All versions of the BAY software prior to 18.0.2 are broken in
regards to the Message-Authenticator.  They send a strictly MD5
encoded secret instead of the encoding required by the RFC.  This has
been fixed in 18.0.2 and only 18.0.2.

  If you see messages in the radius log like:

Received packet from xxx.xxx.xxx.xxx with invalid Message-Authenticator!

  and you are using a Bay Annex, then you MUST upgrade the software on
your Annex.  There is NO other solution to the problem.