f0rud wrote: > I found the "calc_replydigest" function in radius.c always return 2 > (digest_cmp failed) Since this function is new in code , then its the > problem and the diff. with version 1.x
The "digest_cmp" is failing because the packet is wrong. Try the old code from an earlier version of radius.c. It will *also* fail to authenticate the packet. > For fixing my problem, I just by pass this test for PW_DISCONNECT_ACK > (not a good idea I know but what else I can do?) and now its fine for my > problem. Or, you could ask the NAS vendor to implement RADIUS properly. > I see the code for another messages (for ex: PW_AUTHENTICATION_REQUEST) > you just ignore the code, Uh... no. It does not do that. > so why this one(PW_DISCONNECT_ACK) "must" be > checked? if some one want to do "timing attack" then can use this > message(PW_AUTHENTICATION_REQUEST) so by checking just some message its > not "safe". That is not true. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
