User password

Chaigneau, Nicolas nicolas.chaigneau at capgemini.com
Wed May 22 15:59:17 CEST 2019 

As Alan suggested, look at the following policy (in raddb/policy.d/filter):

#  Some equipment sends passwords with embedded zeros.
#  This policy filters them out.
#
filter_password {
	if (&User-Password && \
	   (&User-Password != "%{string:User-Password}")) {
		update request {
			&Tmp-String-0 := "%{string:User-Password}"
			&User-Password := "%{string:Tmp-String-0}"
		}
	 }
}



-----Message d'origine-----
De : Freeradius-Users <freeradius-users-bounces+nicolas.chaigneau=capgemini.com at lists.freeradius.org> De la part de Nicolas Breuer
Envoyé : mercredi 22 mai 2019 15:46
À : FreeRadius users mailing list
Objet : RE: User password 

Hello Alan,

Ok but i have the correct attribute in v2.2 but maybe that was not expected and the Cisco is very old.
Can you help with a link to solve the issue ?

Thanks in advance,


-----Message d'origine-----
De : Freeradius-Users <freeradius-users-bounces+nicolas.breuer=belcenter.biz at lists.freeradius.org> De la part de Alan DeKok Envoyé : mercredi 22 mai 2019 13:08 À : FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Objet : Re: User password 

On May 22, 2019, at 5:12 AM, Nicolas Breuer <Nicolas.Breuer at belcenter.biz> wrote:
> Trying to migrate our old Cisco XS Server to FR3.0.19
> 
> Ready to process requests
> (9) Received Access-Request Id 9 from 117.212.177.1:1645 to 117.212.180.1:1814 length 97
> (9)   NAS-IP-Address = 217.112.177.1
> (9)   NAS-Port = 3
> (9)   NAS-Port-Type = Async
> (9)   User-Name = "username"
> (9)   Called-Station-Id = "240"
> (9)   Calling-Station-Id = "71"
> (9)   User-Password = "alerteo268\000N: In"
> (9)   Service-Type = Framed-User
> (9)   Framed-Protocol = PPP
> 
> 
> Any ideas from where the \000N:In comes from ?

  It comes from the NAS, like every other RADIUS attribute.

  Some NASes implement RADIUS incorrectly.

  If you read the config in a recent version of v3, there are policies to catch & fix this exact issue.

  Alan DeKok.


This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.

More information about the Freeradius-Users mailing list