Sinnwell Wolfgang EXT <[EMAIL PROTECTED]> wrote: > But I found a new problem: length of Tunnel-Password > seems to be wrong. > If I understand the RFC 2868 then the password attr > length must be 21 (minimum: type=1 + length=1 + tag=1 + salt=2 + pw_string=16).
I'm not sure that the tag has to be there. http://www.freeradius.org/rfc/rfc2868.html#Tunnel-Password > The Access-Accept contains a password attr > with length 20. It seems that the tag isn't included. Hmm... it looks like you're right. The Tunnel-Password *requires* that the tag is there. Damn, I hate standards with umpteen confusion options. I'll fix the code. Hmm... the rad_decode() function in src/main/radius.c explicitely skips over the tag, too. So until the code is fixed, the server won't inter-operate with itself. <sigh> We need some automated regression tests. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html