RE: Tunnel-Password fails proxy: tunnel password is too long for the attribute
I though you said that the backend server sent the attribute? How do you comment it out? i prevent the backend server from sending this particular Tunnel-Password attribute. t - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Tunnel-Password fails proxy: tunnel password is too long for the attribute
Tariq Rashid [EMAIL PROTECTED] wrote: i prevent the backend server from sending this particular Tunnel-Password attribute. Ok... can you post sample packet traces containing that attribute, and use a known shared secret like testing123. That will let me validate the packets... The request/response to/from the backend server should be good enough. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Tunnel-Password fails proxy: tunnel password is too long for the attribute
when a backend radius server sends bakc the following tunnel attributes, the freeradius 1.0.2 fails the request with tunnel password is too long for the attribute( discovered by radiusd -X). Tunnel-Server-Endpoint = 1:82.111.96.178 Tunnel-Type = 1:L2TP Tunnel-Medium-Type = 1:IP Tunnel-Password = 1:lab Framed-Protocol = PPP if I comment out the Tunnel-Passord, the proxied reply returns fine. I guess this is a problem with the tagged stting for the password, partt of which is encrypted perhaps? the backend is Radiator 3.8. directly querying the backed, without freeradius proxying, works fine. tariq - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Tunnel-Password fails proxy: tunnel password is too long for the attribute
Tariq Rashid [EMAIL PROTECTED] wrote: when a backend radius server sends bakc the following tunnel attributes, the freeradius 1.0.2 fails the request with tunnel password is too long for the attribute( discovered by radiusd -X). Ok... Tunnel-Password = 1:lab That's not the correct format for tags. if I comment out the Tunnel-Passord, the proxied reply returns fine. I though you said that the backend server sent the attribute? How do you comment it out? I guess this is a problem with the tagged stting for the password, partt of which is encrypted perhaps? the backend is Radiator 3.8. See src/lib/radius.c. A byte in the attribute says how long it is. If en/decrypted wrong, the byte will be garbage. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html