I write a program to send Access-request packet to the Radius server. The packet format is as follow:<br>    __________________________________________________________<br>    |  code = 1      |       ID = 1     |    Length = 73 ( 0x 00 49 )                   |
<br>    __________________________________________________________<br>    |     16 bytes authenticator                                                               |<br>    __________________________________________________________
<br>    |     user_name = "test"                                                                   |<br>    __________________________________________________________<br>    |     chap_password                                                                         |
<br>    __________________________________________________________<br>    |      eap_message = "pdsicygx"                                                       |<br>    __________________________________________________________
<br>    |      Message_authenticator                                                             |<br>    __________________________________________________________<br>    The Message_authenticator is calculated as follow:
<br>     Message_authenticator = HMAC-MD5 (code ,ID, Length,16 bytes Authenticator, user_name,chap_password,eap_message) ,<br>using the shared secret between NAS and radius server , in this case ,"testing123". <br>
    While sending "chap" packets <span style="font-weight: bold;">without</span> the  "eap_message" and "Message_authenticator" gets "<span style="font-weight: bold;">Access request</span>
" , sending packets like above gets  response from radius server as follow:<br>    rad_recv: Access-Request packet from host <a href="http://202.117.7.223:1408">202.117.7.223:1408</a>, id=1, length=73<br>    Received packet from 
<a href="http://202.117.7.223">202.117.7.223</a> with invalid Message-Authenticator!  (Shared secret is incorrect.)<br>    Server rejecting request 1.<br>    Finished request 1<br>    Going to the next request<br>    --- Walking the entire request list ---
<br>    Waking up in 1 seconds...<br>    --- Walking the entire request list ---<br>    Waking up in 1 seconds...<br>    --- Walking the entire request list ---<br>    Sending Access-Reject of id 1 to <a href="http://202.117.7.223:1408">
202.117.7.223:1408</a><br><br>    Segmentations of the "Radiusd -X " are as follow:<br>    ...<br>    Module: Loaded eap<br>    eap: default_eap_type = "md5"<br>    eap: timer_expire = 60<br>    eap: ignore_unknown_eap_types = no
<br>    eap: cisco_accounting_username_bug = no<br>    rlm_eap: Loaded and initialized type md5<br>    rlm_eap: Loaded and initialized type leap<br>    ...<br>    Can the "eap_message" attribute  be set randomly, in my packets, "pdsicygx"?  Is it right to calculate "Message_authenticator" as I did?
<br>   <br><br>Regards<br>Guoxian<br><br>