Hello Alan! Thanks for your fast reply! I had filter_password policy in raddb/policy.d/filter. I have uncommented it in sites-enabled/default file but doesn't look like it changed something I still receive the same string. Probably I have done something wrong - I see no mention of filter_password policy at the radiusd -X output. According to filter_password description, this policy exists for removal of embedded zeros. I have ]\n at the end of the user-password. Could it disturb with filter_password? # grep -A 9 filter_password /etc/raddb/policy.d/filter filter_password { if (&User-Password && \ (&User-Password != "%{string:User-Password}")) { update request { &Tmp-String-0 := "%{string:User-Password}" &User-Password := "%{string:Tmp-String-0}" } } } # grep filter_password /etc/raddb/sites-enabled/default filter_password ср, 14 авг. 2019 г. в 14:53, Alan DeKok <aland@deployingradius.com>:
The NAS should encode the User-Password correctly. This one doesn't.
See the "filter_password" policy in more recent versions of the server:
# # Filter the User-Password # # Some equipment sends passwords with embedded zeros. # This policy filters them out. # filter_password { if (&User-Password && \ (&User-Password != "%{string:User-Password}")) { update request { &Tmp-String-0 := "%{string:User-Password}" &User-Password := "%{string:Tmp-String-0}" } } }
This may be in raddb/policy.d/filter already. If not, add it there.
Then, find the "filter_username" reference in sites-enabled/default. And add "filter_password" after it.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html