On Dec 3, 2021, at 2:42 AM, Burn Zero <burnzerog@gmail.com> wrote:
I noticed some authentication issues recently and saw that it is due to people using backslash \ in their passwords. If there is a single backslash in the password, then FreeRADIUS adds another backslash to it and hence the authentication is rejected.
That's not quite what happens.
I have:
In LDAP module,
update { control:My-Raw-Password += 'User-Password' }
I suspect this isn't what's actually there. Instead of pasting the exact string, you've re-typed it. These are computers. Details matter.
Then in authorize,
ntlm_auth.authorize { if (!control:Auth-Type && User-Password) { update control { User-Password := "%{string:control:My-Raw-Password}" Auth-Type := ntlm_auth }
I have no idea why you're doing this. It's not necessary. If the password is in LDAP, it can be checked via LDAP. You don't need ntlm_auth.
I searched several posts in this mailing list but I couldn't get it. Could you please let me know how to parse the backslash as backslash and not to add any extra backslash?
Don't use ntlm_auth. Use ldap as it was intended. It works. Alan DeKok.