Authentication Problem

Jouni Malinen jkmaline at cc.hut.fi
Sun Jun 8 21:27:44 EDT 2003


On Fri, Jun 06, 2003 at 08:08:22AM +0300, Joachim Wickman wrote:

> I'm having some problems with Message-Authenticator when using radius as
> MAC-ACL.
> Running hostapd-0.0.3, mysql-3.23.56 and freeradius-0.8.1 on the same
> machine (gentoo).
> It works for some clients, but not all.. below is some output when a Linux
> Orinoco tries to connect.

Hmm.. That looks odd. DO you mean that you are using the same AP and
same RADIUS server with two stations and one of them can be successfully
authenticated and one fails? Does this happen consistently so that the
same station always succeeds and respectively the other station always
fails?

> radiusd -X -A gives
> ---------
> rad_recv: Access-Request packet from host 127.0.0.1:1148, id=0, length=154
> Received packet from 127.0.0.1 with invalid Message-Authenticator!

Could you please send log files (radiusd and hostapd) that include both
a successful and failed attempt in the same run (i.e., without
restarting either daemon)?

I have never seen this kind of error and it seems quite odd.
Message-Authenticator is calculated using the shared secret between
RADIUS server and hostapd; this does not change based on the station
address.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list