"Xavier" <xavee2004@yahoo.fr> wrote:
When FR poxies the request, it resets the Message-Authenticator attribute to zero in a Access-Request packet.
What you see in debug mode, is that the message authentictor is always xero. This is simply because it's printed out before it's calculated. Call it a minor bug in the debug output.
therefore the radius server (third party) answers sometimes Accept and sometimes reject.
That doesn't make sense. If the Message-Authenticator is wrong, then the other server will *always* reject the Access-Request packets sent by the FreeRADIUS.
In order to solve this problem I need to know if FreeRADIUS has the good behaviour.
FreeRADIUS works, and it calculates the Message-Authenticator correctly. Look at the logs on the other server to see why the packet is being rejected.
I tried also to suppress the Message-Authenticator attribute with the attr_rewrite module, but I didn't manage to.
You can't. It's calculated automatically.
Below is the debug output of FreeRADIUS : ...
That's nice. What does the OTHER server say? Alan DeKok.