Message-Authenticator and Proxy
Alan DeKok
aland at ox.org
Mon Aug 8 04:39:08 CEST 2005
"Xavier" <xavee2004 at yahoo.fr> wrote:
> When FR poxies the request, it resets the Message-Authenticator attribute to
> zero in a Access-Request packet.
What you see in debug mode, is that the message authentictor is
always xero. This is simply because it's printed out before it's
calculated. Call it a minor bug in the debug output.
> therefore the radius server (third party) answers sometimes Accept and
> sometimes reject.
That doesn't make sense. If the Message-Authenticator is wrong,
then the other server will *always* reject the Access-Request packets
sent by the FreeRADIUS.
> In order to solve this problem I need to know if FreeRADIUS has the good
> behaviour.
FreeRADIUS works, and it calculates the Message-Authenticator
correctly. Look at the logs on the other server to see why the packet
is being rejected.
> I tried also to suppress the Message-Authenticator attribute with the
> attr_rewrite module, but I didn't manage to.
You can't. It's calculated automatically.
> Below is the debug output of FreeRADIUS :
...
That's nice. What does the OTHER server say?
Alan DeKok.
More information about the Freeradius-Users
mailing list