On Feb 11, 2015, at 8:46 AM, Mark Keyte <Mark.Keyte@lshtm.ac.uk> wrote:
We have recently noticed that authentication is failing when users are using the £ sign character in their password (and also § found on macbook keyboards) - it seems to work fine with other characters - !"$%^123&*()_+-=[]{};'#:@~,./<>?\| for example.
i.e. ASCII. The problem is a hard one to solve. The MS-CHAP standards don’t actually say what format the passwords should be in. So implementations have chosen different paths… not all of which are compatible.
However as soon as I remove £ sign auth is working fine.
Exactly.
It also works if you use £ rather than just the £ within the password when authing from a supplicant (tested with android & Windows)- suggesting some kind of encoding issue??.
It’s an encoding issue. FreeRADIUS tries to do the right thing, and has been tested with every supplicant out there. So it *should* work.
Any thoughts would be appreciated.
Post some sample passwords to the list. The one that fails, and the one that works. As *hex* strings. Don’t just cut & paste the password. Mailers *will* modify the password. They won’t modify a hex string. I’ll take a look and see if there’s an issue which can be fixed. Alan DeKok.