Bill, All versions of the BAY software prior to 18.0.2 are broken in regards to the Message-Authenticator. They send a strictly MD5 encoded secret instead of the encoding required by the RFC. This has been fixed in 18.0.2 and only 18.0.2.
Tim Mayo Bill Campbell wrote: > > On Fri, Oct 26, 2001 at 05:39:18PM -0400, [EMAIL PROTECTED] wrote: > >Bill Campbell <[EMAIL PROTECTED]> wrote: > >> I'm having a problem getting an Annex 8000 running software version R16.0 > >> to authenticate against freeradius 0.3. This Annex is talking to the > >> accounting side fine so the secrets have to agree, but when I try to > >> authenticate, I get: > >> Received packet from xxx.xxx.xxx.xxx with invalid Message-Authenticator! > >> > >> This Annex is working against Merit basic radius 3.6. > > > > Probably because Merit isn't checking the Message-Authenticator. > > OK. After further checking, I've determined that the secret's OK (no > surprise since accounting's working). I played with a few things including > setting the calc_auth_vector and msg_auth_vector areas to zero, and > changing the length of the memcmp test to AUTH_VECTOR_LEN to be consistent > with all the other tests. None of these kept it from coming up with the > invalid Message-Authenticator error. > > My next step was to ifdef out the test entirely which of course got rid of > the error message, and authentication now works. > > My main question now is why is this happening? There's one attribute with > a value of 80 in dictionary.bay. I don't see why this would be sent > during authentication. > > #VALUE Annex-Connect-Progress IPXCP-Is-In-Open-State 80 > > Bill > -- > INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC > UUCP: camco!bill PO Box 820; 6641 E. Mercer Way > FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676 > URL: http://www.celestial.com/ > > ``Nobody wants to be called common people, especially common people.'' > Will Rogers > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- --------------------------------- Timothy L. Mayo mailto:[EMAIL PROTECTED] Chief Technical Officer The National Business Network Inc. localconnect(sm) http://www.localconnect.net/ The National Business Network Inc. http://www.nb.net/ One Monroeville Center, Suite 850 Monroeville, PA 15146 (412) 810-8888 Phone (412) 810-8886 Fax - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
