Parse error for non-hex characters in users file
aland at deployingradius.com
Wed May 11 16:48:59 CEST 2016
On May 11, 2016, at 10:38 AM, Derek Wuelfrath <dwuelfrath at inverse.ca> wrote:
> Working with a FreeRADIUS 2.2.8 (I know, it’s “old” but for the moment, upgrade is not really a possible way)
Upgrades are always possible. The only reason to *not* upgrade is political.
> I am getting the following error when trying to start radiusd.
> Error: Parse error (check) for entry my_awesome_username: Non-hex characters at gX
> The users file specified by the error message does contains some “hex characters” as the “hashed password” for a user entry.
> “my_awesome_username” MD5-Password := “0X………"
> It looks to me like FreeRADIUS is trying to interpret the password as an hexadecimal value and then breaks…
The MD5-Password is *defined* to take hex characters. i.e.
MD5-Password := 0xabcdef01234
So... what are you trying to put into the MD5-Password attribute? The clear text password?
If so, use Cleartext-Password.
> I found out that there may be a fix for this exact “issue” introduced in FreeRADIUS 3.0.6 (https://lists.freeradius.org/pipermail/freeradius-users/2015-February/075885.html <https://lists.freeradius.org/pipermail/freeradius-users/2015-February/075885.html>)
> Handle NT-Hash in rlm_pap. This allows passwords to
> have backslashes in them.
That's a different fix.
> I was wondering if someone could point me to the patch file / the fix itself so that I can evaluate if it is something possible to port that fix onto my 2.2.8 version.
Ensure that you're using hex for MD5-Password, and clear text for Cleartext-Password.
The most likely explanation is that you're doing something wrong. Since you didn't show *exactly* what you're doing, that's the best answer you're going to get.
More information about the Freeradius-Users