Usernames with escape sequences
James Sumners
james.sumners at clayton.edu
Fri Feb 27 15:28:01 CET 2015
I have Freeradius authenticating to an Active Directory system via
ntlm_auth. When a username in the format "foobar\jdoe" comes in, where
"foobar" is the domain and "jdoe" is the real username, the
authentication succeeds just fine. But if username is "foobar\tdoe"
then it gets expanded to "foobar doe".
Here's some real output where the passed in username was "CCSU\tstudent":
```
(0) mschap : Client is using MS-CHAPv1 with NT-Password
(0) mschap : Executing: "/bin/ntlm_auth --request-nt-key
--username=%{%{mschap:User-Name}:-None}
--domain=%{%{mschap:NT-Domain}:-None}
--challenge=%{%{mschap:Challenge}:-00}
--nt-response=%{%{mschap:NT-Response}:-00}"
(0) mschap : expand: "--username=%{%{mschap:User-Name}:-None}" ->
'--username=CCSU student'
(0) mschap : No NT-Domain was found in the User-Name.
(0) mschap : expand: "--domain=%{%{mschap:NT-Domain}:-None}" -> '--domain='
(0) mschap : mschap1: ac
(0) mschap : expand: "--challenge=%{%{mschap:Challenge}:-00}" ->
'--challenge=ac132ce03cba1933'
(0) mschap : expand: "--nt-response=%{%{mschap:NT-Response}:-00}" ->
'--nt-response=ff768eafb00738e62a3a92e103bf5c7baa7d926da2248b88'
(0) mschap : Program returned code (1): Logon failure (0xc000006d)
(0) mschap : External script failed.
(0) ERROR: mschap : External script says: Logon failure (0xc000006d)
```
How do I prevent the escape sequence from being expanded?
More information about the Freeradius-Users
mailing list