Yes, that is the problem. In the registry set AllowMalformed to 3 (its
probably 1) and restart RadiusNT. This allows RadiusNT to accept
passwords
that are not multiples of 16 in length.
The RFC clearly states that passwords must be a multiple of 16, and
padded
if not. RadiusNT is just conforming to the RFC (I wish more people
did).
I'll include some relevant snipet from the RFC if you want to pass them
on to the other side.
> 5.2. User-Password
>
> Description
>
> This Attribute indicates the password of the user to be
> authenticated, or the user's input following an Access-Challenge.
> It is only used in Access-Request packets.
>
> On transmission, the password is hidden. The password is first
> padded at the end with nulls to a multiple of 16 octets. A one-
> way MD5 hash is calculated over a stream of octets consisting of
> the shared secret followed by the Request Authenticator. This
> value is XORed with the first 16 octet segment of the password and
> placed in the first 16 octets of the String field of the User-
> Password Attribute.
>
> If the password is longer than 16 characters, a second one-way MD5
> hash is calculated over a stream of octets consisting of the
> shared secret followed by the result of the first xor. That hash
> is XORed with the second 16 octet segment of the password and
> placed in the second 16 octets of the String field of the User-
> Password Attribute.
....
> Type
> 2 for User-Password.
>
> Length
> At least 18 and no larger than 130.
>
> String
> The String field is between 16 and 128 octets long, inclusive.
--Dale E. Reed Jr. Emerald and RadiusNT/X____________________________________________IEA Software, Inc. www.iea-software.com
For more information about this list (including removal) go to:http://www.iea-software.com/support/maillists/liststart