Re[2]: FreeRADIUS on a Solaris platform - now Tunnel-Password lengt h

3APA3A Wed, 24 Apr 2002 10:45:48 -0700

Dear Sinnwell Wolfgang EXT,

According  to  RFC  2868  TAG  should be >0x01 through 0x1f, tag 0x00 is
invalid, it's not added to reply.


--Wednesday, April 24, 2002, 9:35:42 PM, you wrote to 
[EMAIL PROTECTED]:

SWE> Hallo Alan,
SWE> Thank you, it works.

SWE> But I found a new problem: length of Tunnel-Password
SWE> seems to be wrong.
SWE> If I understand the RFC 2868 then the password attr
SWE> length must be 21 (minimum: type=1 + length=1 + tag=1 + salt=2 + pw_string=16).

SWE> The Access-Accept contains a password attr
SWE> with length 20. It seems that the tag isn't included.

SWE> Regards
SWE> Wolfgang

SWE> Trace from Freeradius server:
SWE> Waking up in 6 seconds...
SWE> rad_recv: Access-Request packet from host 153.92.29.2:1812, id=52, length=111
SWE>         User-Password = "\340Wq\210\251\003\020\215\372*\367\363\232\031\331\343"
SWE>         User-Name = "[EMAIL PROTECTED]"
SWE>         Service-Type = Framed-User
SWE>         Framed-Protocol = PPP
SWE>         NAS-Port = 3
SWE>         NAS-Port-Type = Virtual
SWE>         NAS-Identifier = "BIAS MAC address... comming soon"
SWE> modcall: entering group authorize
SWE>   modcall[authorize]: module "preprocess" returns ok
SWE>     rlm_realm: Looking up realm l2tp.com for User-Name = "[EMAIL PROTECTED]"
SWE>     rlm_realm: No such realm l2tp.com
SWE>   modcall[authorize]: module "suffix" returns noop
SWE>     users: Matched [EMAIL PROTECTED] at 93
SWE>   modcall[authorize]: module "files" returns ok
SWE> modcall: group authorize returns ok
SWE>   rad_check_password:  Found Auth-Type Local
SWE> auth: type Local
SWE> auth: user supplied User-Password matches local User-Password
SWE> Sending Access-Accept of id 52 to 153.92.29.2:1812
SWE>         Service-Type = Framed-User
SWE>         Framed-Protocol = PPP
SWE>         Framed-IP-Address = 255.255.255.254
SWE>         Framed-Routing = None
SWE>         Filter-Id = "std.ppp"
SWE>         Framed-MTU = 1500
SWE>         Framed-Compression = None
SWE>         Tunnel-Type:0 = L2TP
SWE>         Tunnel-Medium-Type:0 = IP
SWE>         Tunnel-Password:0 = "\245\002\2556P?\3718@\341cl\035\243\262\036\232="
SWE>         Tunnel-Client-Endpoint:0 = "153.92.29.2"
SWE>         Tunnel-Server-Endpoint:0 = "153.92.28.17"
SWE>         Tunnel-Client-Auth-Id:0 = "olli"
SWE>         Tunnel-Server-Auth-Id:0 = "raclet.l2tp.com"
SWE>         Tunnel-Assignment-Id:0 = "200"
SWE> Finished request 1

SWE> Details from ethereal:

SWE> User Datagram Protocol, Src Port: radius (1812), Dst Port: radius (1812)
SWE>     Source port: radius (1812)
SWE>     Destination port: radius (1812)
SWE>     Length: 160
SWE>     Checksum: 0xc035 (correct)
SWE> Radius Protocol
SWE>     Code: Access Accept (2)
SWE>     Packet identifier: 0x33 (51)
SWE>     Length: 152
SWE>     Authenticator
SWE>     Attribute value pairs
SWE>         t:Service Type(6) l:6, Value:Framed
SWE>         t:Framed Protocol(7) l:6, Value:PPP
SWE>         t:Framed IP Address(8) l:6, Value:255.255.255.254
SWE>         t:Framed Routing(10) l:6, Value:None
SWE>         t:Filter Id(11) l:9, Value:"std.ppp"
SWE>         t:Framed MTU(12) l:6, Value:1500
SWE>         t:Framed Compression(13) l:6, Value:None
SWE>         t:Tunnel Type(64) l:6, Value:L2TP
SWE>         t:Tunnel Medium Type(65) l:6, Value:IPv4
SWE>         t:Tunnel Password(69) l:20, 
Value:"\250\204\162\159\164X\028T\128)!^-\158\2538X\149"  <<<< len=20
SWE>         t:Tunnel Client Endpoint(66) l:13, Value:"153.92.29.2"
SWE>         t:Tunnel Server Endpoint(67) l:14, Value:"153.92.28.17"
SWE>         t:Tunnel Client Auth ID(90) l:6, Value:"olli"
SWE>         t:Tunnel Server Auth ID(91) l:17, Value:"raclet.l2tp.com"
SWE>         t:Tunnel Assignment ID(82) l:5, Value:"200"

SWE> 0000  08 00 3e ff ff 85 08 00 20 f0 b1 77 08 00 45 00   ..>..... ..w..E.          
   
SWE> 0010  00 b4 dd 79 40 00 ff 11 32 01 99 5c 1c 03 99 5c   [email protected]..\...\          
   
SWE> 0020  1d 02 07 14 07 14 00 a0 c0 35 02 33 00 98 a5 7b   .........5.3...{          
   
SWE> 0030  70 a1 b0 75 dd db d4 95 29 b2 dd 71 25 e9 06 06   p..u....)..q%...          
   
SWE> 0040  00 00 00 02 07 06 00 00 00 01 08 06 ff ff ff fe   ................          
   
SWE> 0050  0a 06 00 00 00 00 0b 09 73 74 64 2e 70 70 70 0c   ........std.ppp.          
   
SWE> 0060  06 00 00 05 dc 0d 06 00 00 00 00 40 06 00 00 00   ...........@....          
   
SWE> 0070  03 41 06 00 00 00 01 45 14 fa cc a2 9f a4 58 1c   .A.....E......X.   <<< 45 
14 fa cc .. no tag (=0)             
SWE> 0080  54 80 29 21 5e 2d 9e fd 38 58 95 42 0d 31 35 33   T.)!^-..8X.B.153          
   
SWE> 0090  2e 39 32 2e 32 39 2e 32 43 0e 31 35 33 2e 39 32   .92.29.2C.153.92          
   
SWE> 00a0  2e 32 38 2e 31 37 5a 06 6f 6c 6c 69 5b 11 72 61   .28.17Z.olli[.ra          
   
SWE> 00b0  63 6c 65 74 2e 6c 32 74 70 2e 63 6f 6d 52 05 32   clet.l2tp.comR.2          
   
SWE> 00c0  30 30                                             00                        
   



SWE> - 
SWE> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


-- 
~/ZARAZA
� �������� ���� ������.  (���)


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re[2]: FreeRADIUS on a Solaris platform - now Tunnel-Password lengt h

Reply via email to