AccountingReq message authenticator

Paolo Rotela paolo.rotela at bluetelecom.com
Wed Sep 28 17:09:50 CEST 2005


RFCs are a little messy about this issue. Message-Authenticator in Accounting Packets are not well standarized, so everyone does what they want about this.

Do a search in the list for "FreeRadius Proxying and Message-Authenticator" for more information.

Eng. Paolo Rotela
CTO
Blue Telecom
  ----- Original Message ----- 
  From: Ashwin Gobind 
  To: freeradius-users at lists.freeradius.org 
  Sent: Wednesday, September 28, 2005 11:20 AM
  Subject: AccountingReq message authenticator


  Hi.

   

  Is there anyway to generate a message authenticator for an accounting request packet.  At the moment I am using JRadius, I need to send an accounting request message to another radius server.  However after I add the message authenticator and send to to another server, the other server complains about "Invalid message authenticator"  (Shared secret is incorrect).

   

  Here is some code :

  //Proxy request to the wap gateway

                                                              DatagramSocket socket = new DatagramSocket();

                                                              socket.setSoTimeout(5000);

                                                              //Generate authenticator

                                                              MessageDigest md5 = MessageDigest.getInstance("MD5");

                                                              md5.reset();                    

                                              md5.update((byte)req.getCode());

                                              md5.update((byte)req.getIdentifier());

                                              int length = req.getBytes().length;

                                              byte [] authenticator = req.getAuthenticator();

                                              byte [] attributeBytes = req.getAttributeBytes(req.getAttributes(),0);

                                              for (int z=0; z <authenticator.length ; z++ )

                                                                          RadiusLog.debug("Autenticator["+z+"] Before = " + authenticator[z]);

                                                              

                                              RadiusLog.debug("Autenticator Length: " + authenticator.length);

                                              RadiusLog.debug("Attributes Length: " + attributeBytes.length);

                                              RadiusLog.debug("Paket Length: " + length);

                                              

                                              String sharedSecret = "testing123";

                                              md5.update((byte)(length >> 8));

                                              md5.update((byte)(length & 0xff));

                                              md5.update(authenticator, 0, authenticator.length);

                                              md5.update(attributeBytes, 0, attributeBytes.length);

                                              md5.update(sharedSecret.getBytes());         

                                              req.overwriteAttribute(AttributeFactory.newAttribute(AttributeDictionary.MESSAGE_AUTHENTICATOR, authenticator));

                                                              

                                              System.arraycopy(md5.digest(), 0, authenticator, 0, 16);

  "This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link http://www.vodacom.net/legal/email.aspx " 


------------------------------------------------------------------------------


  - 
  List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20050928/7e16e79b/attachment.html>


More information about the Freeradius-Users mailing list