[Bug 1206367] Re: radclient fails to validate Message-Authenticator on Disconnect-ACK packets

Martijn vdS 1206367 at bugs.launchpad.net
Tue Jul 30 05:11:51 UTC 2013

I send the packet like this (IP of the hostap instance is,
Event-Timestamp is "current" when I try this, otherwise hostapd wouldn't
send a Disconnect-ACK, but just not reply at all, this happened to me
during some earlier debugging):

$ cat packet.txt
User-Name=user at name.com

$ radclient -x disconnect 'SharedSecret' < packet.txt
Sending Disconnect-Request of id 176 to port 3799
	Acct-Session-Id = "XXXXXXXX-XXXXXXX"
	User-Name = "user at name.com"
	Message-Authenticator = 0x00000000000000000000000000000000
	Event-Timestamp = "Jul 30 2013 06:51:06 CEST"
rad_recv: Disconnect-ACK packet from host port 3799, id=176, length=44
rad_verify: Received packet from with invalid Message-Authenticator!  (Shared secret is incorrect.)

The last line is where the problem is: the incoming "Disconnect-ACK"
isn't verified properly.

You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to freeradius in Ubuntu.

  radclient fails to validate Message-Authenticator on Disconnect-ACK

To manage notifications about this bug go to:

More information about the Ubuntu-server-bugs mailing list