Dear everybody,<br><br>I've installed the radius 's CVS version of 08-02-06.<br><br>I've this architecture :<br> client < ====> AP <====> Radius A <====> Radius B<br> proxying<br>with proxy.conf file :<br><br>realm NULL {<br> type = radius<br> authhost = LOCAL<br> accthost = LOCAL<br>}<br><br>realm AAA
{<br> type = radius<br> authhost = LOCAL<br> accthost = LOCAL<br> type = radius<br>}<br><br>realm BBB {<br> type = radius<br> authhost = 147.173.3.249:1812<br> accthost = 147.173.3.249:1813<br> secret =
RaDCNRSgreCentr1<br> nostrip<br>}<br><br><br># This realm is for ALL OTHER requests.<br>##<br>realm DEFAULT {<br> type = radius<br> authhost = anIP@:1812<br> accthost = anIP@:1813<br> secret = RaDCNRSgreCentr1<br> nostrip<br>}<br><br>I tried to use the proxy's configuration between the Server<br>A and the Server B.<br>the server A sent an Access-Request proxied to the Server B.<br><br>When the server B answered to the proxy-request by an<br>Acces-Chalenge request proxied,<br>I had an error message like this
:<br>"Received Unknown packet code 11from client 147.173.3.249<br>port 1812: Cannot validate signature Dropping packet without<br>response."<br><br>So I searched for what could cause this error and I think<br>I found it in the radius.c file, at the end of the rad_verify<br>function.<br>in the last switch-case code :<br><br>/*<br>* Calculate and/or verify digest.<br>*/<br>switch(packet->code) {<br> int rcode;<br> char buffer[32];<br><br> case PW_AUTHENTICATION_REQUEST:<br> case PW_STATUS_SERVER:<br> case PW_DISCONNECT_REQUEST:<br> /*<br> * The authentication vector is random<br> * nonsense, invented by the
client.<br> */<br> break;<br> case PW_ACCOUNTING_REQUEST:<br> if (calc_acctdigest(packet, secret) > 1) {<br> librad_log("Received Accounting-Request packet "<br> "from %s with invalid signature! (Shared secret is incorrect.)",<br> inet_ntop(packet->src_ipaddr.af,<br>
&packet->src_ipaddr.ipaddr,buffer,<br> sizeof(buffer)));<br> return -1;<br> }<br> break;<br><br> /* Verify the reply digest */<br> case PW_AUTHENTICATION_ACK:<br> case PW_AUTHENTICATION_REJECT:<br> case PW_ACCOUNTING_RESPONSE:<br> rcode =
calc_replydigest(packet,original, secret);<br> if (rcode > 1) {<br> librad_log("Received %s packet "<br> "from client %s port %d with invalid signature (err=%d)! (Shared secret is<br> incorrect.)",packet_codes[packet->code],<br>
inet_ntop(packet->src_ipaddr.af,<br> &packet->src_ipaddr.ipaddr,buffer,<br> sizeof(buffer)),packet->src_port,<br> rcode);<br> return -1;<br>
}<br> break;<br> <br> default:<br> librad_log("Received Unknown packet code %d"<br> "from client %s port %d:<br> Cannot validate signature",<br>
packet->code,inet_ntop(packet->src_ipaddr.af,<br> &packet->src_ipaddr.ipaddr,<br> buffer,sizeof(buffer)),<br> packet->src_port);<br> return -1;<br> }<br><br>There was no case of Acces challenge resquest ,I added it<br>(case PW_ACCESS_CHALLENGE).<br>And now the proxy request works !<br>I would like
to know if the change is correct and if somebody already had this error .<br><br>Your sincerly.<br><br><p>
<hr size="1">
Découvrez un nouveau moyen de poser toutes vos questions quelque soit le sujet !
Yahoo! Questions/Réponses pour partager vos connaissances, vos opinions et vos expériences. <a href="http://fr.rd.yahoo.com/evt=42054/*http://fr.answers.yahoo.com">Cliquez ici</a>.