[RADIATOR] Proxying RADIUS Accounting Packets to Third Party Vendor: Not all Attributes proxied
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Mon Feb 6 10:02:49 CST 2012
Hi,
> WARNING: Bad authenticator received in reply to ID 153
incorrect shared secret or badly munged UDP packets, or packets
received after your local RADIUS server has already decided to forget
about them (timeout)
> I've confirmed the secret is the same between the proxying radius servers
> and the destination radius server, so this doesn't look like the issue.
Secret "whatever the secret is"
..then you never get undone by trailing spaces etc
> Vendor Specific Attribute (26), length: 8 (bogus, goes past end
> of packet)
> Vendor Specific Attribute (26), length: 12 (bogus, goes past end
> of packet)
big big packets - larger than the MTU - change the size of your RADIUS packets
to eg 1280 or so - the default in RADIATOR is big ...too big. then the RADIUS
will break the packets up nicely.
hmm, theres EAPTLS_MaxFragmentSize to deal with EAP - not sure about what you tweak
with plain RADIUS accounting packets that are big. maybe change the host MTU size?
alan
More information about the radiator
mailing list