extra characters in User-Password line
Лев Валуев
2309005m03 at gmail.com
Wed Aug 14 16:01:41 CEST 2019
Hello Alan! Thanks for your fast reply! I had filter_password policy
in raddb/policy.d/filter.
I have uncommented it in sites-enabled/default file but doesn't look
like it changed something
I still receive the same string. Probably I have done something wrong
- I see no mention of
filter_password policy at the radiusd -X output.
According to filter_password description, this policy exists for
removal of embedded zeros. I have ]\n
at the end of the user-password. Could it disturb with filter_password?
# grep -A 9 filter_password /etc/raddb/policy.d/filter
filter_password {
if (&User-Password && \
(&User-Password != "%{string:User-Password}")) {
update request {
&Tmp-String-0 := "%{string:User-Password}"
&User-Password := "%{string:Tmp-String-0}"
}
}
}
# grep filter_password /etc/raddb/sites-enabled/default
filter_password
ср, 14 авг. 2019 г. в 14:53, Alan DeKok <aland at deployingradius.com>:
> The NAS should encode the User-Password correctly. This one doesn't.
>
> See the "filter_password" policy in more recent versions of the server:
>
> #
> # Filter the User-Password
> #
> # Some equipment sends passwords with embedded zeros.
> # This policy filters them out.
> #
> filter_password {
> if (&User-Password && \
> (&User-Password != "%{string:User-Password}")) {
> update request {
> &Tmp-String-0 := "%{string:User-Password}"
> &User-Password := "%{string:Tmp-String-0}"
> }
> }
> }
>
> This may be in raddb/policy.d/filter already. If not, add it there.
>
> Then, find the "filter_username" reference in sites-enabled/default. And add "filter_password" after it.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list