MySQL DB and /n in Cisco-AVPair problem

Alan DeKok aland at
Thu Jul 20 02:14:02 CEST 2017

On Jul 19, 2017, at 6:04 PM, Andy Smith <a.smith at> wrote:
> On 19-07-2017, Alan De
>  Im seeing this in "RADIUS Server reply" from NTRadPing 

  We didn't write NTRadPing.  Ask the authors of NTRadPing why it's broken.

> The difference (again in the output in NTRadPing) for Tunnel-Password
> is, 1.x: 
> \0x00\0xe5-\0xd6w\0xee\0x8a\0x96]\0xd0\0xe8\0xd2\0x13\0xacs\0x14\0xa5\0xf9
> 3.x: 
> \0x00\0x82\0xb0\0x8c\0xd8\0x00\0x06\0xe8\0xc9Q\6f~8\0xc9\0xe0\0x15 

  The Tunnel-Passwords are encrypted on the wire.  If NTRadPing isn't showing you the decrypted version, then it's garbage.  Throw it away, and use a real RADIUS client.

  i.e. radclient.

> The passwords are clear text in the DB, I mentioned this as its another
> thing that is different but I'm not sure its an issue. As I said, on
> both 1.x and 3.x I get responce access accepted in NTRadPing.

  NTRadPing is garbage.  Use a real RADIUS client.

> The \n on
> the other hand I suspect may be an issue as the Cisco documention
> specifies that the AVPair should end with \n and it does not on the
> 3.0.14 server, 

  Since you're not posting the debug output, there isn't much I can do to help.

  Alan DeKok.

More information about the Freeradius-Users mailing list