Radius DAS won't work

Robert Plestenjak robert.plestenjak
Thu Feb 6 06:24:45 PST 2014


When I send disconnect message, I get this:

# cat ~/packet.txt | radclient -x 172.16.117.235:3799 disconnect supersecret
Sending Disconnect-Request of id 224 to 172.16.117.235 port 3799
	Acct-Session-Id = "52F38076-00000003"
	User-Name = "janez"
	NAS-IP-Address = 172.16.117.235
rad_recv: Disconnect-NAK packet from host 172.16.117.235 port 3799, id=224, length=50
rad_verify: Received packet from 172.16.117.235 with invalid Message-Authenticator!  (Shared secret is incorrect.)

Hostapd logs this:
DAS: Received 52 bytes from 172.16.93.117:50432
DAS: Unsupported attribute 4 in Disconnect-Request from 172.16.93.117:50432
DAS: Reply to 172.16.93.117:50432


My disconnect message (package.txt):
Acct-Session-Id = "52F38076-00000003"
User-Name = "janez"
NAS-IP-Address = "172.16.117.235"


My DAS config:
...
radius_das_port=3799
radius_das_client=172.16.93.117 supersecret
radius_das_time_window=300
radius_das_require_event_timestamp=0


First I thought Radius sends attribute 4 and not 40, but I confirmed it's 40 with tcpdump and wireshark.



More information about the Hostap mailing list