3.0.17 password ending in '\' problem, LDAP backend [bug?]

Fri Sep 7 11:55:42 CEST 2018

On Παρ, Σεπ 07 2018 at 11:30:19 πμ, Olivier <Olivier.Nicole at cs.ait.ac.th> wrote:

Dear Olivier,

the heart of the problem I am describing refers to the inability of the
LDAP module to retrieve a clear text password from the directory if this
ends in '\'.

Radclient refers to how I send the request and it seems in freeradius 3
there were changes to that as well. No shell is involved and I use vim
on linux for the file editing.

Regards,
Kostas

>> Debugging output (stripping the sensitive information):
>>
>> kzorba at system(0)[10:19 AM]~/radius->cat test_kzorba1.txt 
>> User-Name = kzorba1 at otenet.gr
>> NAS-Port-Type = xDSL
>> User-Password = test123\
>> NAS-Port-Id ="#DSLAM PORT DESCRIPTION HERE#"
>> Calling-Station-Id = "BNG INTERFACE # DSLAM PORT DESCRIPTION"
>> NAS-Port = 12234455
>>
>> using freeradius 3.0.17 radclient:
>>
>> kzorba at system(0)[10:26 AM]~/radius->/opt/freeradius3-auth/bin/radclient -f test_kzorba1.txt -x localhost:1812 auth XXXXX
>> (0) Error parsing "test_kzorba1.txt": Invalid escape at end of string
>> radclient: Failed parsing input files
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>
>> With radclient 3.0.17 I needed to add an extra \ at the end of the
>> User-Password to send the request. No Cleartext-Password is set.
>
> It looks like a problem of escaping character in whatever shell, text
> editor, operating system you are using.
>
> On Unix, a line ending with a \ traditionnaly means that the line is
> continuing on the next line. Even it could be that when copying from one
> system to the other, you have added invisible character at the end of
> each line (your text editor consider that it should not display any
> CRTL-M at the end of the line, but if it is there, it messes up with
> LDAP, it happened to me earlier this week).
>
> Good luck,
>
> Olivier

-- 
Kostas Zorbadelos	http://gr.linkedin.com/in/kzorba		