4

我正在尝试实现 RADIUS 协议。根据 RFC 2866,对于 RADIUS 记帐,在计算 Authenticator 字段时,这些步骤如下:

Accounting-Response 数据包中的 Authenticator 字段称为 Response Authenticator,它包含一个单向 MD5 散列,该哈希是根据由 Accounting-Response Code、Identifier、Length、Accounting-Request 中的 Request Authenticator 字段组成的八位字节流计算得出的要回复的数据包,以及响应属性(如果有),后跟共享密钥。生成的 16 个八位字节的 MD5 哈希值存储在计费响应数据包的 Authenticator 字段中。

我正在尝试计算它,但我无法获得正确的值:代码 = 5 (0x05) 1 字节标识符:134 (0x86) 1 字节长度:20 (0x0014) 2 字节请求身份验证器:bac85592365b2e786ad3095a1cf22646,16 字节没有属性在我的回复中共享秘密:63 21 6d 40 35 32 32 35 (c!m@5225)

因此 MD% 哈希的输入将是: 05860014bac85592365b2e786ad3095a1cf2264663216d4035323235 我得到: b7ac1e6909302b06bd021aede380dbc5 使用这两个网站:http://www.md5hashgenerator.com/http ://www.5.phpladlada

实际响应的身份验证器为 9629702dca9469714fb423ca7b1525bc 我正在比较查看客户端/服务器发送的真实 RADIUS 数据包,而我计算的身份验证器与服务器发送的不匹配。有什么想法吗?

The RFC 2865 at the end has a couple of examples. Example 1, using the shared
secret "xyzzy5461"



User Telnet to Specified Host

The NAS at 192.168.1.16 sends an Access-Request UDP packet to the
RADIUS Server for a user named nemo logging in on port 3 with
password "arctangent".

The Request Authenticator is a 16 octet random number generated by
the NAS.

The User-Password is 16 octets of password padded at end with nulls,
XORed with MD5(shared secret|Request Authenticator).

01 00 00 38 0f 40 3f 94 73 97 80 57 bd 83 d5 cb
98 f4 22 7a 01 06 6e 65 6d 6f 02 12 0d be 70 8d
93 d4 13 ce 31 96 e4 3f 78 2a 0a ee 04 06 c0 a8
01 10 05 06 00 00 00 03

1 Code = Access-Request (1)
1 ID = 0
2 Length = 56
16 Request Authenticator

Attributes:

6 User-Name = "nemo"
18 User-Password
6 NAS-IP-Address = 192.168.1.16
6 NAS-Port = 3

The RADIUS server authenticates nemo, and sends an Access-Accept UDP
packet to the NAS telling it to telnet nemo to host 192.168.1.3.

The Response Authenticator is a 16-octet MD5 checksum of the code
(2), id (0), Length (38), the Request Authenticator from above, the
attributes in this reply, and the shared secret.

02 00 00 26 86 fe 22 0e 76 24 ba 2a 10 05 f6 bf
9b 55 e0 b2 06 06 00 00 00 01 0f 06 00 00 00 00
0e 06 c0 a8 01 03

1 Code = Access-Accept (2)
1 ID = 0 (same as in Access-Request)
2 Length = 38
16 Response Authenticator

Attributes:

6 Service-Type (6) = Login (1)
6 Login-Service (15) = Telnet (0)
6 Login-IP-Host (14) = 192.168.1.3
4

1 回答 1

2

问题解决了!在线 md5 工具需要字符串,因此即使我传递了字节值,它也被视为字符串,因此是错误的值。

于 2015-01-23T22:25:43.917 回答