I'm trying to send a RADIUS packet with scapy to an NPS so i can get the PEAP certificate for monitoring purposes. To make things simple i captured an Access-Request packet from the WLC to the NPS which gets the correct response of Access-Challenge. I imported said packet to scapy (the RADIUS part) and i added the IP and UDP layers with the destination IP and port:
IP(dst="X.X.X.X")/UDP(dport=1812)/[imported RADIUS packet]
The problem is that when i try to send the packet to the NPS, i get the following error:
An Access-Request message was received from RADIUS client X.X.X.X with a Message-Authenticator attribute that is not valid.
If i'm not mistaken the Message-Authenticator field is calculated from the RADIUS packet, so if the packet is the same this value should be correct, right?
Is there something i'm missing?
Regards!