On Aug 14, 2019, at 7:45 AM, Лев Валуев <2309005m03@gmail.com> wrote:
After moved from freeradius v2 to freeradius v3 we have noticed some strange issue - radius service receives extra characters from nas client. For example, I am trying to authenticate on 10.56.36.33 host as user 'user' with password 'Password', but according to radius log it receives 'Password\000]\n'. Could you help me to find what is wrong?
The NAS should encode the User-Password correctly. This one doesn't. See the "filter_password" policy in more recent versions of the server: # # Filter the User-Password # # Some equipment sends passwords with embedded zeros. # This policy filters them out. # filter_password { if (&User-Password && \ (&User-Password != "%{string:User-Password}")) { update request { &Tmp-String-0 := "%{string:User-Password}" &User-Password := "%{string:Tmp-String-0}" } } } This may be in raddb/policy.d/filter already. If not, add it there. Then, find the "filter_username" reference in sites-enabled/default. And add "filter_password" after it. Alan DeKok.