Joseph Showalter wrote:
So, after working on our puzzling issue, we have found the root cause of chap failing instance:
Our equipment vendor is putting this in the end device 4867467528286D35655B523F585C5359.
But freeradius needs to see this value: HgFu((m5e[R?X\\SY.
That's pretty much what I expected. For the record, the vendor is wrong. They should either accept printable ASCII passwords, or make it clear that the password is a binary string.
This value is the "Escaped" value of the above hex.
In the radius db we have the hex value stored like this: 4867467528286D35655B523F585C5359.
Are there any suggestions on how we could easily convert this to the 'Escaped' value either with SQL changes or writing a perl plugin or something else that we have missed?
You will need to use version 3. update { Tmp-Octets-0 := 0x4867467528286D35655B523F585C5359 reply:Filter-Id := &Tmp-Octets-0 } ... rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=81, length=38 Filter-Id = "HgFu((m5e[R?X\\SY" i.e. put the hex values into an "octets" type attribute. You'll need to prefix it with "0x", in order to get it parsed correctly. Then, assign it to a "string" attribute (e.g. Cleartext-Password), via the "&" operator. Unfortunately, version 2 doesn't support this functionality. In that version, you'll need to use Perl to do the translation. Alan DeKok.