Tunnel-Password fails proxy: "tunnel password is too long for the attribute"

Alan DeKok aland at ox.org
Mon Jul 25 20:17:49 CEST 2005

Tariq Rashid <tariq.rashid at uk.easynet.net> wrote:
> when a backend radius server sends bakc the following tunnel attributes, the
> freeradius 1.0.2 fails the request with "tunnel password is too long for the
> attribute"( discovered by radiusd -X).


>         Tunnel-Password = 1:lab

  That's not the correct format for tags.

> if I comment out the Tunnel-Passord, the proxied reply returns fine.

  I though you said that the backend server sent the attribute?  How
do you comment it out?

> I guess this is a problem with the tagged stting for the password, partt of
> which is encrypted perhaps? the backend is Radiator 3.8.

  See src/lib/radius.c.  A byte in the attribute says how long it is.
If en/decrypted wrong, the byte will be garbage.

  Alan DeKok.

More information about the Freeradius-Users mailing list