bug in rlm_ldap?
Dusty Doris
freeradius at mail.doris.cc
Fri Dec 16 17:36:01 CET 2005
>
> Thank you, I got it and already tried that attribute. The behaviour is a bit
> better, but does not really lead to the desired result, as the client gets
> an:
> Incoming RADIUS packet did not have correct Message-Authenticator - dropped
Well, at least you've got the ldap part working. The
message-authenticator shouldn't have anything to do with ldap. It has to
do with the packet between the radius server and the nas.
> Seems ok, but unfortunately on the other side, the result is not that good.
> Alan proposed eapol_test recently for testing of such connections(thank you,
> very usefull) and this tool shows me:
> ...
> Received RADIUS message
> RADIUS message: code=2 (Access-Accept) identifier=0 length=38
> Attribute 64 (?Unknown?) length=6
> Attribute 65 (?Unknown?) length=6
> Attribute 81 (?Unknown?) length=6
> STA 00:00:00:00:00:02: Received RADIUS packet matched with a pending request,
> round trip time 0.15 sec
> No Message-Authenticator attribute found
> Incoming RADIUS packet did not have correct Message-Authenticator - dropped
> STA 00:00:00:00:00:02: No RADIUS RX handler found (type=0 code=2 id=0) -
> dropping packet
> EAPOL: startWhen --> 0
> EAPOL test timed out
> MPPE keys OK: 0 mismatch: 1
> FAILURE
>
I can't help on this part. I'd start a new thread with that error, so the
subject line might draw some attention from someone that can.
More information about the Freeradius-Users
mailing list