>> It works fine for authentication request/accept and accounting-stop, but
>> my NAS complains about the accounting-start messages:
>
> Then it's most likely a problem with the attributes in the
> accounting start packet.
>
>> WARNING: Identifier does not match - ignoring response
>> WARNING: Invalid response signature - check secret!
>
> If the first message is true, then the second is a caused by the
> first.
>
> You say that the NAS complains about the accounting-start packet,
> but FreeRADIUS never sends one to the NAS, it only sends an
> Accounting-Response packet. So where does this message come from, and
> when does it happen?
Sorry, my mistake, I meant Accounting-Request.
This is what Freeradius gets from the NAS:
rad_recv: Accounting-Request packet from host xxx.xxx.xxx.xxx:, id=120,
length=149
Acct-Delay-Time = 8
NAS-IP-Address = xxx.xxx.xxx.xxx
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Identifier = ""
Acct-Status-Type = Start
Acct-Session-Id = "3b7a0001"
Acct-Authentic = RADIUS
User-Name = "x"
This is what Freeradius proxies to MS IAS:
Sending Accouting-Request of id 22 to xxx.xxx.xxx.xxx:
Acct-Delay-Time = 8
NAS-IP-Address = xxx.xxx.xxx.xxx
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Identifier = ""
Acct-Status-Type = Start
Acct-Session-Id = "3b7a0001"
Acct-Authentic = RADIUS
User-Name = "x"
Proxy-State = "120"
Freeradius gets the following back from MS IAS:
rad_recv: Accouting-Response packet from xxx.xxx.xxx.xxx:, id=22,
length=25
Proxy-State = 0x313230
And sends it on to the NAS:
Sending Accouting-Response of id 120 to xxx.xxx.xxx.xxx:xx
And the NAS generates the error:
WARNING: Identifier does not match - ignoring response
WARNING: Invalid response signature - check secret!
Josh Howlett, Networking and Digital Communications Group,
Information Systems & Computing, University of Bristol.
email: [EMAIL PROTECTED] | phone: +44 (0)117 928 7850
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html