bug in rlm_ldap?

Dusty Doris freeradius at mail.doris.cc
Fri Dec 16 17:36:01 CET 2005


>
> Thank you, I got it and already tried that attribute. The behaviour is a bit 
> better, but does not really lead to the desired result, as the client gets 
> an:
> Incoming RADIUS packet did not have correct Message-Authenticator - dropped


Well, at least you've got the ldap part working.  The 
message-authenticator shouldn't have anything to do with ldap.  It has to 
do with the packet between the radius server and the nas.

> Seems ok, but unfortunately on the other side, the result is not that good. 
> Alan proposed eapol_test recently for testing of such connections(thank you, 
> very usefull) and this tool shows me:
> ...
> Received RADIUS message
> RADIUS message: code=2 (Access-Accept) identifier=0 length=38
>  Attribute 64 (?Unknown?) length=6
>  Attribute 65 (?Unknown?) length=6
>  Attribute 81 (?Unknown?) length=6
> STA 00:00:00:00:00:02: Received RADIUS packet matched with a pending request, 
> round trip time 0.15 sec
> No Message-Authenticator attribute found
> Incoming RADIUS packet did not have correct Message-Authenticator - dropped
> STA 00:00:00:00:00:02: No RADIUS RX handler found (type=0 code=2 id=0) - 
> dropping packet
> EAPOL: startWhen --> 0
> EAPOL test timed out
> MPPE keys OK: 0  mismatch: 1
> FAILURE
>

I can't help on this part.  I'd start a new thread with that error, so the 
subject line might draw some attention from someone that can.




More information about the Freeradius-Users mailing list