RE: RE: RE: Problem with character Ä in username/password

Velusamy, Vinodh vinodh.velusamy at ubizen.com
Thu Aug 24 10:00:22 CEST 2006 

Hi Alan,
Ok maybe it wasn't clear enough. We have a web-application running on Apache/tomcat and the client used for authentication is the mod_auth_radius module. We want to test that there are no problems with users having special characters, hence the garbage like username/password. We have a valid unix user éâäåçêëèïîìÄæôòû with password éâäåçêëèïîìÄæôòû in the Ubuntu Dapper Linux system on which the radius server 1.1.0 has been installed. So when I browse to the web-app, I get uid/pwd challenge, and when I provide the éâäåçêëèïîìÄæôòû/éâäåçêëèïîìÄæôòû as the uid/pwd, I see the following on the radius server which is running in debug mode:

rad_recv: Access-Request packet from host 127.0.0.1:33292, id=245, length=98
        User-Name = "\303\251\303\242\303\244\303\245\303\247\303\252\303\250\303\257\303\256\303\254\303\204\303\246\303\264\303\262\303\273"
        User-Password = "\222\023S~\345v\322\250\207\216\261\206\242J\301\301\251\006\233\026N\374\014\213\036c\022'\220\r\370\210"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 1812
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
  modcall[authorize]: module "preprocess" returns ok for request 1
  modcall[authorize]: module "mschap" returns noop for request 1
    rlm_realm: No '@' in User-Name = "éâäåçêëèïîì@?æôòû", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 1
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 1
    users: Matched entry DEFAULT at line 152
  modcall[authorize]: module "files" returns ok for request 1
modcall: leaving group authorize (returns ok) for request 1
  rad_check_password:  Found Auth-Type System
auth: type "System"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_unix: [éâäåçêëèïîì@?æôòû]: invalid password
  modcall[authenticate]: module "unix" returns reject for request 1
modcall: leaving group authenticate (returns reject) for request 1
auth: Failed to validate the user.
  WARNING: Unprintable characters in the password. ?  Double-check the shared secret on the server and the NAS!
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
--- Walking the entire request list ---



I have another unix user Vinodh/vinodh in the system, so when I try that, I get this:

Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 7 ID 99 with timestamp 44e57654 Nothing to do.  Sleeping until we see a request.
rad_recv: Access-Request packet from host 10.0.203.118:1026, id=97, length=72
        User-Name = "Vinodh"
        User-Password = "vinodh"
        Service-Type = Authenticate-Only
        NAS-Identifier = "10.0.203.118"
        NAS-IP-Address = 10.0.203.118
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
  modcall[authorize]: module "preprocess" returns ok for request 8
  modcall[authorize]: module "mschap" returns noop for request 8
    rlm_realm: No '@' in User-Name = "Vinodh", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 8
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 8
    users: Matched entry DEFAULT at line 152
  modcall[authorize]: module "files" returns ok for request 8
modcall: leaving group authorize (returns ok) for request 8
  rad_check_password:  Found Auth-Type System
auth: type "System"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
  modcall[authenticate]: module "unix" returns ok for request 8
modcall: leaving group authenticate (returns ok) for request 8 Sending Access-Accept of id 97 to 10.0.203.118 port 1026 Finished request 8 Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 8 ID 97 with timestamp 44e57662 Nothing to do.  Sleeping until we see a request.

So the unix authentication works fine for ordinary characters. Is there some configuration issue somewhere? Hope this is more clearer.

V~


---
Vinodh Velusamy
Software Engineer

Ubizen - a Cybertrust company
Ubicenter, Philipssite 5, 3001 Leuven, Belgium
T: +32 16 28 73 14
F: +32 16 28 71 00 
E-mail: vinodh.velusamy at ubizen.com

www.ubizen.com  - www.cybertrust.com

-----Original Message-----
From: freeradius-users-bounces+vinodh.velusamy=ubizen.com at lists.freeradius.org [mailto:freeradius-users-bounces+vinodh.velusamy=ubizen.com at lists.freeradius.org] On Behalf Of Alan DeKok
Sent: Wednesday, August 23, 2006 7:27 PM
To: FreeRadius users mailing list
Subject: Re: RE: RE: Problem with character Ä in username/password

"Velusamy, Vinodh" <vinodh.velusamy at ubizen.com> wrote:
> Sorry for troubling you, but could you please help me out with this?
> We are using the mod_auth_radius, the RADIUS authentication module for 
> the Apache webserver version 1.5.2 for apache 1.3 that you have 
> developed. If you need any other info I will try my best to provide 
> it.

  I have no idea what the problem is.  I've asked for information, and you haven't provided it.  I've asked questions that you haven't answered.

  If the username is garbage, then the ONLY reason that happens is that's what the user typed in.

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list