Re: Issues with £ character in passwords

[Arran Cudbard-Bell]

> On 11 Feb 2015, at 10:11, Isaac Boukris <iboukris at gmail.com> wrote:
> 
> Hi,
> 
> On Wed, Feb 11, 2015 at 4:00 PM, Alan DeKok <aland at deployingradius.com> wrote:
>> On Feb 11, 2015, at 8:46 AM, Mark Keyte <Mark.Keyte at lshtm.ac.uk> wrote:
>>> We have recently noticed that authentication is failing when users are
>>> using the £ sign character in their password (and also § found on
>>> macbook keyboards) - it seems to work fine with other characters -
>>> !"$%^123&*()_+-=[]{};'#:@~,./<>?\| for example.
>> 
>>  i.e. ASCII.
>> 
>>  The problem is a hard one to solve.  The MS-CHAP standards don’t actually say what format the passwords should be in.  So implementations have chosen different paths… not all of which are compatible.
> 
> I'd also suggest to try FreeRadius V3 - see related email thread:
> http://freeradius.1045715.n5.nabble.com/Plans-for-the-next-few-releases-td5730406.html

In ISO/IEC 8859-1 (latin-1), £ is 0xa3, in UTF8 it's a two byte encoding 0xc2 0xa3. Same issue with § (0xa7) which will become 0xc2 0xa7 in UTF8.

I specifically remember an issue with the OSX supplicant not using the correct encoding (Olivier B you reported that right?).

OP can you confirm this is all platforms and not just OSX? If it's just OSX try using TTLS-PAP instead I seem to remember that working.

In any case you'll likely have issues with any char > decimal 127.

I know for v3 we added proper UTF8 -> UTF16 conversion (which is what MSCHAPv2 required), this may have exposed the issue.

-Arran

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150211/c5a9bc2a/attachment.sig>