Parse error for non-hex characters in users file

[Alan DeKok]

On May 11, 2016, at 10:38 AM, Derek Wuelfrath <dwuelfrath at inverse.ca> wrote:
> Working with a FreeRADIUS 2.2.8 (I know, it’s “old” but for the moment, upgrade is not really a possible way)

  Upgrades are always possible.  The only reason to *not* upgrade is political.

> I am getting the following error when trying to start radiusd.
> 
> Error: Parse error (check) for entry my_awesome_username: Non-hex characters at gX
> 
> The users file specified by the error message does contains some “hex characters” as the “hashed password” for a user entry.
> 
> ie:
> “my_awesome_username” MD5-Password := “0X………"
> 
> It looks to me like FreeRADIUS is trying to interpret the password as an hexadecimal value and then breaks…

  The MD5-Password is *defined* to take hex characters.  i.e.

	MD5-Password := 0xabcdef01234

  So... what are you trying to put into the MD5-Password attribute?  The clear text password?

  If so, use Cleartext-Password.

> I found out that there may be a fix for this exact “issue” introduced in FreeRADIUS 3.0.6 (https://lists.freeradius.org/pipermail/freeradius-users/2015-February/075885.html <https://lists.freeradius.org/pipermail/freeradius-users/2015-February/075885.html>)
> Handle NT-Hash in rlm_pap.  This allows passwords to
> 	  have backslashes in them.

  That's a different fix.

> I was wondering if someone could point me to the patch file / the fix itself so that I can evaluate if it is something possible to port that fix onto my 2.2.8 version.

  Ensure that you're using hex for MD5-Password, and clear text for Cleartext-Password.

  The most likely explanation is that you're doing something wrong.  Since you didn't show *exactly* what you're doing, that's the best answer you're going to get.

  Alan DeKok.