freeradius proxying to Juniper Steel-Belted - returning trailing \000 in attributes

Alan DeKok aland at
Mon Jan 12 17:51:59 CET 2009

Jørn Kostøl wrote:
> I'm running freeradius v2.1.1 that proxies to a Juniper Steel-Belted
> Radius. (NAS->freeradius->Juniper).
> The authentication works and the reply is sent to my NAS, but the
> Juniper sends back trailing \000 in the return attributes which my NAS
> obviously is not too fond of.
> The debug shows:
> rad_recv: Access-Accept packet from host <stripped> port 1812, id=94,
> length=289
>     Class =
> 0x53425232434c978dc5a3c1f6cbdbd4c011802c01800281988002801081aa91aab5a2d5a6c5a9908ab5a1b99ccc12800e81978dc5a3c1f6cbdbd4c289e48c84
>     Proxy-State = 0x3838
>     Cisco-AVPair = "+=lcp:interface-config= ip unnumbered lo10\000"
>     Cisco-AVPair = "+=ip:addr-pool=testpool\000"
>     Cisco-AVPair = "+=lcp:interface-config= ip vrf forwarding testvrf\000"
>     Cisco-AVPair = "+=ip:dns-servers=x.x.x.x y.y.y.y\000"

  The Juniper SBR server is sending the attributes formatted like that.

> I'm having a problem figuring out where the trailing \000 is coming from.
> Has anyone experienced similar behavior or have experience proxying from
> freeradius to Juniper?

  Blame Juniper.  FreeRADIUS is printing the packet that it received.
If there are \0's in it... that's because Juniper put them there.

  Alan DeKok.

More information about the Freeradius-Users mailing list