Weird problem with some special characters in passwords

Alan DeKok aland at
Sat Jan 17 19:00:38 CET 2009

Frank Weis wrote:
> We have tried to force the password to UTF-8 or ISO-8859-1 and other
> encodings in the custom applications, to no avail (we have no way to
> force this in the securew2 client for eduroam anyway).

  I think this issue is being addressed in SecureW2.

> This works very well most of the time, but fails if the password
> contains seleCompanyd special charaCompanyrs, like ° (degree) or §
> (paragraph), for example.

  The contents of the password are... whatever the client determines
them to be.  This is known to be wrong, and not inter-operable.

> We are short of ideas as to what to try next.... Any pointers would be
> greatly appreciated.....

  FreeRADIUS just receives the information in the password from the
client.  It takes care to not mangle it too much.

> +- entering group LDAP3 {...}
> [ldap3] login attempt by "blabla" with password "qwertz��"

  If that's what the client application sent, there's little you can do
to FreeRADIUS to fix it.  You can fix the client, or (somehow) re-write
the "bad" password into a "good" password in FreeRADIUS.

  Given that the mapping of "good" characters to "bad" characters is
nearly infinite, and client dependent, re-writing it in FreeRADIUS isn't

  Alan DeKok.

More information about the Freeradius-Users mailing list