Parse error for non-hex characters in users file
Derek Wuelfrath
dwuelfrath at inverse.ca
Wed May 11 16:56:30 CEST 2016
> Upgrades are always possible. The only reason to *not* upgrade is political.
Which is exactly the case ;)
>> It looks to me like FreeRADIUS is trying to interpret the password as an hexadecimal value and then breaks…
>
> The MD5-Password is *defined* to take hex characters. i.e.
>
> MD5-Password := 0xabcdef01234
>
> So... what are you trying to put into the MD5-Password attribute? The clear text password?
>
> If so, use Cleartext-Password.
It is actually the “hashed” clear text password, on which I unfortunately do not have control…
>> I found out that there may be a fix for this exact “issue” introduced in FreeRADIUS 3.0.6 (https://lists.freeradius.org/pipermail/freeradius-users/2015-February/075885.html <https://lists.freeradius.org/pipermail/freeradius-users/2015-February/075885.html>)
>> Handle NT-Hash in rlm_pap. This allows passwords to
>> have backslashes in them.
>
> That's a different fix.
Excellent! Thanks for pointing this out.
> The most likely explanation is that you're doing something wrong. Since you didn't show *exactly* what you're doing, that's the best answer you're going to get.
I’ll complete some other tests and will report if necessary. Unfortunately (yeah, again) I cannot “show exactly” what I’m doing due to political reasons. I know that it is hard to help in those circumstances but I was seeking for advise on the specified “fix” (which you said was not related) and was simply explaining my situation.
Thanks Alan!
Cheers!
-dw.
—
Derek Wuelfrath
dwuelfrath at inverse.ca :: +1.514.447.4918 (x110) :: +1.866.353.6153 (x110)
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org)
> On May 11, 2016, at 10:48, Alan DeKok <aland at deployingradius.com> wrote:
>
> On May 11, 2016, at 10:38 AM, Derek Wuelfrath <dwuelfrath at inverse.ca> wrote:
>> Working with a FreeRADIUS 2.2.8 (I know, it’s “old” but for the moment, upgrade is not really a possible way)
>
> Upgrades are always possible. The only reason to *not* upgrade is political.
>
>> I am getting the following error when trying to start radiusd.
>>
>> Error: Parse error (check) for entry my_awesome_username: Non-hex characters at gX
>>
>> The users file specified by the error message does contains some “hex characters” as the “hashed password” for a user entry.
>>
>> ie:
>> “my_awesome_username” MD5-Password := “0X………"
>>
>> It looks to me like FreeRADIUS is trying to interpret the password as an hexadecimal value and then breaks…
>
> The MD5-Password is *defined* to take hex characters. i.e.
>
> MD5-Password := 0xabcdef01234
>
> So... what are you trying to put into the MD5-Password attribute? The clear text password?
>
> If so, use Cleartext-Password.
>
>> I found out that there may be a fix for this exact “issue” introduced in FreeRADIUS 3.0.6 (https://lists.freeradius.org/pipermail/freeradius-users/2015-February/075885.html <https://lists.freeradius.org/pipermail/freeradius-users/2015-February/075885.html>)
>> Handle NT-Hash in rlm_pap. This allows passwords to
>> have backslashes in them.
>
> That's a different fix.
>
>> I was wondering if someone could point me to the patch file / the fix itself so that I can evaluate if it is something possible to port that fix onto my 2.2.8 version.
>
> Ensure that you're using hex for MD5-Password, and clear text for Cleartext-Password.
>
> The most likely explanation is that you're doing something wrong. Since you didn't show *exactly* what you're doing, that's the best answer you're going to get.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list