我使用C#实现radius服务器,使用eap-md5方法进行简单开发。但无法让客户端响应,客户端只是在收到我的服务器响应后继续发送带有不同ID的访问请求。我已经验证了Authenticators是正确的。我缺少一些“必须具备”的属性吗?谢谢
这是访问请求wireshark捕获
RADIUS Protocol
Code: Access-Request (1)
Packet identifier: 0x18 (24)
Length: 159
Authenticator: 5bcaa271c9441fbc9cc9e5d622660fc1
[The response to this request is in frame 2]
Attribute Value Pairs
AVP: l=4 t=User-Name(1): uu
AVP: l=6 t=NAS-IP-Address(4): 192.168.0.254
AVP: l=14 t=NAS-Identifier(32): 24a43ce687e5
AVP: l=6 t=NAS-Port(5): 0
AVP: l=28 t=Called-Station-Id(30): 26-A4-3C-E7-87-E5:AKRadius
AVP: l=19 t=Calling-Station-Id(31): F0-99-BF-47-C9-4D
AVP: l=6 t=Framed-MTU(12): 1400
AVP: l=6 t=NAS-Port-Type(61): Wireless-802.11(19)
AVP: l=23 t=Connect-Info(77): CONNECT 0Mbps 802.11b
AVP: l=9 t=EAP-Message(79) Last Segment[1]
Type: 79
Length: 9
EAP fragment: 028c0007017575
Extensible Authentication Protocol
Code: Response (2)
Id: 140
Length: 7
Type: Identity (1)
Identity: uu
AVP: l=18 t=Message-Authenticator(80): 6f65b6ecd4f665733fc5ca4edb296252
这是我的服务器响应
RADIUS Protocol
Code: Access-Challenge (11)
Packet identifier: 0x18 (24)
Length: 63
Authenticator: b16435719986e75542bee8e422ef690b
[This is a response to a request in frame 1]
[Time from request: 0.012348000 seconds]
Attribute Value Pairs
AVP: l=25 t=EAP-Message(79) Last Segment[1]
Type: 79
Length: 25
EAP fragment: 018c001704100245ca55b3e22343afe94ec324941d2841
Extensible Authentication Protocol
Code: Request (1)
Id: 140
Length: 23
Type: MD5-Challenge EAP (EAP-MD5-CHALLENGE) (4)
[Expert Info (Warning/Security): Vulnerable to MITM attacks. If possible, change EAP type.]
EAP-MD5 Value-Size: 16
EAP-MD5 Value: 0245ca55b3e22343afe94ec324941d28
EAP-MD5 Extra Data: 41
AVP: l=18 t=Message-Authenticator(80): b51a14486177ff84b584ac749acae88a
我们发现客户端设备(苹果iphone)并没有遵循旧规则,他们没有回复说他们不支持md5方法的nak。 iphone只是忽略了回复并再次重新发送访问请求...