It works fine for authentication request/accept and accounting-stop, but
my NAS complains about the accounting-start messages:
Then it's most likely a problem with the attributes in the
accounting start packet.
WARNING: Identifier does not match - ignoring response
WARNING: Invalid response signature - check secret!
If the first message is true, then the second is a caused by the
first.
You say that the NAS complains about the accounting-start packet,
but FreeRADIUS never sends one to the NAS, it only sends an
Accounting-Response packet. So where does this message come from, and
when does it happen?
Sorry, my mistake, I meant Accounting-Request.
This is what Freeradius gets from the NAS:
rad_recv: Accounting-Request packet from host xxx.xxx.xxx.xxx:, id=120,
length=149
Acct-Delay-Time = 8
NAS-IP-Address = xxx.xxx.xxx.xxx
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Identifier =
Acct-Status-Type = Start
Acct-Session-Id = 3b7a0001
Acct-Authentic = RADIUS
User-Name = x
This is what Freeradius proxies to MS IAS:
Sending Accouting-Request of id 22 to xxx.xxx.xxx.xxx:
Acct-Delay-Time = 8
NAS-IP-Address = xxx.xxx.xxx.xxx
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Identifier =
Acct-Status-Type = Start
Acct-Session-Id = 3b7a0001
Acct-Authentic = RADIUS
User-Name = x
Proxy-State = 120
Freeradius gets the following back from MS IAS:
rad_recv: Accouting-Response packet from xxx.xxx.xxx.xxx:, id=22,
length=25
Proxy-State = 0x313230
And sends it on to the NAS:
Sending Accouting-Response of id 120 to xxx.xxx.xxx.xxx:xx
And the NAS generates the error:
WARNING: Identifier does not match - ignoring response
WARNING: Invalid response signature - check secret!
Josh Howlett, Networking and Digital Communications Group,
Information Systems Computing, University of Bristol.
email: [EMAIL PROTECTED] | phone: +44 (0)117 928 7850
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
