"Eliot, Wireless and Server Administrator, Great Lakes Internet" <[EMAIL PROTECTED]> wrote: > Is the message authenticator attribute properly implemented in > FreeRADIUS?
Huh? Would you expect the answer to be "no"? > This indicates that anytime it adds a Message-Authenticator attribute, > it simply sets it to 0. This would explain why I get: > > Message-Authenticator = 0x00000000000000000000000000000000 > > In my proxied packets. However, it could just be that the attributes are > getting displayed before the authenticator is actually computed and that > the authenticator is getting computed and sent out correctly in the > actual packet. Yes, that's what it's doing. > I read a post from a long time ago about putting the > attribute (set to any value) in the response list, but that does not > seem to work (unless I did it wrong): > > /etc/raddb/preproxy_users: > > DEFAULT > Message-Authenticator = 1 You're adding it to the proxied packet. Read the docs. > Anyway, I think I am running into a problem with not having this in the > packets. I am proxying requests from my Windows XP SP2 supplicant to my > Cisco 1310 AP That's not proxying. The supplicant doesn't do RADIUS. > When the proxied reply (Access-Challenge) goes out of the router back > towards the Cisco 1310 AP and the supplicant, the Cisco or the > supplicant (can't tell which) is ignoring the reply and then sending a > new request. That's most likely the "extended key" oid nonsense that Microsoft needs. > Can anyone verify whether the Message-Authenticator attribute is or is > not working properly? If it is not working, is it really likely to be > causing this problem? It works. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html