Mikrotik Dissconect

Alan DeKok aland at deployingradius.com
Thu Jun 10 14:12:44 CEST 2010

f0rud wrote:
> I found the "calc_replydigest" function in radius.c always return 2
> (digest_cmp failed) Since this function is new in code , then its the
> problem and the diff. with version 1.x

  The "digest_cmp" is failing because the packet is wrong.

  Try the old code from an earlier version of radius.c.  It will *also*
fail to authenticate the packet.

> For fixing my problem, I just by pass this test for PW_DISCONNECT_ACK
> (not a good idea I know but what else I can do?) and now its fine for my
> problem.

  Or, you could ask the NAS vendor to implement RADIUS properly.

> I see the code for another messages (for ex: PW_AUTHENTICATION_REQUEST)
> you just ignore the code,

  Uh... no.  It does not do that.

> so why this one(PW_DISCONNECT_ACK) "must" be
> checked? if some one want to do "timing attack" then can use this
> message(PW_AUTHENTICATION_REQUEST) so by checking just some message its
> not "safe".

  That is not true.

  Alan DeKok.

More information about the Freeradius-Users mailing list