADMIN role or higher (operators cannot view this page) |
Related Pages
Section titled “Related Pages”- RADIUS Clients — Configure client devices that use shared secrets
- RADIUS Servers — Manage authentication servers associated with shared secrets
- Authentication Logs — Diagnose authentication failures that may indicate secret mismatches