freeradius 1.1.1 does not make on 64 bit intel platfrom
Hi all. I am trying to install freeradius 1.1.1 on a 64 bit intel platform. I get the ffg error : rm -fr .libs/rlm_counter.la .libs/rlm_counter.* .libs/rlm_counter-1.1.1.* gcc -shared rlm_counter.lo -Wl,--rpath -Wl,/usr/software/freeradius-1.1.1/src/lib/.libs -Wl,--rpath -Wl,/usr/local/lib /usr/software/freeradius-1.1.1/src/lib/.libs/libradius.so /usr/lib/libgdbm.so -lnsl -lresolv -lpthread -Wl,-soname -Wl,rlm_counter-1.1.1.so -o .libs/rlm_counter-1.1.1.so /usr/lib/libgdbm.so: could not read symbols: Invalid operation collect2: ld returned 1 exit status gmake[6]: *** [rlm_counter.la] Error 1 Please indicate how to install freeradius 1.1.1 on a 64 bit platform ? \ This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link http://www.vodacom.co.za/legal/email.jsp - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius ip allocation.
Is it possible to use freeradius to dynamically allocate ip adrreses from predefined pools. I want to assign an ip address from a specific set of pools, which pool to use is to be determined by the NAS Identifier the Called-Station-Id of the AccessRequest. Also to throw another complication in, these ip's should be consistent over 3 radius servers that are load balanced. Thanks This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link http://www.vodacom.co.za/legal/email.jsp - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Optimizing freeradius for very high loads
Good day. I have freeradius running on a Dual P4 server with 4GB Ram. I am using freeradius to service clients. I require performance of 200tps. I am having a problem where many clients do not get responses for authentication messages. Monitoring my cpu and memory load during busy periods, my cpu max utilization is only 10% used, 90%idle. There is also enough memory. How can I optimize freeradius to increase the tps handling capability ? Thanks Ashwin Gobind This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link http://www.vodacom.co.za/legal/email.jsp - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius 1.0.5 installation on Suse 64 biut platform
Good day. I am having a problem installing freeradius on Suse Linux. I am using a 64 bit AMD dual core platform. Please see the log below : -module -export-dynamic \ -o rlm_counter.la -rpath /usr/local/lib rlm_counter.lo -lgdbm -lssl -lcrypto -lnsl -lresolv -lpthread rm -fr .libs/rlm_counter.la .libs/rlm_counter.* .libs/rlm_counter-1.0.5.* gcc -shared rlm_counter.lo /usr/lib/libgdbm.so -lssl -lcrypto -lnsl -lresolv -lpthread -Wl,-soname -Wl,rlm_counter-1.0.5.so -o .libs/rlm_counter-1.0.5.so /usr/lib/libgdbm.so: could not read symbols: Invalid operation collect2: ld returned 1 exit status gmake[6]: *** [rlm_counter.la] Error 1 gmake[6]: Leaving directory `/usr/software/freeradius-1.0.5/src/modules/rlm_counter' gmake[5]: *** [common] Error 2 gmake[5]: Leaving directory `/usr/software/freeradius-1.0.5/src/modules' gmake[4]: *** [all] Error 2 gmake[4]: Leaving directory `/usr/software/freeradius-1.0.5/src/modules' gmake[3]: *** [common] Error 2 gmake[3]: Leaving directory `/usr/software/freeradius-1.0.5/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/usr/software/freeradius-1.0.5/src' gmake[1]: *** [common] Error 2 gmake[1]: Leaving directory `/usr/software/freeradius-1.0.5' make: *** [all] Error 2 This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link http://www.vodacom.net/legal/email.aspx - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem installing freeradius 1.0.1 or 1.05 on 64 bit platform
Good day I am attempting to install freeradius on a 64 bit platform with Suse Linux 9. However I get the following error during make. What maybe the problem ? /usr/software/freeradius-1.0.1/libtool --mode=link gcc -release 1.0.1 \ -module -export-dynamic -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -Wall -D_GNU_SOURCE -g -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -W -Wredundant-decls -Wundef -I../../include \ -o rlm_counter.la -rpath /usr/local/lib rlm_counter.lo -lgdbm -lnsl -lresolv -lpthread -lcrypto -lssl rm -fr .libs/rlm_counter.la .libs/rlm_counter.* .libs/rlm_counter-1.0.1.