accepting clients with expired certificates
Norbert Wegener
norbert.wegener at siemens.com
Tue Aug 28 15:26:48 CEST 2007
Alan DeKok wrote:
> ...
>>
>> Incoming RADIUS packet did not have correct Message-Authenticator - dropped
>> message
>> on the client side.
>>
>
> Try adding a Message-Authenticator to the reply. Any value will do,
> as it will be re-calculated when the packet is sent.
>
freeradius now sends a Message-Authenticator with value 0x00:
rad_check_password: Auth-Type = Accept, accepting the user
Sending Access-Accept of id 0 to 156.215.207.190 port 58366
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Type:0 = VLAN
Tunnel-Private-Group-Id:0 = "VL-G-DE-GU14-0001"
Message-Authenticator <BARE-WORD> 0x00000000000000000000000000000000
Finished request 0
but there seems to be a problem on the other end, as eapol_test shows:
STA 00:00:00:00:00:02: Received RADIUS packet matched with a pending
request, round trip time 0.05 sec
RADIUS packet matching with station
could not extract EAP-Message from RADIUS message
EAPOL: startWhen --> 0
EAPOL test timed out
MPPE keys OK: 0 mismatch: 1
FAILURE
freeradius version is 1.1.6
Norbert Wegener
--
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Norbert Wegener
Siemens AG Siemens IT Solutions and Services
SBS GO GIO NW PSU2
Kruppstr. 16
D-46128 Essen, Germany
Phone : +49 (0) 201 816-3116
Fax. : +49 (0) 201 816-5581284
mailto:norbert.wegener at siemens.com
Siemens Aktiengesellschaft: Vorsitzender des Aufsichtsrats: Gerhard Cromme
Vorstand: Peter Löscher, Vorsitzender; Johannes Feldmayer, Heinrich Hiesinger, Joe Kaeser, Rudi Lamprecht, Eduardo Montes, Jürgen Radomski, Erich R. Reinhardt, Hermann Requardt, Uriel J. Sharef, Klaus Wucherer
Sitz der Gesellschaft: Berlin und München; Registergericht: Berlin Charlottenburg, HRB 12300, München, HRB 6684 WEEE-Reg.-Nr. DE 23691322
More information about the Freeradius-Users
mailing list