[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: FreeRADIUS CoA Proxy [invalid Message-Authenticator] in response
From: Alan DeKok <aland () deployingradius ! com>
Date: 2023-10-31 22:03:23
Message-ID: 2CF3058C-D85A-4C7E-A7AB-F57DA804CA17 () deployingradius ! com
[Download RAW message or body]
On Oct 31, 2023, at 4:45 PM, Alexander Shulgin <alexs20@gmail.com> wrote:
> As you suggested I ran the server with -Xxxx flag and radclient with -xxx
> While it increased the debug level of the server, it did not change the
> output of the radclient.
> So i went forward and ran radsniff on both sides
> Attached are server2.txt (server log), radclient2.txt (radclient
> log), radsniff_client2.txt (radsniff output for the client)
> and radsniff_server2.txt (radsniff output for the server)
>
> From what I see the final message from the server has exactly the same
> values as on client side, which means nothing changing the packet
Hmm... that's weird.
Looking at the server debug output in more detail, the issue is that the home \
server is sending Message-Authenticator in the Disconnect-ACK. And the proxy is \
copying it back to the client unchanged.
The proxy should instead calculate the correct value for Message-Authenticator when \
replying to the client.
I've pushed a fix to the v3.2.x and v3.0.x branches.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic