Freeradius 2.1.6: "\" in %{SQL-User-Name}

Difan Zhao difan.zhao at guest-tek.com
Mon May 10 18:33:22 CEST 2010


Good morning guys!

I asked a question earlier but haven't heard back a reply yet... I guess
I am not supposed to include the question in the answer of another
question lol.

So here is the question again:

I am using my Freeradius 2.1.6 to do PEAP for Windows XP clients. The
usernames are in format '<Domain_name>\<username>'

I am using postgresql and my "safe-characters" in the dialup.conf is set
to:

safe-characters =
"\\$@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_:
/"

My radcheck table looks like:
 id |   username   |     attribute      | op |    value
  4 | GTCORP\dzhao | Auth-Type          | =  | ntlm_auth

When I try to authenticate, in the debug, I see this:

[sql]   expand: SELECT id, UserName, Attribute, Value, Op   FROM
radcheck   WHERE Username = '%{SQL-User-Name}'   ORDER BY id -> SELECT
id, UserName, Attribute, Value, Op   FROM radcheck   WHERE Username =
'GTCORP\dzhao'   ORDER BY id

However this query returns nothing from the postgresql DB because the DB
treats the "\" as an escape character. In order to test I added another
entry in the table:

11 | GTCORPdzhao  | Auth-Type          | =  | ntlm_auth

And the query worked and found it.

I also tried the following query in PostSQL and it found the orginal
entry successfully...

select * from radcheck where username = 'GTCORP\\dzhao'

I am wondering if there is a setting to automatically add another "\" in
the %{SQL-User-Name} if there is already a "\" in it?? 

Thanks!
 
Difan Zhao, M.Eng
Network Engineer
difan.zhao at guest-tek.com
www.guest-tek.com
Office: 403-509-1010 ext 3048
Cell: 403-689-7514
 




More information about the Freeradius-Users mailing list