Forum Discussion
kt77_130944
Nimbostratus
NimbostratusRADIUS::avp causes invalid signature on the RADIUS server
Hi,
I have a RADIUS VServer that intercepts Radius requests and send them to a RADIUS pool member.
Once a Radius Accounting request is received by this VServer, I insert an AVP and send it ...
Hi kt77,
It looks like you have a case where the RADIUS Accounting server is strictly checking the Request Authenticator field. Please have a look at Page 7 of RFC 2866.
In this case, the iRule needs to change the value of the Request Authenticator field after the insertion is conducted. This require the shared secret to be written in the iRule.
I never encounter such strict RADIUS server in my experience before but the following untested iRule should raise some ideas:
when RULE_INIT {
set static::seckey "this is the shared secret"
}
when CLIENT_DATA {
RADIUS::avp insert 8 $leasedip ip4
binary scan [UDP::payload] H2H2x36H* rad_code rad_pid rad_attrs
set a [binary format H*H*H*H*H*a* $rad_code $rad_pid [UDP::payload length] 00000000000000000000000000000000 $rad_attrs $static::seckey]
UDP::payload replace 0 [UDP::payload length] [binary format a*@4a16 [UDP::payload] [md5 $a]]
}
Good luck...