Issue with rlm_digest module

malaya.kishore at wipro.com malaya.kishore at wipro.com
Thu Nov 27 14:38:44 CET 2008 

Hi Alan DeKok,

You are right. The client we used was not correct.
After updations to client, it worked fine.

Thank you.

Kind Regards,
Kishore

-----Original Message-----
From:
freeradius-devel-bounces+malaya.kishore=wipro.com at lists.freeradius.org
[mailto:freeradius-devel-bounces+malaya.kishore=wipro.com at lists.freeradi
us.org] On Behalf Of Alan DeKok
Sent: Thursday, November 27, 2008 5:05 PM
To: FreeRadius developers mailing list
Subject: Re: Issue with rlm_digest module

malaya.kishore at wipro.com wrote:
> Here is the debug log for the same, with the actual code:
> Debug: ERROR: Received Digest-Attributes with invalid sub-attribute
115

  As I said, the module is inter-operable with all existing
implementations, and has been inter-operable for 6 years.

  Changing it now is not an option.

> I find that the length in the packet is the length of the attr-length
> not the complete one (type + attr-length).

  Which client are you using to generate the digest attributes?

> Here is the log when we tried to print the values of p[o] and p[1].
> 
...
> Thu Nov 27 16:17:38 2008 : Info: [digest] ERROR: p[1] Received
> Digest-Attributes with sub-attribute length 6
> 
>         Digest-Realm = "fr.com"

  The client is broken.

  The sub-attribute is *supposed* to be packed in the same way as a
normal RADIUS attribute.  The length is *supposed* to be "data-len + 2".
This client has the length as "data-len".

  See the "sterman" draft, Nonce-Count sub-attribute.  It's length is
10, with 8 bytes of hex data.

> Thu Nov 27 16:17:38 2008 : Info: [digest] ERROR: p[1] Received
> Digest-Attributes with sub-attribute length 8
> 
>         Digest-Nonce-Count = "00000001"

  The client is violating the specification as written in the sterman
draft.  See doc/rfc/draft-sterman-aaa-sip-00.txt in the FreeRADIUS "tar"
file.

> We are not able to analyze the ethereal traces, as these are vendor
> specific values, which are not understood by ethereal.
> 
> Can it be a error in the client side. Like the length of VSA is not
> inserted correctly.

  It is an error on the client side.  The client is broken, and needs to
be fixed.

  As it is now, the client does NOT work with FreeRADIUS, and it will
NOT work with any other RADIUS server that implements the draft-sterman
document.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/devel.html

Please do not print this email unless it is absolutely necessary. 

The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. 

www.wipro.com

More information about the Freeradius-Devel mailing list