小贝子编程

计算 RADIUS 消息的身份验证器字段



我正在尝试实现RADIUS协议。根据 RFC 2866,对于 RADIUS 记帐,在计算身份验证器字段时,这些步骤如下:

记帐响应数据包中的身份验证器字段称为 响应身份验证器,并包含单向 MD5 哈希 根据由会计- 响应代码、标识符、长度、请求身份验证器字段 从正在回复的记帐请求数据包,以及 响应属性(如果有),后跟共享密钥。这 生成的 16 个八位字节 MD5 哈希值存储在身份验证器中 记帐响应数据包的字段。

我正在尝试计算它,但我无法获得正确的值:代码 = 5 (0x05) 1 字节标识符:134 (0x86) 1 字节长度: 20 (0x0014) 2 字节请求身份验证器: bac85592365b2e786ad3095a1cf22646 , 16 字节我的回复中没有属性共享密钥: 63 21 6d 40 35 32 32 35 (c!m@5225)

因此,MD% 哈希的输入将是: 05860014bac85592365b2e786ad3095a1cf2264663216d4035323235 我得到:b7ac1e6909302b06bd021aede380dbc5 使用以下 2 个网站:http://www.md5hashgenerator.com/和 http://www.miraclesalad.com/webtools/md5.php

实际响应的身份验证器为 9629702dca9469714fb423ca7b1525bc我正在比较客户端/服务器发送的真实 RADIUS 数据包,我计算的身份验证器与服务器发送的身份验证器不匹配。任何想法可以是什么?

The RFC 2865 at the end has a couple of examples. Example 1, using the shared
secret "xyzzy5461"

User Telnet to Specified Host
The NAS at 192.168.1.16 sends an Access-Request UDP packet to the
RADIUS Server for a user named nemo logging in on port 3 with
password "arctangent".
The Request Authenticator is a 16 octet random number generated by
the NAS.
The User-Password is 16 octets of password padded at end with nulls,
XORed with MD5(shared secret|Request Authenticator).
01 00 00 38 0f 40 3f 94 73 97 80 57 bd 83 d5 cb
98 f4 22 7a 01 06 6e 65 6d 6f 02 12 0d be 70 8d
93 d4 13 ce 31 96 e4 3f 78 2a 0a ee 04 06 c0 a8
01 10 05 06 00 00 00 03
1 Code = Access-Request (1)
1 ID = 0
2 Length = 56
16 Request Authenticator
Attributes:
6 User-Name = "nemo"
18 User-Password
6 NAS-IP-Address = 192.168.1.16
6 NAS-Port = 3
The RADIUS server authenticates nemo, and sends an Access-Accept UDP
packet to the NAS telling it to telnet nemo to host 192.168.1.3.
The Response Authenticator is a 16-octet MD5 checksum of the code
(2), id (0), Length (38), the Request Authenticator from above, the
attributes in this reply, and the shared secret.
02 00 00 26 86 fe 22 0e 76 24 ba 2a 10 05 f6 bf
9b 55 e0 b2 06 06 00 00 00 01 0f 06 00 00 00 00
0e 06 c0 a8 01 03
1 Code = Access-Accept (2)
1 ID = 0 (same as in Access-Request)
2 Length = 38
16 Response Authenticator
Attributes:
6 Service-Type (6) = Login (1)
6 Login-Service (15) = Telnet (0)
6 Login-IP-Host (14) = 192.168.1.3

问题解决了!在线 md5 工具需要字符串,因此即使我传递了字节值,它也被视为字符串,因此值错误。

相关内容

  • 没有找到相关文章

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium