Tunnel-Password fails proxy: "tunnel password is too long for the attribute"
Alan DeKok
aland at ox.org
Mon Jul 25 20:17:49 CEST 2005
Tariq Rashid <tariq.rashid at uk.easynet.net> wrote:
> when a backend radius server sends bakc the following tunnel attributes, the
> freeradius 1.0.2 fails the request with "tunnel password is too long for the
> attribute"( discovered by radiusd -X).
Ok...
> Tunnel-Password = 1:lab
That's not the correct format for tags.
> if I comment out the Tunnel-Passord, the proxied reply returns fine.
I though you said that the backend server sent the attribute? How
do you comment it out?
> I guess this is a problem with the tagged stting for the password, partt of
> which is encrypted perhaps? the backend is Radiator 3.8.
See src/lib/radius.c. A byte in the attribute says how long it is.
If en/decrypted wrong, the byte will be garbage.
Alan DeKok.
More information about the Freeradius-Users
mailing list