计算RADIUS消息的验证者字段

时间:2015-01-21 18:40:31

标签: radius-protocol

我正在尝试实施RADIUS协议。根据RFC 2866,对于RADIUS Accounting,在计算Authenticator字段时,这些步骤是:

  

调用Accounting-Response数据包中的Authenticator字段   Response Authenticator,包含单向MD5哈希   通过由会计组成的八位字节流计算   响应代码,标识符,长度,请求验证器字段   来自正在回复的Accounting-Request数据包,以及   响应属性(如果有),后跟共享密钥。该   产生16个八位字节的MD5哈希值存储在Authenticator中   Accounting-Response包的字段。

我正在尝试计算它,但我无法获得正确的值: 代码= 5(0x05)1个字节 标识符:134(0x86)1个字节 长度:20(0x0014)2个字节 请求身份验证器:bac85592365b2e786ad3095a1cf22646,16字节 我的回复中没有属性 共享秘密:63 21 6d 40 35 32 32 35(c!m @ 5225)

所以MD%哈希的输入是:  05860014bac85592365b2e786ad3095a1cf2264663216d4035323235  我得到: b7ac1e6909302b06bd021aede380dbc5使用这两个网站:http://www.md5hashgenerator.com/http://www.miraclesalad.com/webtools/md5.php

实际响应的身份验证者为9629702dca9469714fb423ca7b1525bc 我正在比较查看客户端/服务器发送的真实RADIUS数据包和我计算的身份验证器与服务器发送的数据包不匹配。有什么想法可以吗?

The RFC 2865 at the end has a couple of examples. Example 1, using the shared
secret "xyzzy5461"



User Telnet to Specified Host

The NAS at 192.168.1.16 sends an Access-Request UDP packet to the
RADIUS Server for a user named nemo logging in on port 3 with
password "arctangent".

The Request Authenticator is a 16 octet random number generated by
the NAS.

The User-Password is 16 octets of password padded at end with nulls,
XORed with MD5(shared secret|Request Authenticator).

01 00 00 38 0f 40 3f 94 73 97 80 57 bd 83 d5 cb
98 f4 22 7a 01 06 6e 65 6d 6f 02 12 0d be 70 8d
93 d4 13 ce 31 96 e4 3f 78 2a 0a ee 04 06 c0 a8
01 10 05 06 00 00 00 03

1 Code = Access-Request (1)
1 ID = 0
2 Length = 56
16 Request Authenticator

Attributes:

6 User-Name = "nemo"
18 User-Password
6 NAS-IP-Address = 192.168.1.16
6 NAS-Port = 3

The RADIUS server authenticates nemo, and sends an Access-Accept UDP
packet to the NAS telling it to telnet nemo to host 192.168.1.3.

The Response Authenticator is a 16-octet MD5 checksum of the code
(2), id (0), Length (38), the Request Authenticator from above, the
attributes in this reply, and the shared secret.

02 00 00 26 86 fe 22 0e 76 24 ba 2a 10 05 f6 bf
9b 55 e0 b2 06 06 00 00 00 01 0f 06 00 00 00 00
0e 06 c0 a8 01 03

1 Code = Access-Accept (2)
1 ID = 0 (same as in Access-Request)
2 Length = 38
16 Response Authenticator

Attributes:

6 Service-Type (6) = Login (1)
6 Login-Service (15) = Telnet (0)
6 Login-IP-Host (14) = 192.168.1.3

1 个答案:

答案 0 :(得分:2)

问题解决了!在线md5工具需要字符串,所以即使我传递了字节值,它也被视为字符串,因此错误的值。

相关问题
最新问题