On 30 Nov 2015, at 18:37, Stefano Mason <stefano.mason@eng-mo.it> wrote:
Dear Alan, I'm curios to know why this Access-Request from Brocade switch to Freeradius 3.0.10 report the User-Password end with many NULL, instead, Freeradius 2.2.9 report a clean User-Password?
Because in v3.0.x we follow RFC 2865 to the letter, and do not give null bytes any special treatment. The FreeRADIUS 2.2.9 behaviour was incorrect, the 3.0.10 behaviour is correct. The Brocade NAS is broken. It looks like it's sending the contents of a fixed length (16 byte) buffer and incorrectly calculating the length of the data in that buffer (someone probably used sizeof() instead of strlen). Anyway, open a support case with Brocade to get this fixed, they are absolutely doing the wrong thing here. -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2