AW: Backslash in AD Password

Bernhard Knoll Bernhard.Knoll at check24.de
Fri Jul 13 09:13:11 CEST 2018


So the otp app has to account for this or is a workaround possible in freeradius?

Best regards


-----Ursprüngliche Nachricht-----
Von: Freeradius-Users [mailto:freeradius-users-bounces+bernhard.knoll=check24.de at lists.freeradius.org] Im Auftrag von Alan DeKok
Gesendet: Donnerstag, 12. Juli 2018 17:03
An: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Betreff: Re: Backslash in AD Password 

On Jul 12, 2018, at 10:58 AM, Bernhard Knoll <Bernhard.Knoll at check24.de> wrote:
> is it possible to see what password a module is forwarding to an application?

  The debug output you posted to the list shows this.

> I have the problem that  I run freeradius with an external OTP Software (LinOTP) via a rlm_perl module.
> 
> When I try to authenticate from a Cisco ASA with Anyconnect the authentication fails if there is a backslash in the username.
> If I try to authenticate directly agauinst the OTP Software it works with the backslash.
> In the radius -X log is see the password with escaped backslash:

  Yes... that's how it works.  Special characters are escaped.  With backslashes.

> Is there  a way to see if freeradius sends the password with 2 backslashes?

  The debug output?

  Or, you can edit the Perl function to print out each individual character in the password.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list