[RADIATOR] WARNING: Bad authenticator received in reply

Heikki Vatiainen hvn at open.com.au
Thu Oct 4 14:03:54 CDT 2012


On 10/04/2012 12:36 PM, Ronald Pérez wrote:

> Thu Oct  4 08:34:55 2012 586182: WARNING: Bad authenticator received in
> reply to ID 21. Reply is ignored
> 
> 
> The communication scheme is like this:
> 
> *Radius1                   Radius2*
> *   ------->Request*
> *               Reply<---------*
> *
> *
> *Radius1 Log: Bad Authenticator received in reply........ *     
> 
> 
> I've been doing some search, lot of people said that this problem is
> related to misconfigured shared secret, in this case that is not the
> problem because both are radius control by us and shared secrets are the
> same. Also there is a recommendation to configure "IgnoreAcctSignature",
> but before configure this i want to know why is this happening.

If you know both RADIUS servers are known to generate correct
signatures, then you should check the configuration to make sure there
are no invisible characters in the secrets.

Since you are having problems with replies, you should use
IgnoreReplySignature if you need to set an option to handle the problem.

Thanks,
Heikki


-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list