Re: Issues with £ character in passwords

Arran Cudbard-Bell a.cudbardb at
Wed Feb 11 16:47:58 CET 2015

> On 11 Feb 2015, at 10:11, Isaac Boukris <iboukris at> wrote:
> Hi,
> On Wed, Feb 11, 2015 at 4:00 PM, Alan DeKok <aland at> wrote:
>> On Feb 11, 2015, at 8:46 AM, Mark Keyte <Mark.Keyte at> wrote:
>>> We have recently noticed that authentication is failing when users are
>>> using the £ sign character in their password (and also § found on
>>> macbook keyboards) - it seems to work fine with other characters -
>>> !"$%^123&*()_+-=[]{};'#:@~,./<>?\| for example.
>>  i.e. ASCII.
>>  The problem is a hard one to solve.  The MS-CHAP standards don’t actually say what format the passwords should be in.  So implementations have chosen different paths… not all of which are compatible.
> I'd also suggest to try FreeRadius V3 - see related email thread:

In ISO/IEC 8859-1 (latin-1), £ is 0xa3, in UTF8 it's a two byte encoding 0xc2 0xa3. Same issue with § (0xa7) which will become 0xc2 0xa7 in UTF8.

I specifically remember an issue with the OSX supplicant not using the correct encoding (Olivier B you reported that right?).

OP can you confirm this is all platforms and not just OSX? If it's just OSX try using TTLS-PAP instead I seem to remember that working.

In any case you'll likely have issues with any char > decimal 127.

I know for v3 we added proper UTF8 -> UTF16 conversion (which is what MSCHAPv2 required), this may have exposed the issue.


Arran Cudbard-Bell <a.cudbardb at>
FreeRADIUS development team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <>

More information about the Freeradius-Users mailing list