Hex to Cleartext
Alan DeKok
aland at deployingradius.com
Tue Apr 15 22:30:13 CEST 2014
Joseph Showalter wrote:
> So, after working on our puzzling issue, we have found the root cause of chap failing instance:
>
> Our equipment vendor is putting this in the end device 4867467528286D35655B523F585C5359.
>
> But freeradius needs to see this value: HgFu((m5e[R?X\\SY.
That's pretty much what I expected. For the record, the vendor is
wrong. They should either accept printable ASCII passwords, or make it
clear that the password is a binary string.
> This value is the "Escaped" value of the above hex.
>
> In the radius db we have the hex value stored like this: 4867467528286D35655B523F585C5359.
>
> Are there any suggestions on how we could easily convert this to the 'Escaped' value either with SQL changes or writing a perl plugin or something else that we have missed?
You will need to use version 3.
update {
Tmp-Octets-0 := 0x4867467528286D35655B523F585C5359
reply:Filter-Id := &Tmp-Octets-0
}
...
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=81,
length=38
Filter-Id = "HgFu((m5e[R?X\\SY"
i.e. put the hex values into an "octets" type attribute. You'll need
to prefix it with "0x", in order to get it parsed correctly.
Then, assign it to a "string" attribute (e.g. Cleartext-Password), via
the "&" operator.
Unfortunately, version 2 doesn't support this functionality. In that
version, you'll need to use Perl to do the translation.
Alan DeKok.
More information about the Freeradius-Users
mailing list