Hello,
I am using FreeRadius 0.5 on Solaris to test EAP support for Radius client.
The Radius authentication works fine in regular userid/password setup.
During testing of 802.1X EAP Authentication using Radius, I am not getting
proper expected response from server.
Per the RFC 2869 (Radius Extensions), in my Radius request packet, I am
sending following attributes...
Service-Type=2 (Framed)
NAS-IP-Address=0xc0a80277 (192.168.2.119)
EAP-Message=0x010a000973756e696c (Code=Request, Id=0x0a, Length=0x00009,
Data="sunil")
Message-Authenticator=<16-octet HMAC-MD5 digest>
As specified in RFC 2869, I generated the HMAC-MD5 digest using my radius
secret-key. This key is also configured in the FreeRadius server in
/usr/local/etc/raddb/clients.conf (The key stuff works as the original
userid/password autentication works). The hmac_md5() key generation code was
taken from RFC 2104 (HMAC: Keyed-Hashing for Message Authentication). Per
RFC 2869, I used 0 values in the Message-Authenticator value field, before
creating the hash of the outgoing Radius packet. The generated hash was
inserted as the values of Message-Authenticator field.
On the receiving side, the FreeRadius server displays the following
message..
rad_recv: Access-Request packet from host 192.168.2.119:1645, id=11,
length=61
Received packet from 192.168.2.119 with invalid Message-Authenticator!
Server rejecting request 10.
Finished request 10
Has anybody made use of this attribute and found it working on the
FreeRadius server side?
Please let me know if you have any ideas to resolve/test this scenario.
Regards.
= Sunil Chitnis
Foundry Networks.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
