MySQL DB and /n in Cisco-AVPair problem
Alan DeKok
aland at deployingradius.com
Thu Jul 20 02:14:02 CEST 2017
On Jul 19, 2017, at 6:04 PM, Andy Smith <a.smith at ldex.co.uk> wrote:
>
> On 19-07-2017, Alan De
> Im seeing this in "RADIUS Server reply" from NTRadPing
We didn't write NTRadPing. Ask the authors of NTRadPing why it's broken.
> The difference (again in the output in NTRadPing) for Tunnel-Password
> is, 1.x:
>
> \0x00\0xe5-\0xd6w\0xee\0x8a\0x96]\0xd0\0xe8\0xd2\0x13\0xacs\0x14\0xa5\0xf9
>
>
> 3.x:
>
> \0x00\0x82\0xb0\0x8c\0xd8\0x00\0x06\0xe8\0xc9Q\6f~8\0xc9\0xe0\0x15
The Tunnel-Passwords are encrypted on the wire. If NTRadPing isn't showing you the decrypted version, then it's garbage. Throw it away, and use a real RADIUS client.
i.e. radclient.
> The passwords are clear text in the DB, I mentioned this as its another
> thing that is different but I'm not sure its an issue. As I said, on
> both 1.x and 3.x I get responce access accepted in NTRadPing.
NTRadPing is garbage. Use a real RADIUS client.
> The \n on
> the other hand I suspect may be an issue as the Cisco documention
> specifies that the AVPair should end with \n and it does not on the
> 3.0.14 server,
Since you're not posting the debug output, there isn't much I can do to help.
Alan DeKok.
More information about the Freeradius-Users
mailing list