radclient and Message-Authenticator validation
aland at deployingradius.com
Mon May 7 18:34:15 CEST 2012
Jouni Malinen wrote:
> It looks like the Message-Authenticator validation done by radclient for
> Disconnect-ACK/NAK and CoA-ACK/NAK messages does not match with the
> mechanism described in RFC 5176. Message-Authenticator is generated
> correctly for Disconnect-Request and CoA-Request, but I needed to modify
> rad_verify() to get this matching with the code I'm writing for hostapd.
It looks like a bug.
> The following change was enough to make this interoperate with my
> hostapd implementation.
I've added the patch, thanks.
More information about the Freeradius-Devel