Freeradius 2.1.6: Store Cisco device "enable" passwordinPostgresql DB

Difan Zhao difan.zhao at guest-tek.com
Thu May 6 19:07:52 CEST 2010 

Sorry guys... I need to change my question a little bit! Please ignore
my last emails.

I am using my Freeradius 2.1.6 to do PEAP for Windows XP clients. The
usernames are in format '<Domain_name>\<username>'

I am using postgresql and my "safe-characters" in the dialup.conf is set
to:

safe-characters =
"\\$@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_:
/"

My radcheck table looks like:
 id |   username   |     attribute      | op |    value
  4 | GTCORP\dzhao | Auth-Type          | =  | ntlm_auth

When I try to authenticate, in the debug, I see this:

[sql]   expand: SELECT id, UserName, Attribute, Value, Op   FROM
radcheck   WHERE Username = '%{SQL-User-Name}'   ORDER BY id -> SELECT
id, UserName, Attribute, Value, Op   FROM radcheck   WHERE Username =
'GTCORP\dzhao'   ORDER BY id

However this query returns nothing from the postgresql DB because the DB
treats the "\" as an escape character. In order to test I added another
entry in the table:

11 | GTCORPdzhao  | Auth-Type          | =  | ntlm_auth

And the query worked and found it.

I also tried a query on the DB and this one found the orginal entry
successfully...
select * from radcheck where username = 'GTCORP\\dzhao'

I am wondering if there is a setting to automatically add another "\" in
the %{SQL-User-Name} if there is already a "\" in it?? 

Thanks!
 
Difan Zhao, M.Eng
Network Engineer
difan.zhao at guest-tek.com
www.guest-tek.com
Office: 403-509-1010 ext 3048
Cell: 403-689-7514
 
-----Original Message-----
From:
freeradius-users-bounces+difan.zhao=guest-tek.com at lists.freeradius.org
[mailto:freeradius-users-bounces+difan.zhao=guest-tek.com at lists.freeradi
us.org] On Behalf Of Difan Zhao
Sent: Wednesday, May 05, 2010 12:21 PM
To: FreeRadius users mailing list
Subject: RE: Freeradius 2.1.6: Store Cisco device "enable"
passwordinPostgresql DB

Thank you very much Alan! I added the "$" in the safe-characters and it
works great now. However I also added "\" but it doesn't seem to work...
My FreeRadius is also setup to handle PEAP for Windows XP PCs and they
use "domain\username" format. In debug I see:

[sql]   expand: SELECT id, UserName, Attribute, Value, Op   FROM
radcheck   WHERE Username = '%{SQL-User-Name}'   ORDER BY id -> SELECT
id, UserName, Attribute, Value, Op   FROM radcheck   WHERE Username =
'GTCORP=5Cdzhao'   ORDER BY id

As you can see the username "GTCORP\dzhao" becomes "GTCORP=5Cdzhao"...

I do have "\" in the safe-character list:

safe-characters =
"\$@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_:
/"

Any ideas? Thank you!

Difan Zhao, M.Eng
Network Engineer
difan.zhao at guest-tek.com
www.guest-tek.com
Office: 403-509-1010 ext 3048
Cell: 403-689-7514
 
-----Original Message-----
From:
freeradius-users-bounces+difan.zhao=guest-tek.com at lists.freeradius.org
[mailto:freeradius-users-bounces+difan.zhao=guest-tek.com at lists.freeradi
us.org] On Behalf Of Alan DeKok
Sent: Wednesday, May 05, 2010 1:53 AM
To: FreeRadius users mailing list
Subject: Re: Freeradius 2.1.6: Store Cisco device "enable" password
inPostgresql DB

Difan Zhao wrote:
> And it doesn't work. Then I am checking the debug and I found that the
"$" in the username was interpreted to something like "=24":

  Read raddb/sql/postgresql/dialup.conf, and look for "safe-characters"

  Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list