Forum Discussion
paul_73820
Nimbostratus
NimbostratusRADIUS iRule to insert vendor attributes
Hi There,
I have been writing a RADIUS iRule, one of the new requirements is for the F5 to insert a few VSA's into attribute 26.
I have had no issues with inserting/updating or rea...
Nat_Thirasuttakorn
Employee
Employeehere is how to recalculate authenticator.
note that iRule needs to know radius secret.
this is for Radius request.
for radius response, you need to save request's authenticator in variable and use that instead of "zero" when re-calculate authenticator.
after all RADIUS::avp insert command
set secret "secret"
binary scan [UDP::payload] a1a1a2a16a* code id len auth attrs
if you didn't use Radius iRule to insert new attribute, length may need to be recalculated
you could probably do something like (assume radius packet contains no padding byte)
set len [binary format S [UDP::payload length]]
per RFC (don't remember which one 🙂 )
Code + Identifier + Length + 16 zero octets + request attributes + shared secret
set zero "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
set newauth [md5 "${code}${id}${len}${zero}${attrs}${secret}"]
UDP::payload replace 4 16 $newauth
