Forum Discussion
Joko_Yuliantor3
Sep 08, 2013Historic F5 Account
Hi kt77,
It looks like you have a case where the RADIUS Accounting server is strictly checking the Request Authenticator field. Please have a look at Page 7 of RFC 2866.
In this case, the iRule needs to change the value of the Request Authenticator field after the insertion is conducted. This require the shared secret to be written in the iRule.
I never encounter such strict RADIUS server in my experience before but the following untested iRule should raise some ideas:
when RULE_INIT {
set static::seckey "this is the shared secret"
}
when CLIENT_DATA {
RADIUS::avp insert 8 $leasedip ip4
binary scan [UDP::payload] H2H2x36H* rad_code rad_pid rad_attrs
set a [binary format H*H*H*H*H*a* $rad_code $rad_pid [UDP::payload length] 00000000000000000000000000000000 $rad_attrs $static::seckey]
UDP::payload replace 0 [UDP::payload length] [binary format a*@4a16 [UDP::payload] [md5 $a]]
}
Good luck...