radclient and Message-Authenticator validation

Alan DeKok aland at deployingradius.com
Mon May 7 18:34:15 CEST 2012

Jouni Malinen wrote:
> It looks like the Message-Authenticator validation done by radclient for
> Disconnect-ACK/NAK and CoA-ACK/NAK messages does not match with the
> mechanism described in RFC 5176. Message-Authenticator is generated
> correctly for Disconnect-Request and CoA-Request, but I needed to modify
> rad_verify() to get this matching with the code I'm writing for hostapd.

  It looks like a bug.

> The following change was enough to make this interoperate with my
> hostapd implementation.

  I've added the patch, thanks.

  Alan DeKok.

More information about the Freeradius-Devel mailing list