(RADIATOR) bad EAP Message-Authenticator

Hugh Irvine hugh at open.com.au
Sat Sep 22 03:23:01 CDT 2001


Hello Dave -

Can you please try setting the IgnoreAcctSignature parameter in the Client 
clause for this NAS?

Please let me know what happens.

thanks

Hugh


On Saturday 22 September 2001 02:40, David Purnell wrote:
> Hi there,
>
> I'm getting a "Bad EAP Message-Authenticator" message using
> Radiator2.18.4 with nortel (baynetworks) 5399 rac hardware.  I don't
> have any problems using this hardware with 2.17.1.
>
> Here's my cfg:
>
> Foreground
> LogDir          /var/log
> LogFile         /var/log/radiusd.log
> DbDir           /etc/raddb
> PidFile         /etc/raddb/radiusd.pid
> Trace           3
> SnmpgetProg     /usr/local/bin/snmpget
>
> <ClientListSQL>
>         DBSource        dbi:mysql:radius:sql.dmv.com
>         DBUsername      xxxxxxx
>         DBAuth          xxxxxxx
>         FailureBackoffTime      60
>         GetClientQuery SELECT
> NASIDENTIFIER,SECRET,NULL,NULL,NULL,NASTYPE,SNMPCOMMUNITY from
> radclients
>
> </ClientListSQL>
>
> <Log SQL>
>         DBSource        dbi:mysql:radius:sql.dmv.com
>         DBUsername      xxxxxxx
>         DBAuth          xxxxxxx
>         FailureBackoffTime      60
>         Table           radlog
>         Trace           3
> </Log>
>
> <Realm DEFAULT>
>         <AuthBy RADIUS>
>                 IgnoreAuthentication
>                 Host sql.dmv.com
>                 Secret xxxxxxxx
>         </AuthBy>
>         <AuthBy FILE>
>                 Filename /etc/raddb/users.dmv
>                 EAPType notpermitted
>         </AuthBy>
>
> </Realm>
>
> <SessionDatabase SQL>
>         DBSource        dbi:mysql:radius:sql.dmv.com
>         DBUsername      xxxxxxx
>         DBAuth          xxxxxxx
>         FailureBackoffTime      60
>         Identifier      radonline
> </SessionDatabase>
>
>
> I've also tried this without the "EAPType notpermitted" line but I get
> the same result.
>
>
> Here's a sampling of debug output:
>
>
> Fri Sep 21 10:40:38 2001: DEBUG: Packet dump:
> *** Received from 64.45.130.6 port 3263 ....
> Code:       Access-Request
> Identifier: 199
> Authentic:  <188>p<11><178><160><176><9><150><133><255><8>{j@<6><0>
> Attributes:
>         User-Name = "dave"
>         User-Password = "C<19><135><191>o1<9>y<130>N`d<180><192><129>t"
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
>         NAS-IP-Address = 64.45.130.6
>         Framed-IP-Address = 64.45.130.211
>         NAS-Port = 43
>         Annex-Port = 10107
>         NAS-Port-Type = ISDN
>         Connect-Info = "     64000       64000"
>         Annex-Transmit-Speed = 64000
>         Annex-Receive-Speed = 64000
>         Annex-Wan-Number = 1
>         Annex-Logical-Channel-Number = 9
>         Called-Station-Id = "7495105"
>         Calling-Station-Id = "4105468538"
>         Message-Authenticator =
> <12>\<231><218>Z~S<178><216><129><192>&><196>8<2
> 08>
>
> Fri Sep 21 10:40:38 2001: WARNING: Bad EAP Message-Authenticator
> Fri Sep 21 10:40:38 2001: WARNING: Bad authenticator in request from
> 64.45.130.6 (64.45.1306)
>
>
>
>
>
> thanks,
> Dave
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list