* gcc -shared rlm_counter.lo /usr/lib/libgdbm.so -lnsl -lresolv -lpthread -lcrypto -lssl -Wl,-soname -Wl,rlm_counter-1.0.1.so -o .libs/rlm_counter-1.0.1.so /usr/lib/libgdbm.so: could not read symbols: Invalid operation collect2: ld returned 1 exit status gmake[6]: *** [rlm_counter.la] Error 1 gmake[6]: Leaving directory `/usr/software/freeradius-1.0.1/src/modules/rlm_counter' gmake[5]: *** [common] Error 1 gmake[5]: Leaving directory `/usr/software/freeradius-1.0.1/src/modules' gmake[4]: *** [all] Error 2 gmake[4]: Leaving directory `/usr/software/freeradius-1.0.1/src/modules' gmake[3]: *** [common] Error 1 gmake[3]: Leaving directory `/usr/software/freeradius-1.0.1/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/usr/software/freeradius-1.0.1/src' gmake[1]: *** [common] Error 1 gmake[1]: Leaving directory `/usr/software/freeradius-1.0.1' make: *** [all] Error 2 This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link http://www.vodacom.net/legal/email.aspx - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Packet of Disconnect
Can freeradius handle a Disconnect Request (Attribute 40). If so how ? This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link http://www.vodacom.net/legal/email.aspx - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Proxy of accounting message (Ashwin Gobind)
Radiator required a valid Authenticator to be part of the Accouning Request. I am proxying from freeradius to radiator. How can this be resolved ? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 30 September 2005 06:12 PM To: freeradius-users@lists.freeradius.org Subject: Freeradius-Users Digest, Vol 5, Issue 103 Send Freeradius-Users mailing list submissions to freeradius-users@lists.freeradius.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.freeradius.org/mailman/listinfo/freeradius-users or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than Re: Contents of Freeradius-Users digest... Today's Topics: 1. RE: Proxy of accounting message (Ashwin Gobind) 2. EAP-PEAP-MSCHAPv2: use_tunneled_reply = yes (Bjarni Hardarson) 3. Re: freeradius and MS SQL -- anyone got it working? (Duane Cox) 4. Re: Expose RADIUS packet's identifier (James J J Hooper) 5. Re: Segmentation Fault - 1.0.5 (Alan DeKok) 6. Re: SSL3_GET_CLIENT_KEY_EXCHANGE (Alan DeKok) 7. Re: freeradius and MS SQL -- anyone got it working? (Alan DeKok) 8. Re: Proxy of accounting message (Alan DeKok) -- Message: 1 Date: Fri, 30 Sep 2005 14:39:18 +0200 From: Ashwin Gobind [EMAIL PROTECTED] Subject: RE: Proxy of accounting message To: freeradius-users@lists.freeradius.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii Thanks nick. However when I proxy the message, the message-authenticator field has an INVAILID TOKEN (see trace below). Why is this Sending Accounting-Request of id 1 to 10.113.46.170:1813 Acct-Status-Type = Start Service-Type = Framed-User Called-Station-Id = vlive Framed-Protocol = GPRS-PDP-Context Framed-Protocol = GPRS-PDP-Context Acct-Delay-Time = 5 Calling-Station-Id = 27829800729 NAS-Identifier = GMC-GGSN0-13-2 Acct-Session-Id = 20050529 User-Name = 27829800729 User-Name = 27829800729 NAS-Port = 6000 NAS-Port-Type = Virtual NAS-IP-Address = 10.111.14.46 Message-Authenticator INVALID-TOKEN 0x Proxy-State = 0x30 This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link http://www.vodacom.net/legal/email.aspx -- Message: 2 Date: Fri, 30 Sep 2005 14:51:25 +0200 From: Bjarni Hardarson [EMAIL PROTECTED] Subject: EAP-PEAP-MSCHAPv2: use_tunneled_reply = yes To: freeradius-users@lists.freeradius.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii Hi all, I'm using FreeRADIUS with Cisco 1200 Series Access points for dynamic VLAN assignment. When i set use_tunneled_reply = yes for PEAP i get an Access-Challenge with the correct attributes but the final Access-Accept has no attributes and the User-Name is the anonymous one from the outer tunnel. This username is then used by the AP for accounting. Is this by design or is my configuration wrong? Partial debug, Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 24 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 rlm_eap: Freeing handler modcall[authenticate]: module eap returns ok for request 24 modcall: group authenticate returns ok for request 24 PEAP: Got tunneled reply RADIUS code 2 User-Name = radtest Tunnel-Private-Group-Id:0 = 310 Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Type:0 = VLAN EAP-Message = 0x03080004 Message-Authenticator = 0x PEAP: Processing from tunneled session code 0x818f508 2 User-Name = radtest Tunnel-Private-Group-Id:0 = 310 Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Type:0 = VLAN EAP-Message = 0x03080004 Message-Authenticator = 0x PEAP: Tunneled authentication was successful. rlm_eap_peap: SUCCESS modcall[authenticate]: module eap returns handled for request 24 modcall: group authenticate returns handled for request 24 Sending Access-Challenge of id 8 to 127.0.0.1:33229 User-Name = radtest Tunnel-Private-Group-Id:0 = 310 Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Type:0 = VLAN Message-Authenticator = 0x EAP-Message = 0x010900501900170301002079fdf7026cf88ffd8c978e4fb62290b4d4f4a1596c767f55 7ada bdaf51b7437d17030100209a1de8e9b88b4654d03b0754d4f5a04887b57b329c94a6494e f84d 2bf74f294c State = 0x3c86d1f16a6312263ae7a01dbfc81a28
RE: Proxy accounting message
But doesn't this mean there has to be a realm in the username eg [EMAIL PROTECTED] The problem is the user-name attribute does not contain a realm. Is it still possible to proxy the accounting start and stop messages originating from as certain NAS-IP-ADDRESS. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 29 September 2005 06:22 PM To: freeradius-users@lists.freeradius.org Subject: Freeradius-Users Digest, Vol 5, Issue 98 Send Freeradius-Users mailing list submissions to freeradius-users@lists.freeradius.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.freeradius.org/mailman/listinfo/freeradius-users or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than Re: Contents of Freeradius-Users digest... Today's Topics: 1. Proxy of Accounting Requests (Ashwin Gobind) 2. Re: Proxy of Accounting Requests (Nicolas Baradakis) 3. RE: Proxy of Accounting Requests (Jonathan De Graeve) 4. Re: LDAP and groups (Dusty Doris) 5. Re: LDAP and groups (Kenneth Grady) 6. Re: SSL3_GET_CLIENT_KEY_EXCHANGE (Juan Daniel Moreno) 7. (no subject) ([EMAIL PROTECTED]) 8. Postgresql+freeradius configuration ([EMAIL PROTECTED]) -- Message: 1 Date: Thu, 29 Sep 2005 12:18:37 +0200 From: Ashwin Gobind [EMAIL PROTECTED] Subject: Proxy of Accounting Requests To: freeradius-users@lists.freeradius.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii Good day. I am using freeradius 1.05 I want to proxy accounting requests originating from certain hosts to another server, how can I do this. Also I am using Jradius to handle accounting request. But this certain request I don't want JRadius to handle, but freeradius just to proxy it. Here is an example of the request Thanks Acct-Session-Id = C42EA2A31F96530 Framed-Protocol = GPRS-PDP-Context Called-Station-Id = vlive Calling-Station-Id = 27829800529 Framed-IP-Address = 10.19.128.6 3GPP-IMSI = 65501982252 3GPP-Charging-ID = 33121584 3GPP-PDP-Type = 0 3GPP-GGSN-Address = 196.46.162.163 3GPP-IMSI-MCC-MNC = 65501 3GPP-GGSN-MCC-MNC = 65501 3GPP-NSAPI = 5 3GPP-Selection-Mode = 0 3GPP-Charging-Gateway-Address = 10.25.0.10 3GPP-GPRS-Negotiated-QoS-profile = 99-23931F9396979774FB0808 3GPP-SGSN-Address = 196.6.254.49 User-Name = 27829800529 Cisco-AVPair = connect-progress=Call Up Acct-Authentic = RADIUS Acct-Status-Type = Start NAS-Port-Type = Virtual Cisco-NAS-Port = GGSN NAS-Port = 6 Class = [Binary Data] Service-Type = Framed-User NAS-IP-Address = 10.31.1.122 NAS-Identifier = GMC-GGSN0-12-2 Acct-Delay-Time = 0 Client-IP-Address = 10.113.60.6 Acct-Unique-Session-Id = b30a3d4d494c8a87 This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link http://www.vodacom.net/legal/email.aspx -- Message: 2 Date: Thu, 29 Sep 2005 13:55:16 +0200 From: Nicolas Baradakis [EMAIL PROTECTED] Subject: Re: Proxy of Accounting Requests To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii Ashwin Gobind wrote: I want to proxy accounting requests originating from certain hosts to another server, how can I do this. You could add something like this in file acct_users: DEFAULT Client-IP-Address == 10.0.0.1, Proxy-To-Realm := realm1 DEFAULT Client-IP-Address == 10.0.0.2, Proxy-To-Realm := realm2 -- Nicolas Baradakis -- Message: 3 Date: Thu, 29 Sep 2005 15:56:33 +0200 From: Jonathan De Graeve [EMAIL PROTECTED] Subject: RE: Proxy of Accounting Requests To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii Can you also do this in SQL? J. -- Jonathan De Graeve Network/System Administrator Imelda vzw Informatica Dienst 015/50.52.98 [EMAIL PROTECTED] - Always read the manual for the correct way to do things because the number of incorrect ways to do things is almost infinite - -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Nicolas Baradakis Verzonden: donderdag 29 september 2005 13:55 Aan: FreeRadius users mailing list Onderwerp: Re: Proxy of Accounting Requests Ashwin Gobind wrote: I want to proxy accounting requests originating from certain hosts to another server, how can I do this. You could add something like this in file acct_users: DEFAULT Client-IP-Address == 10.0.0.1, Proxy-To-Realm := realm1 DEFAULT Client-IP-Address == 10.0.0.2, Proxy-To-Realm := realm2 -- Nicolas Baradakis - List info/subscribe
RE: Proxy of accounting message
Thanks nick. However when I proxy the message, the message-authenticator field has an INVAILID TOKEN (see trace below). Why is this Sending Accounting-Request of id 1 to 10.113.46.170:1813 Acct-Status-Type = Start Service-Type = Framed-User Called-Station-Id = vlive Framed-Protocol = GPRS-PDP-Context Framed-Protocol = GPRS-PDP-Context Acct-Delay-Time = 5 Calling-Station-Id = 27829800729 NAS-Identifier = GMC-GGSN0-13-2 Acct-Session-Id = 20050529 User-Name = 27829800729 User-Name = 27829800729 NAS-Port = 6000 NAS-Port-Type = Virtual NAS-IP-Address = 10.111.14.46 Message-Authenticator INVALID-TOKEN 0x Proxy-State = 0x30 This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link http://www.vodacom.net/legal/email.aspx - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Proxy of Accounting Requests
Good day. I am using freeradius 1.05 I want to proxy accounting requests originating from certain hosts to another server, how can I do this. Also I am using Jradius to handle accounting request. But this certain request I don't want JRadius to handle, but freeradius just to proxy it. Here is an example of the request Thanks Acct-Session-Id = C42EA2A31F96530 Framed-Protocol = GPRS-PDP-Context Called-Station-Id = vlive Calling-Station-Id = 27829800529 Framed-IP-Address = 10.19.128.6 3GPP-IMSI = 65501982252 3GPP-Charging-ID = 33121584 3GPP-PDP-Type = 0 3GPP-GGSN-Address = 196.46.162.163 3GPP-IMSI-MCC-MNC = 65501 3GPP-GGSN-MCC-MNC = 65501 3GPP-NSAPI = 5 3GPP-Selection-Mode = 0 3GPP-Charging-Gateway-Address = 10.25.0.10 3GPP-GPRS-Negotiated-QoS-profile = 99-23931F9396979774FB0808 3GPP-SGSN-Address = 196.6.254.49 User-Name = 27829800529 Cisco-AVPair = connect-progress=Call Up Acct-Authentic = RADIUS Acct-Status-Type = Start NAS-Port-Type = Virtual Cisco-NAS-Port = GGSN NAS-Port = 6 Class = [Binary Data] Service-Type = Framed-User NAS-IP-Address = 10.31.1.122 NAS-Identifier = GMC-GGSN0-12-2 Acct-Delay-Time = 0 Client-IP-Address = 10.113.60.6 Acct-Unique-Session-Id = b30a3d4d494c8a87 This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link http://www.vodacom.net/legal/email.aspx - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
AccountingReq message authenticator
Hi. Is there anyway to generate a message authenticator for an accounting request packet. At the moment I am using JRadius, I need to send an accounting request message to another radius server. However after I add the message authenticator and send to to another server, the other server complains about Invalid message authenticator (Shared secret is incorrect). Here is some code : //Proxy request to the wap gateway DatagramSocket socket = new DatagramSocket(); socket.setSoTimeout(5000); //Generate authenticator MessageDigest md5 = MessageDigest.getInstance(MD5); md5.reset(); md5.update((byte)req.getCode()); md5.update((byte)req.getIdentifier()); int length = req.getBytes().length; byte [] authenticator = req.getAuthenticator(); byte [] attributeBytes = req.getAttributeBytes(req.getAttributes(),0); for (int z=0; z authenticator.length ; z++ ) RadiusLog.debug(Autenticator[+z+] Before = + authenticator[z]); RadiusLog.debug(Autenticator Length: + authenticator.length); RadiusLog.debug(Attributes Length: + attributeBytes.length); RadiusLog.debug(Paket Length: + length); String sharedSecret = testing123; md5.update((byte)(length 8)); md5.update((byte)(length 0xff)); md5.update(authenticator, 0, authenticator.length); md5.update(attributeBytes, 0, attributeBytes.length); md5.update(sharedSecret.getBytes()); req.overwriteAttribute(AttributeFactory.newAttribute(AttributeDictionary.MESSAGE_AUTHENTICATOR, authenticator)); System.arraycopy(md5.digest(), 0, authenticator, 0, 16); This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this linkhttp://www.vodacom.net/legal/email.aspx " - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius-Users Digest, Vol 5, Issue 91
