Patch to fix PPTP CHAP failure due to unknown-attribute problem
freeradius developer/user identity
freeradius at cecst.com
Tue Jul 5 19:20:30 CEST 2011
> You can find the current freeradius dictionaries at
> https://github.com/alandekok/freeradius-server/tree/v2.1.x/share
> You can see that dictionary.microsoft and dictionary.merit are there....
> ...
> It includes attributes 11 (MS-CHAP-Challenge) and 25 (MS-CHAP2-Response).
Thank you for your prompt reply! It turns out that the dictionary
files for *radiusclient* are different from those for freeradius *server*
in subtle ways. Specifically, the server version uses the type "octet"
while radiusclient recognizes only "string", "integer", "ipaddr", and
"date" (see radiusclient's lib/dict.c, which is what parses the dictionaries).
You are completely correct that the freeradius server distribution comes
with a whole bunch of dictionaries, and that the dictionary.microsoft one
does define the attributes 11 and 25. Unfortunately, radiusclient does
not read these and cannot process them correctly if it did read them.
The radiusclient distribution (even the latest development version at
cvs -d :pserver:anoncvs at cvs.freeradius.org:/source login CVS password: anoncvs
cvs -d :pserver:anoncvs at cvs.freeradius.org:/source checkout radiusclient
(c/o http://wiki.freeradius.org/Radiusclient)
does not include any dictionary files other than "dictionary". Hence
the problem. It certainly would be helpful to include radiusclient versions
of dictionary.microsoft (and, I suppose, dictionary.merit) with the
radiusclient distribution.
Also, the current source of the radiusclient versions of dictionary.microsoft
and dictionary.merit at
http://wiki.freeradius.org/PopTop
which is the source of the buggy version of dictionary.microsoft that has
a space at the start of each line, could be updated to remove the spaces,
and text could be inserted that explains that the errors
rc_avpair_new: unknown attribute 11
rc_avpair_new: unknown attribute 25
may go away if these files are replaced with the revised versions. A
good place for the text to be updated would be at the paragraph beginning,
"That's not working. Ok, so you've followed the above steps and it's
still not working. So lets double check things before you post to FreeRADIUS
mailing lists: ...."
I was hoping that my patches could be accepted in any case because there
may be people who won't notice the changes in the web page above, and/or
may have troubles with new dictionaries that they are developing.
Another approach would be to modify radiusclient so that it reads the
dictionaries used by freeradius server. That would make a lot of sense,
and would be easy to do. Please let me know if you would like me to do
that.
Please let me know if I need to patch up the style in the patches.
I tried to mimic the C-style of the original code, but may have missed
spacing and such here and there.
Thanks again for maintaining this important project. Please let me know
how I can help. - Larry Widman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20110705/c4ee78de/attachment.pgp>
More information about the Freeradius-Devel
mailing list