user names and user passwords

Dmitry Korzhevin dmitry.korzhevin at stidia.com
Mon Nov 19 14:21:33 CET 2012


Thanks to all. Problem solved.

In file:

/etc/freeradius/sql/mysql/dialup.conf

Uncomment string "safe-characters" and add to them {}

So, now it looks like:

safe-characters = 
"{}@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"

Again, thanks!

19.11.2012 15:04, Dmitry Korzhevin пишет:
> I have users in database radius, table radcheck:
>
> 1. 19A7A770-CC08-B769-1894-6ED795DA2DB70 Cleartext-Password := pass
> 2. {19A7A770-CC08-B769-1894-6ED795DA2DB70} Cleartext-Password := pass
> 3. \{19A7A770-CC08-B769-1894-6ED795DA2DB70\} Cleartext-Password := pass
>
> When i try test connection with radtest:
>
> radtest "19A7A770-CC08-B769-1894-6ED795DA2DB70" "pass" RADIUS_SERVER_IP
> 0 psk
>
> Sending Access-Request of id 73 to IP port 1812
>          User-Name = "19A7A770-CC08-B769-1894-6ED795DA2DB70"
>          User-Password = "pass"
>          NAS-IP-Address = IP
>          NAS-Port = 0
> rad_recv: Access-Accept packet from host IP port 1812, id=73, length=20
>
> So, auth without any problems for user (1).
>
> But, when i try to test with user, which login use "{}" characters (2) -
> it fails:
>
> radtest "{19A7A770-CC08-B769-1894-6ED795DA2DB70}" "pass" IP 0 psk
>
> Sending Access-Request of id 112 to IP port 1812
>          User-Name = "{19A7A770-CC08-B769-1894-6ED795DA2DB70}"
>          User-Password = "pass"
>          NAS-IP-Address = IP
>          NAS-Port = 0
> rad_recv: Access-Reject packet from host IP port 1812, id=112, length=20
>
> On freeradius server side (with freeradius -X) i see:
>
> ------
>
> [sql]   expand: %{User-Name} -> {19A7A770-CC08-B769-1894-6ED795DA2DB70}
> [sql] sql_set_user escaped user -->
> '{19A7A770-CC08-B769-1894-6ED795DA2DB70}'
> rlm_sql (sql): Reserving sql socket id: 2
> [sql]   expand: SELECT id, username, attribute, value, op           FROM
> radcheck           WHERE username = '%{SQL-User-Name}'           ORDER
> BY id -> SELECT id, username, attribute, value, op           FROM
> radcheck           WHERE username =
> '=7B19A7A770-CC08-B769-1894-6ED795DA2DB70=7D'           ORDER BY id
> rlm_sql_mysql: query:  SELECT id, username, attribute, value, op    FROM
> radcheck           WHERE username =
> '=7B19A7A770-CC08-B769-1894-6ED795DA2DB70=7D'           ORDER BY id
> [sql]   expand: SELECT groupname           FROM radusergroup WHERE
> username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
> groupname           FROM radusergroup           WHERE username =
> '=7B19A7A770-CC08-B769-1894-6ED795DA2DB70=7D'           ORDER BY priority
> rlm_sql_mysql: query:  SELECT groupname           FROM radusergroup
>        WHERE username = '=7B19A7A770-CC08-B769-1894-6ED795DA2DB70=7D'
>          ORDER BY priority
> rlm_sql (sql): Released sql socket id: 2
> [sql] User {19A7A770-CC08-B769-1894-6ED795DA2DB70} not found
> ++[sql] returns notfound
>
> ----------------
>
> Why freeradius trying to search
> '=7B19A7A770-CC08-B769-1894-6ED795DA2DB70=7D' instead of correct
> username: '{19A7A770-CC08-B769-1894-6ED795DA2DB70}'
>
> ?
>
> 16.11.2012 17:58, Alan DeKok пишет:
>> Dmitry Korzhevin wrote:
>>> Guys, does anybody know something about maximum username length and user
>>> password lengt?
>>
>>    The RFCs say 253 octets for user name, and 128 for password.
>>
>>> I try to use next login passwords without success (checked with
>>> radtest):
>>>
>>> http://dpaste.com/832115/
>>
>>    Which is (a) pretty much self-evident.  And (b) not following the
>> daily instructions to post the full debug log.
>>
>>    What does "User 19A7A770-CC08-B769-1894-6ED795DA2DB7 not found" mean
>> to you?
>>
>>    Have you tried running the SQL qeuries manually?  That's why they're
>> printed out.  So you can USE THEM to DEBUG THE PROBLEM.
>>
>>    Alan DeKok.
>>
>>
>
> Best Regards,
> Dmitry
>
> ---
> Dmitry KORZHEVIN
> System Administrator
> STIDIA S.A. - Luxembourg
>
> e: dmitry.korzhevin at stidia.com
> m: +38 093 874 5453
> w: http://www.stidia.com
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

Best Regards,
Dmitry

---
Dmitry KORZHEVIN
System Administrator
STIDIA S.A. - Luxembourg

e: dmitry.korzhevin at stidia.com
m: +38 093 874 5453
w: http://www.stidia.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4488 bytes
Desc: �������������������������� ������������ S/MIME
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20121119/0c435b87/attachment-0001.bin>


More information about the Freeradius-Users mailing list