Hello, So I was finally able to try this.. and it didn’t work out of the box.. I had to add a “StripFromReply Message-Authenticator” too .. otherwise it added the Message-Authenticator anyway..
But yes it fixed the issue with the device I had problems with.. --- Med vänlig hälsning Patrik Forsberg From: radiator <[email protected]> On Behalf Of Patrik Forsberg via radiator Sent: Thursday, September 12, 2024 9:35 AM To: Heikki Vatiainen <[email protected]>; [email protected] Subject: Re: [RADIATOR] move Message-Authenticator to the top ? Thank you, if it fixes the issue I'll get back to you with vendor and model :) --- Best regards, Patrik ________________________________ Från: radiator <[email protected]<mailto:[email protected]>> på uppdrag av Heikki Vatiainen via radiator <[email protected]<mailto:[email protected]>> Skickat: onsdag, september 11, 2024 9:48:49 PM Till: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> Ämne: Re: [RADIATOR] move Message-Authenticator to the top ? On 11.9.2024 14.00, Patrik Forsberg wrote: > Follow up question on this .. is there a way to disable sending the > Message-Authenticator attribute ? .. I know I know but I think I ran into a > device that actually _hate_ this attribute for some weird reason.. at least > it worked prior to upgrading and now it doesn't .. so at least to exclude > this possibility it would be good to be able to remove it without degrading > Radiator.. See if this works: <Client 127.0.0.1> Identifier loopback-client Secret mysecret </Client> <Handler> <AuthBy FILE> Filename %D/users </AuthBy> PostAuthHook sub { my $p = ${$_[0]}; \ $p->{rp}->{skip_message_authenticator} = 1 \ if $p->{Client}->{Identifier} eq 'loopback-client'; } </Handler> The idea is to see if the request was received from a problematic client. If it was, then the reply is tagged with a special flag that suppresses Message-Authenticator. This is sometimes needed for odd Radius dynauth servers etc. This flag should be considered an internal flag and if the need for a configuration option arises then we can consider it. However, it should allow you to check if it makes the client work again. Please let me know if you can tell what's the device in question. Thanks, Heikki -- Heikki Vatiainen Radiator Software, makers of Radiator Visit radiatorsoftware.com for Radiator AAA server software _______________________________________________ radiator mailing list [email protected]<mailto:[email protected]> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.open.com.au%2Fmailman%2Flistinfo%2Fradiator&data=05%7C02%7Cpatrik.forsberg%40globalconnect.se%7C39c9543d5fe243af827408dcd29abedc%7Cdfbb0d3b8276458197a42b844a84ea35%7C0%7C0%7C638616809295423648%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=PHYfC7uVzhZQ37yzNkEf7VaPHlcDWd50W3l7ZYIBF%2FU%3D&reserved=0<https://lists.open.com.au/mailman/listinfo/radiator>
_______________________________________________ radiator mailing list [email protected] https://lists.open.com.au/mailman/listinfo/radiator
