vendor-specific problem in 3.0.4 vs. 2.1.12

Alan DeKok aland at
Thu Oct 8 16:02:50 CEST 2015

On Oct 8, 2015, at 9:44 AM, Rob McKennon <rmckennon at> wrote:
> I'm trying to get super-micro's IPMI to work with freeradius.  Their latest docs say to use freeradius 2.1.12, and it does work.
> Using this in the users file:
> "radius_admin" Cleartext-Password := "123456"
>               Vendor-Specific = "H=4, I=4"

  Uh... that's wrong.  That's not just wrong, it's stupid, broken, and violates the RFCs.

> But when I try using freeradius 3.0.4 with the same radius-admin user, I get this result:

  Use 3.0.10, which was released this week.  You can do (sort of) the same thing.  But instead of "Vendor-Specific", you'll need to use:

	Attr-26 = 0xabcdef

  or whatever hex string corresponds to "H=4, I=4"

> So, I'm not sure how version 3 differs from version 2.1.12 in handling of the Vendor-specific attributes, but is there a way to make this work in version 3 / something I need to tweak?

  Version 3 deals with malformed attributes much better than 2.1.12.  The price of that is that a bare "Vendor-Specific" is considered to be malformed.

  Tell Super Micro that their products are broken and wrong.  That they should update the products to follow the RFCs.  See RFC 6158, Section 2.2 among others.

  Tell Super Micro that the guy who wrote the specs told them they're wrong.  And that they're causing pain for all of their customers.

  Alan DeKok.

More information about the Freeradius-Users mailing list