If the message authenticator is all zeros, then I can send a request from one freeradius server to another with out any problems. The problem is when I user Radiator with freeradius sending accounting messages to it, it complains about Authentication failure. So I assumed that Radiator does not like a blank MA. Hence I tried to produce one and add it to the accounting packet before sending it to Radiator. However it still fails. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 28 September 2005 07:06 PM To: freeradius-users@lists.freeradius.org Subject: Freeradius-Users Digest, Vol 5, Issue 91 Send Freeradius-Users mailing list submissions to freeradius-users@lists.freeradius.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.freeradius.org/mailman/listinfo/freeradius-users or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than Re: Contents of Freeradius-Users digest... Today's Topics: 1. Re: AccountingReq message authenticator (Michael Lecuyer) 2. Re: Questions about upgrading Freeradius (Linda Pagillo) 3. Re: Expose RADIUS packet's identifier (Alan DeKok) 4. Re: Questions about upgrading Freeradius (Alan DeKok) 5. Re: Chap,LDAP and Passwords :) (Alan DeKok) 6. Re: Crashes with 1.0.4/1.0.5, perhaps connected with slow LDAP backend? (Alan DeKok) 7. Re: EAP-TLS reject if CN not in MySQL (Alan DeKok) 8. Re: Questions about upgrading Freeradius (Dusty Doris) 9. Re: Questions about upgrading Freeradius (Linda Pagillo) -- Message: 1 Date: Wed, 28 Sep 2005 10:48:42 -0400 From: Michael Lecuyer [EMAIL PROTECTED] Subject: Re: AccountingReq message authenticator To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=windows-1252; format=flowed There is no way to generate a message authenticator in an Accounting-Request packet the usual way it's generated for an Access-Request. The accounting packet is signed by the client therefore there cannot be two signatures created for the entire the packet. By the very nature of creating signature the second signature will alter the packet's contents invalidating the first signature. The Message-Authenticator can be only one of two things. Either it's calculated as a hash of the attributes or it's a random number (like the Access-Request authenticator). From your information I suspect it's the former. You might try using the traditional MA calculation for the MA on just the attributes with an empty (zeroed) MA present and back patch the MA. If this works please let me know. Or, if someone has accounting packets generated with proper MA's please send them to me and I'll try some standard hashes. The MA is traditionally created as an MD5-HMAC of the shared secret and the entire packet's contents with an empty (16 byte) Message-Authenticator. For an accounting packet MA use just the attribute block instead of the entire packet try just the attributes with the empty MA. Ashwin Gobind wrote: Hi. Is there anyway to generate a message authenticator for an accounting request packet. At the moment I am using JRadius, I need to send an accounting request message to another radius server. However after I add the message authenticator and send to to another server, the other server complains about Invalid message authenticator (Shared secret is incorrect). Here is some code : //Proxy request to the wap gateway DatagramSocket socket = new DatagramSocket(); socket.setSoTimeout(5000); //Generate authenticator MessageDigest md5 = MessageDigest.getInstance(MD5); md5.reset(); md5.update((byte)req.getCode()); md5.update((byte)req.getIdentifier()); int length = req.getBytes().length; byte [] authenticator = req.getAuthenticator(); byte [] attributeBytes = req.getAttributeBytes(req.getAttributes(),0); for (int z=0; z authenticator.length ; z++ ) RadiusLog.debug(Autenticator[+z+] Before = + authenticator[z