Doubt about RADIUS server errors.
Alan DeKok
aland at deployingradius.com
Thu Feb 15 14:56:16 CET 2007
raghavendra.sadaramachandra at wipro.com wrote:
> Hi All,
>
> I am using free radius server with dot1X. and supplicant is on
> windows XP. Here when I use user name <= 3 letters I am getting
> following error...
>
> * 1.* *Received packet from 192.168.112.90 with invalid
> Message-Authenticator! (Shared secret is incorrect.)*
Then the shared secret is incorrect.
> and for user name <=3 my client is getting following error.
>
> *2. **Malformed RADIUS packet from host 192.168.0.1: too short
> (length 17 < minimum 20).*
Then the RADIUS client is broken. It's not sending RADIUS packets.
> where as radius RFC say... user name length can be >= 3.
Read the RFC's again. RADIUS packets MUST be 20 bytes or more.
Either the RADIUS client you're using is completely broken, or you're
sending non-RADIUS packets to the RADIUS server.
> I mean first we are getting related to message-authenticator where as we
> are passing username with length <=3. and second error my client getting
> is related to packet length...another interesting thing is we get these
> *errors only for PEAP *configuration.... this will work for MD5 and others.
If that's true, then the client is broken.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Users
mailing list