raghavendra.sadaramachandra@wipro.com wrote:
Hi All,
I am using free radius server with dot1X. and supplicant is on windows XP. Here when I use user name <= 3 letters I am getting following error...
* 1.* *Received packet from 192.168.112.90 with invalid Message-Authenticator! (Shared secret is incorrect.)*
Then the shared secret is incorrect.
and for user name <=3 my client is getting following error.
*2. **Malformed RADIUS packet from host 192.168.0.1: too short (length 17 < minimum 20).*
Then the RADIUS client is broken. It's not sending RADIUS packets.
where as radius RFC say... user name length can be >= 3.
Read the RFC's again. RADIUS packets MUST be 20 bytes or more. Either the RADIUS client you're using is completely broken, or you're sending non-RADIUS packets to the RADIUS server.
I mean first we are getting related to message-authenticator where as we are passing username with length <=3. and second error my client getting is related to packet length...another interesting thing is we get these *errors only for PEAP *configuration.... this will work for MD5 and others.
If that's true, then the client is broken. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog