On 10/21/2010 10:27 PM, Phil Mayers wrote:
On 10/21/2010 08:52 PM, mark.leese@stfc.ac.uk wrote:
I don't know whether the problem lies with me (for allowing a backslash in the password in the first place) the NAS for appearing to 'escape' the backslash (with a backslash)
rlm_ldap accesses the raw string value of the request->password AVP, so it shouldn't be anything inside FreeRadius.
What is the NAS?
Hmm. I've just tried this locally and I don't seem to get the same results as you; I see the backslash doubled in the initial FreeRadius dump (as expected - FreeRadius writes the debug output as you would write config files): rad_recv: Access-Request packet from host 127.0.0.1 port 53973, id=123, length=44 User-Name = "pjm3" User-Password = "foo\\bar" ...and I then see: [ldap] login attempt by "pjm3" with password "foo\bar" [ldap] user DN: CN=pjm3,... [ldap] (re)connect to icads1.ic.ac.uk:389, authentication 1 [ldap] bind as CN=pjm3,.../foo\bar to icads1.ic.ac.uk:389 [ldap] waiting for bind result ... ...note the backslash just appears singly here; the rlm_ldap debugging output code writes the raw value out. You however have two backslashes by this point, so it must be your rlm_perl module. Can you prevent the perl module touching the User-Password attribute, and see if that helps?