AW: Backslash in AD Password
Bernhard.Knoll at check24.de
Fri Jul 13 09:13:11 CEST 2018
So the otp app has to account for this or is a workaround possible in freeradius?
Von: Freeradius-Users [mailto:freeradius-users-bounces+bernhard.knoll=check24.de at lists.freeradius.org] Im Auftrag von Alan DeKok
Gesendet: Donnerstag, 12. Juli 2018 17:03
An: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Betreff: Re: Backslash in AD Password
On Jul 12, 2018, at 10:58 AM, Bernhard Knoll <Bernhard.Knoll at check24.de> wrote:
> is it possible to see what password a module is forwarding to an application?
The debug output you posted to the list shows this.
> I have the problem that I run freeradius with an external OTP Software (LinOTP) via a rlm_perl module.
> When I try to authenticate from a Cisco ASA with Anyconnect the authentication fails if there is a backslash in the username.
> If I try to authenticate directly agauinst the OTP Software it works with the backslash.
> In the radius -X log is see the password with escaped backslash:
Yes... that's how it works. Special characters are escaped. With backslashes.
> Is there a way to see if freeradius sends the password with 2 backslashes?
The debug output?
Or, you can edit the Perl function to print out each individual character in the password.
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users