Thierry CHICH wrote: > You are right. I think this typo is in the original file inner-tunnel > included > in the distrib,
Yes, I've fixed it. > but it work better - but not as I want. Now, I have a good > Access-Accept packet, but it is seems that the accounting-request following > don't care. Snifff. Your NAS is broken. > rad_recv: Accounting-Request packet from host 172.30.87.66 port 4366, id=144, > length=159 ... > User-Name = "[EMAIL PROTECTED]" Sending a \000 at the end is wrong. > Vendor-Specific = 0x564c414e2049442069733a20333032 > Vendor-Specific = 0x61632d636c65726d6f6e742e6672 These are not properly formed VSA's. This is *very* bad practice. > Acct-Session-Time = 4294967 The session time is 4 million seconds? Tell the vendor that their product is broken. As the author of RFC 5080, and a pending RFC on RADIUS design guidelines, I think I have reason to be authoritative on this issue. e.g. for the Vendor-Specific nonsense, read Section 2.2, at the top of page 12, of: http://www.ietf.org/internet-drafts/draft-ietf-radext-design-02.txt i.e. it's not flat-out forbidden, but it's a retarded thing to do. If the vendor refuses to fix it, throw the NAS in the garbage, and buy a real NAS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html