On 11/12/2012 05:28 PM, Renfer Stefan wrote: > According to the RFC2869 the Message-Authenticator is defined as
> Message-Authenticator = HMAC-MD5 (Type, Identifier, Length, Request > Authenticator, Attributes) Hello Stefan, yes, you are correct. It's the Radiator packet dump output that is causing the unexpected value you are seeing. > And therefore the Message-Authenticator should be recalculate on a proxy > as some of those are different, but it doesn’t as you can see in the > logs below: The log shows the received Message-Authenticator is unchanged when the request is proxied. What the packet dump shows the values in the format they are handled by Radiator. For example, NAS-Port-Type has a human readable text value instead of numeric value, the attributes are shown as they were received and so on. Before sending, these values are converted into appropriate binary format and the Message-Authenticator value is only recalculated for the binary presentation. If you look at the proxied packet, you will see the Message-Authenticator in its final format which is different from what the dump shows. In other words, the dumped valued is not the proxied, recalculated value. However, if it looks like there are problems with Message-Authenticator, please let us know. Thanks, Heikki -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
