Frank Weis wrote:
We have tried to force the password to UTF-8 or ISO-8859-1 and other encodings in the custom applications, to no avail (we have no way to force this in the securew2 client for eduroam anyway).
I think this issue is being addressed in SecureW2.
This works very well most of the time, but fails if the password contains seleCompanyd special charaCompanyrs, like ° (degree) or § (paragraph), for example.
The contents of the password are... whatever the client determines them to be. This is known to be wrong, and not inter-operable.
We are short of ideas as to what to try next.... Any pointers would be greatly appreciated.....
FreeRADIUS just receives the information in the password from the client. It takes care to not mangle it too much.
+- entering group LDAP3 {...} [ldap3] login attempt by "blabla" with password "qwertz��"
If that's what the client application sent, there's little you can do to FreeRADIUS to fix it. You can fix the client, or (somehow) re-write the "bad" password into a "good" password in FreeRADIUS. Given that the mapping of "good" characters to "bad" characters is nearly infinite, and client dependent, re-writing it in FreeRADIUS isn't easy. Alan DeKok.