Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
626
Views
0
Helpful
1
Replies

RVS4000 802.1x Packet does not contain required Message-Authenticator attribute

aluft0001
Level 1
Level 1

‎02-11-2016 06:01 AM - edited ‎03-10-2019 11:28 PM

I have an RVS4000 connected to a freeradius server and the server is indicating the following error:

Packet does not contain required Message-Authenticator attribute


(4) Sent Access-Challenge Id 7 from 10.97.17.6:1812 to 10.97.17.14:1030 length 0
(4)   EAP-Message = ... snipped ...
(4)   Message-Authenticator = 0x00000000000000000000000000000000
(4)   State = 0xe63ee490e232e927e8c1adab3d14c446
(4) Finished request

How do I insert the Message Authenticator value?

supplicant is wpa-supplicant version 2.5 on ubuntu.

Labels:
0 Helpful
1 Reply 1

aluft0001
Level 1
Level 1

‎02-11-2016 07:57 AM

A look at server side tcpdump 

tcpdump -i enp0s25 -w 8021x.pcap  " udp port 1812"

Showed that the last packet had marked the "more fragments flag" but never sent more fragments.

Changing the fragment_size in the config file for wpa_supplicant fixed my issue.

# fragment_size: Maximum EAP fragment size in bytes (default 1398).
#	This value limits the fragment size for EAP methods that support
#	fragmentation (e.g., EAP-TLS and EAP-PEAP). This value should be set
#	small enough to make the EAP messages fit in MTU of the network
#	interface used for EAPOL. The default value is suitable for most
#	cases.
0 Helpful
Customers Also Viewed These Support Documents