"jason" <[EMAIL PROTECTED]> wrote: > Not to beat this into the ground, but I've got some NAS's that evoce > "invalid signature" errors on accounting packets to my radius server. Where > would I, start looking to figure this out?
Double check the shared secrets on the NAS and the server. Then verify that the NAS is sending properly signed packets. Some NAS boxes send accounting packets with BAD signatures, which is *really* stupid. The vendors helpfully do NOT provide ways of fixing this, so the only solution is to turn off the code checking the signature. > Is the signature some sort of value in the dictionary? Or is it in > a particular section of code? The signature checking is in src/lib/radius.c > And how similar is freeradius to cistron in both code style and > dictionary, because the afformentioned NAS's seem to work well with > Cistron. Thanks Hmm... are you *sure* then that the message is "invalid signature"? Maybe it's "invalid Message-Authenticator". If so, see 'doc/ascend'. Cistron doesn't support the Message-Authenticator attribute, so it wouldn't notice any problem. You can try using the 'radclient' program from FreeRADIUS to send accounting packets to Cistron, and verify that they're understood. You can also try using the 'radclient' program from Cistron to send accounting packets to FreeRADIUS, too. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
