<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Hi,<br>
<br>
Look at <a class="moz-txt-link-freetext" href="https://github.com/ates/radius">https://github.com/ates/radius</a> project<br>
<br>
<span id="result_box" class="short_text" lang="en"><span
class="hps">Especially radius_codec module</span></span><br>
<br>
On 10/09/2015 04:29 PM, Kirill Ratkin wrote:<br>
</div>
<blockquote
cite="mid:CAOn0L-z5E_B1EMtakpdp653Rb5qW4NXTzyjUBu=DAw5N0M-wHA@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>Hi guys,<br>
<br>
</div>
Who played with RADIUS?<br>
<br>
</div>
I'm trying to make test aplication which decode
request and encode response (Accept).<br>
<br>
</div>
Here is code:<br>
<br>
handle_info({udp, Socket, IP, Port, Packet}, State)
-><br>
io:format("Packet is ~p~n", [hexlify(Packet)]),<br>
<br>
<<Code:8, Identifier:8, Length:16,
Authenticator:128, Attributes/binary>> =
Packet,<br>
<br>
io:format("Packet is ~p,~p,~p,~p,~p~n", [<br>
Code, <br>
Identifier, <br>
Length,<br>
Authenticator,<br>
hexlify(Attributes)<br>
]),<br>
<br>
<<Len:8, Type:8, Body/binary>> =
Attributes,<br>
<br>
io:format("AVP: ~p, ~p, ~p~n", [Len, Type,
Body]),<br>
<br>
AVPCode = 18,<br>
AVPMessage = <<"You dick">>,<br>
AVPSize = byte_size(AVPMessage) + 2,<br>
AVPResponse = <<AVPCode:8, AVPSize:8,
AVPMessage/binary>>,<br>
RCode = 2, % calculated base on
logic, accept is now for test<br>
RLength = byte_size(AVPResponse) + 20,<br>
Secret = <<"secret">>,<br>
RAuthenticator = erlang:md5(<<Code:8,
Identifier:8, Length:16, Authenticator:128,
AVPResponse/binary, Secret/binary>>),<br>
Response = <<RCode, Identifier,
RLength:16, RAuthenticator/binary,
AVPResponse/binary>>,<br>
<br>
gen_udp:send(Socket, IP, Port, Response),<br>
<br>
inet:setopts(Socket, [{active, once}]),<br>
{noreply, State};<br>
<br>
</div>
It works but ... 'radclient' says Response
Authenticator is not correctly calculated.<br>
<br>
</div>
This is its output:<br>
<br>
$ echo "User-Name = test" | radclient -x localhost:1812
auth secret<br>
Sending Access-Request Id 68 from <a
moz-do-not-send="true" href="http://0.0.0.0:38654">0.0.0.0:38654</a>
to <a moz-do-not-send="true"
href="http://127.0.0.1:1812">127.0.0.1:1812</a><br>
User-Name = 'test'<br>
Received Access-Accept Id 68 from <a
moz-do-not-send="true" href="http://127.0.0.1:1812">127.0.0.1:1812</a>
to <a moz-do-not-send="true"
href="http://127.0.0.1:38654">127.0.0.1:38654</a>
length 30<br>
(0) Reply verification failed: Received Access-Accept
packet from home server 127.0.0.1 port 1812 with invalid
Response Authenticator! (Shared secret is incorrect.)<br>
<br>
</div>
RFC says:<br>
<br>
Response Authenticator<br>
<br>
The value of the Authenticator field in
Access-Accept, Access-<br>
Reject, and Access-Challenge packets is called
the Response<br>
Authenticator, and contains a one-way MD5 hash
calculated over<br>
a stream of octets consisting of: the RADIUS
packet, beginning<br>
with the Code field, including the Identifier,
the Length, the<br>
Request Authenticator field from the
Access-Request packet, and<br>
the response Attributes, followed by the shared
secret. That<br>
is, ResponseAuth =<br>
MD5(Code+ID+Length+RequestAuth+Attributes+Secret)
where +<br>
denotes concatenation.<br>
<br>
</div>
It seems I do how RFC recommends but ... <br>
</div>
I don't see mistake :(.<br>
<br>
</div>
Please help if you see my fault.<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
erlang-questions mailing list
<a class="moz-txt-link-abbreviated" href="mailto:erlang-questions@erlang.org">erlang-questions@erlang.org</a>
<a class="moz-txt-link-freetext" href="http://erlang.org/mailman/listinfo/erlang-questions">http://erlang.org/mailman/listinfo/erlang-questions</a>
</pre>
</blockquote>
<br>
</body>
</html>