FreeRadius Proxying and Message-Authenticator
Paolo Rotela
paolo.rotela at bluetelecom.com
Tue Sep 13 23:40:01 CEST 2005
Hi. I've downloaded FR 1.0.5 whch is supposed to have a bugfix for
Message-Authenticator handling in Accounting-* messages.
I've tested with radclient, and I'm still having trouble with this
attribute. I've posted about it.
After that, I upgraded my FreeRADIUS production server with the new 1.0.5,
to see if proxying request it can handle ok the attribute, but I'm still
having the same results.
The scenario is like this: I'm receiving Accounting packets from a Cisco
AS5300 with a FR server (now it's 1.0.5). From those, I'm forwarding some
realms to certain customers. There is only one, wich is using Cisco Secure
ACS, in wich this is happening. AS5300 sends the Accounting-request packet,
FR receives and forwards it (in the detail file I don't see any
Message-Authenticator attribute set), ACS receives it and replies with an
Accounting-response with a Message-authenticator attribute set. FR receives
it and discards it with error:
Error: Received packet from <IP address hidden> with invalid
Message-Authenticator! (Shared secret is incorrect.)
I'am missing something?
Any help will be very appreciated.
Eng. Paolo Rotela
CTO
Blue Telecom
More information about the Freeradius-Users
mailing list