xlat failure in 2.1.8 (worked in 2.1.6)

Stefan Winter stefan.winter at restena.lu
Wed Feb 3 14:44:54 CET 2010


>> The basic use scenario is a mySQL DB backend which pulls a NT-Hash for
>> the user. Input is PAP, so rlm_pap calls xlat:NT-Hash for the input, and
>> then returns with the log message that mschap xlat failed.
>   Debug says?

It seems to be the single quote. Sorry for not attching it in the first
place, debug from separate test box below:

Ready to process requests.
rad_recv: Access-Request packet from host port 53873, id=57,
        User-Name = "xlat-to-hell"
        User-Password = "abc'def"
        NAS-IP-Address =
        NAS-Port = 123
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "xlat-to-hell", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry xlat-to-hell at line 59
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "abc'def"
[pap] Using NT encryption.
[pap] Badly formatted variable: %{mschap:NT-Hash abc'def}
[pap] mschap xlat failed
[pap] Passwords don't match
++[pap] returns reject
Failed to authenticate the user.
Using Post-Auth-Type Reject

>   Send a test case over, and I'll take a look.  It should be easy to
> fix, as the new code isn't insane.

Above debug was on such a test instance. Fresh compilation an install,
one line with Auth-Type := PAP, NT-Password := "0xsomething", radtest
with the bad password in it.


Stefan Winter

Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20100203/f0b4b6af/attachment.pgp>

More information about the Freeradius-Devel mailing list