Mikrotik bad signature during radius disconnect message.

Eugenijus · January 10, 2016, 5:23pm

Hello,

I developing radius server with/using tinyradius library. Access-accept / reject and Accounting is working fine. The problem is during disconnect-request, i get error bad signature(2log message) appears in Mikrotik log.
Mikrotik radius debug log messages:

I calculating message authenticator in this way (according to RFC - 2866 and RFC - 3576):
md5 = MessageDigest.getInstance(“MD5”);
md5.reset();
md5.update((byte) type);
md5.update((byte) packageIdentifier);
md5.update((byte)(packetLength >> 8 ));
md5.update((byte)(packetLength & 0xff));
md5.update(authenticator, 0, authenticator.length);
md5.update(attributes, 0, attributes.length);
md5.update(RadiusUtil.getUtf8Bytes(sharedSecret));
return md5.digest(); // this is calculated authentificator

Disconnect-Request packet from wireshark:

Any help please ?

Eugenijus · January 13, 2016, 11:22am

Any suggestions about calculating Authenticator? Or maybe someone could provide information about rfc according to which mikrotik checking/calculating DM auth. etc.?