Re: AccountingReq message authenticator

Wed, 28 Sep 2005 08:16:27 -0700

RFCs are a little messy about this issue. Message-Authenticator in Accounting Packets are not well standarized, so everyone does what they want about this.
 
Do a search in the list for "FreeRadius Proxying and Message-Authenticator" for more information.
 
Eng. Paolo Rotela
CTO
Blue Telecom
----- Original Message -----
Sent: Wednesday, September 28, 2005 11:20 AM
Subject: AccountingReq message authenticator

Hi.

 

Is there anyway to generate a message authenticator for an accounting request packet.  At the moment I am using JRadius, I need to send an accounting request message to another radius server.  However after I add the message authenticator and send to to another server, the other server complains about “Invalid message authenticator”  (Shared secret is incorrect).

 

Here is some code :

//Proxy request to the wap gateway

                                                            DatagramSocket socket = new DatagramSocket();

                                                            socket.setSoTimeout(5000);

                                                            //Generate authenticator

                                                            MessageDigest md5 = MessageDigest.getInstance("MD5");

                                                            md5.reset();                   

                                            md5.update((byte)req.getCode());

                                            md5.update((byte)req.getIdentifier());

                                            int length = req.getBytes().length;

                                            byte [] authenticator = req.getAuthenticator();

                                            byte [] attributeBytes = req.getAttributeBytes(req.getAttributes(),0);

                                            for (int z=0; z <authenticator.length ; z++ )

                                                                        RadiusLog.debug("Autenticator["+z+"] Before = " + authenticator[z]);

                                                           

                                            RadiusLog.debug("Autenticator Length: " + authenticator.length);

                                            RadiusLog.debug("Attributes Length: " + attributeBytes.length);

                                            RadiusLog.debug("Paket Length: " + length);

                                           

                                            String sharedSecret = "testing123";

                                            md5.update((byte)(length >> 8));

                                            md5.update((byte)(length & 0xff));

                                            md5.update(authenticator, 0, authenticator.length);

                                            md5.update(attributeBytes, 0, attributeBytes.length);

                                            md5.update(sharedSecret.getBytes());        

                                            req.overwriteAttribute(AttributeFactory.newAttribute(AttributeDictionary.MESSAGE_AUTHENTICATOR, authenticator));

                                                           

                                            System.arraycopy(md5.digest(), 0, authenticator, 0, 16);

“This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link http://www.vodacom.net/legal/email.aspx "

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to