Patch to fix PPTP CHAP failure due to unknown-attribute problem

freeradius developer/user identity freeradius at
Tue Jul 5 19:20:30 CEST 2011

> You can find the current freeradius dictionaries at
> You can see that and dictionary.merit are there....
> ...
> It includes attributes 11 (MS-CHAP-Challenge) and 25 (MS-CHAP2-Response).

Thank you for your prompt reply! It turns out that the dictionary
files for *radiusclient* are different from those for freeradius *server*
in subtle ways. Specifically, the server version uses the type "octet"
while radiusclient recognizes only "string", "integer", "ipaddr", and 
"date" (see radiusclient's lib/dict.c, which is what parses the dictionaries).
You are completely correct that the freeradius server distribution comes
with a whole bunch of dictionaries, and that the one
does define the attributes 11 and 25.  Unfortunately, radiusclient does
not read these and cannot process them correctly if it did read them.

The radiusclient distribution (even the latest development version at
   cvs -d :pserver:anoncvs at login  CVS password: anoncvs 
   cvs -d :pserver:anoncvs at checkout radiusclient
does not include any dictionary files other than "dictionary". Hence
the problem.  It certainly would be helpful to include radiusclient versions
of (and, I suppose, dictionary.merit) with the
radiusclient distribution.

Also, the current source of the radiusclient versions of
and dictionary.merit at
which is the source of the buggy version of that has
a space at the start of each line, could be updated to remove the spaces,
and text could be inserted that explains that the errors
  rc_avpair_new: unknown attribute 11
  rc_avpair_new: unknown attribute 25
may go away if these files are replaced with the revised versions. A
good place for the text to be updated would be at the paragraph beginning,
"That's not working.  Ok, so you've followed the above steps and it's
 still not working. So lets double check things before you post to FreeRADIUS
 mailing lists: ...."

I was hoping that my patches could be accepted in any case because there
may be people who won't notice the changes in the web page above, and/or
may have troubles with new dictionaries that they are developing.

Another approach would be to modify radiusclient so that it reads the
dictionaries used by freeradius server. That would make a lot of sense,
and would be easy to do. Please let me know if you would like me to do

Please let me know if I need to patch up the style in the patches. 
I tried to mimic the C-style of the original code, but may have missed
spacing and such here and there.

Thanks again for maintaining this important project. Please let me know
how I can help.  -  Larry Widman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <>

More information about the Freeradius-Devel mailing list