On Jul 19, 2017, at 6:04 PM, Andy Smith <a.smith@ldex.co.uk> wrote:
On 19-07-2017, Alan De Im seeing this in "RADIUS Server reply" from NTRadPing
We didn't write NTRadPing. Ask the authors of NTRadPing why it's broken.
The difference (again in the output in NTRadPing) for Tunnel-Password is, 1.x:
\0x00\0xe5-\0xd6w\0xee\0x8a\0x96]\0xd0\0xe8\0xd2\0x13\0xacs\0x14\0xa5\0xf9
3.x:
\0x00\0x82\0xb0\0x8c\0xd8\0x00\0x06\0xe8\0xc9Q\6f~8\0xc9\0xe0\0x15
The Tunnel-Passwords are encrypted on the wire. If NTRadPing isn't showing you the decrypted version, then it's garbage. Throw it away, and use a real RADIUS client. i.e. radclient.
The passwords are clear text in the DB, I mentioned this as its another thing that is different but I'm not sure its an issue. As I said, on both 1.x and 3.x I get responce access accepted in NTRadPing.
NTRadPing is garbage. Use a real RADIUS client.
The \n on the other hand I suspect may be an issue as the Cisco documention specifies that the AVPair should end with \n and it does not on the 3.0.14 server,
Since you're not posting the debug output, there isn't much I can do to help. Alan DeKok.