[Bug 1206367] Re: radclient fails to validate Message-Authenticator on Disconnect-ACK packets

Martijn vdS 1206367 at bugs.launchpad.net
Tue Jul 30 05:11:51 UTC 2013


I send the packet like this (IP of the hostap instance is 10.0.0.2,
Event-Timestamp is "current" when I try this, otherwise hostapd wouldn't
send a Disconnect-ACK, but just not reply at all, this happened to me
during some earlier debugging):

$ cat packet.txt
Acct-Session-Id=XXXXXXXX-XXXXXXX
User-Name=user at name.com
Message-Authenticator=0
Event-Timestamp=1375159866

$ radclient -x 10.0.0.2:3799 disconnect 'SharedSecret' < packet.txt
Sending Disconnect-Request of id 176 to 10.0.0.2 port 3799
	Acct-Session-Id = "XXXXXXXX-XXXXXXX"
	User-Name = "user at name.com"
	Message-Authenticator = 0x00000000000000000000000000000000
	Event-Timestamp = "Jul 30 2013 06:51:06 CEST"
rad_recv: Disconnect-ACK packet from host 10.0.0.2 port 3799, id=176, length=44
rad_verify: Received packet from 10.0.0.2 with invalid Message-Authenticator!  (Shared secret is incorrect.)

The last line is where the problem is: the incoming "Disconnect-ACK"
isn't verified properly.

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to freeradius in Ubuntu.
https://bugs.launchpad.net/bugs/1206367

Title:
  radclient fails to validate Message-Authenticator on Disconnect-ACK
  packets

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freeradius/+bug/1206367/+subscriptions



More information about the Ubuntu-server-bugs mailing list