Doubt about RADIUS server errors.

Alan DeKok aland at deployingradius.com
Thu Feb 15 14:56:16 CET 2007


raghavendra.sadaramachandra at wipro.com wrote:
> Hi All,
>  
>     I am using free radius server with dot1X. and supplicant is on
> windows XP. Here when I use user name <= 3 letters I am getting
> following error...
>  
>   * 1.* *Received packet from 192.168.112.90 with invalid
> Message-Authenticator! (Shared secret is incorrect.)*

  Then the shared secret is incorrect.

>     and for user name <=3 my client is getting following error.
> 
>    *2. **Malformed RADIUS packet from host 192.168.0.1: too short
> (length 17 < minimum 20).*

  Then the RADIUS client is broken.  It's not sending RADIUS packets.

> where as radius RFC say... user name length can be >= 3.

  Read the RFC's again.  RADIUS packets MUST be 20 bytes or more.

  Either the RADIUS client you're using is completely broken, or you're
sending non-RADIUS packets to the RADIUS server.

> I mean first we are getting related to message-authenticator where as we
> are passing username with length <=3. and second error my client getting
> is related to packet length...another interesting thing is we get these
> *errors only for PEAP *configuration.... this will work for MD5 and others.

  If that's true, then the client is broken.

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog



More information about the Freeradius-Users mailing list