Vendor specific attributes format eapol_test

Alan DeKok aland at deployingradius.com
Fri Jun 23 14:03:28 UTC 2023


On Jun 23, 2023, at 9:55 AM, nabble at felix.world wrote:
> I know it’s not FreeRADIUS related but you may be able to help me to understand how vendor specific attributes work and how to correctly send them with eapol_test. 
> Vendor specific attributes are in the RADIUS attribute 26

  The RADIUS attribute format is not only well documented, FreeRADIUS (or radclient) can be used to create attributes based on names.  Then... use "radclient -xxx" or "radiusd -Xx", and you will see the hex encoding of those attributes.

  Then, use that hex data as input to eapol_test.

> So with eapol_test the following flag `-N 26:x:00009f680305010000` would be in detail: 
> 
> 00009f68 = Vendor-Id in hex
> 03		= Vendor attribute id
> 05		= length
> 010000	= Value
> 
> 05 should be the length if I understand it correctly.

  The length field is the length of the header (2 bytes) plus the length of the value being encoded.  Since the header is 2 bytes and the value is 3 bytes, the length field has value 5.

> But after playing around a bit it confuses me more and more. 
> 
> Why is 010000 of length 05 and e.g. 11000342342342 of length 09?

  The length includes the header field.  See RFC 2865 for details.

  Alan DeKok.



More information about the Freeradius-Users mailing list