problem with radclient
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Wed Oct 17 23:57:07 CEST 2012
On 17 Oct 2012, at 11:31, Vladimir Grujić <Vladimir.Grujic at oriontelekom.rs> wrote:
>
> ________________________________________
> From: freeradius-devel-bounces+vladimir.grujic=oriontelekom.rs at lists.freeradius.org [freeradius-devel-bounces+vladimir.grujic=oriontelekom.rs at lists.freeradius.org] on behalf of Arran Cudbard-Bell [a.cudbardb at freeradius.org]
> Sent: Wednesday, October 17, 2012 12:15 PM
> To: FreeRadius developers mailing list
> Subject: Re: problem with radclient
>
> On 17 Oct 2012, at 10:48, Vladimir Grujić <Vladimir.Grujic at oriontelekom.rs> wrote:
>
>> I am just pointing out that this is not occurring when packet is sent directly over wire without PACKET-Src-IP-Address mangling over originating ip on another setup (same binaries) to the same nas.
>
> ... so the NAS probably doesn't have the correct shared secret associated with the src IP address in the packet. Check your traces to see that it's set to what you expect.
>
> if packet is created to come from PACKET-Src-Ip-Address then i have the correct secret.
Have you verified it does? Without going through the code i'm not even sure if specifying Packet-Src-IP-Address is supported, can you point to documentation that says this?
>
> In your attribute list include the AVP:
>
> Message-Authenticator = 0x00
>
> your NAS will probably stop responding to disconnect requests (if it actually validates the Message-Authenticator).
>
> It responded with an Disconnect-ACK again
>
It may not be validating the message authenticator. If you change the shared secret (and include the Message-Authenticator) does it still respond with Disconnect-Ack?
-Arran
More information about the Freeradius-Devel
mailing list