Tunnel-Password fails proxy: "tunnel password is too long for the attribute"
when a backend radius server sends bakc the following tunnel attributes, the freeradius 1.0.2 fails the request with "tunnel password is too long for the attribute"( discovered by radiusd -X). Tunnel-Server-Endpoint = 1:82.111.96.178 Tunnel-Type = 1:L2TP Tunnel-Medium-Type = 1:IP Tunnel-Password = 1:lab Framed-Protocol = PPP if I comment out the Tunnel-Passord, the proxied reply returns fine. I guess this is a problem with the tagged stting for the password, partt of which is encrypted perhaps? the backend is Radiator 3.8. directly querying the backed, without freeradius proxying, works fine. tariq
Tariq Rashid <tariq.rashid@uk.easynet.net> wrote:
when a backend radius server sends bakc the following tunnel attributes, the freeradius 1.0.2 fails the request with "tunnel password is too long for the attribute"( discovered by radiusd -X).
Ok...
Tunnel-Password = 1:lab
That's not the correct format for tags.
if I comment out the Tunnel-Passord, the proxied reply returns fine.
I though you said that the backend server sent the attribute? How do you comment it out?
I guess this is a problem with the tagged stting for the password, partt of which is encrypted perhaps? the backend is Radiator 3.8.
See src/lib/radius.c. A byte in the attribute says how long it is. If en/decrypted wrong, the byte will be garbage. Alan DeKok.
participants (2)
-
Alan DeKok -
Tariq Rashid