User password

Nicolas Breuer Nicolas.Breuer at belcenter.biz
Wed May 22 16:00:45 CEST 2019 

Thanks Nicolas, i will try right away.

-----Message d'origine-----
De : Freeradius-Users <freeradius-users-bounces+nicolas.breuer=belcenter.biz at lists.freeradius.org> De la part de Chaigneau, Nicolas via Freeradius-Users
Envoyé : mercredi 22 mai 2019 15:59
À : FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Cc : Chaigneau, Nicolas <nicolas.chaigneau at capgemini.com>
Objet : RE: User password 

As Alan suggested, look at the following policy (in raddb/policy.d/filter):

#  Some equipment sends passwords with embedded zeros.
#  This policy filters them out.
#
filter_password {
	if (&User-Password && \
	   (&User-Password != "%{string:User-Password}")) {
		update request {
			&Tmp-String-0 := "%{string:User-Password}"
			&User-Password := "%{string:Tmp-String-0}"
		}
	 }
}



-----Message d'origine-----
De : Freeradius-Users <freeradius-users-bounces+nicolas.chaigneau=capgemini.com at lists.freeradius.org> De la part de Nicolas Breuer
Envoyé : mercredi 22 mai 2019 15:46
À : FreeRadius users mailing list
Objet : RE: User password 

Hello Alan,

Ok but i have the correct attribute in v2.2 but maybe that was not expected and the Cisco is very old.
Can you help with a link to solve the issue ?

Thanks in advance,


-----Message d'origine-----
De : Freeradius-Users <freeradius-users-bounces+nicolas.breuer=belcenter.biz at lists.freeradius.org> De la part de Alan DeKok Envoyé : mercredi 22 mai 2019 13:08 À : FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Objet : Re: User password 

On May 22, 2019, at 5:12 AM, Nicolas Breuer <Nicolas.Breuer at belcenter.biz> wrote:
> Trying to migrate our old Cisco XS Server to FR3.0.19
> 
> Ready to process requests
> (9) Received Access-Request Id 9 from 117.212.177.1:1645 to 117.212.180.1:1814 length 97
> (9)   NAS-IP-Address = 217.112.177.1
> (9)   NAS-Port = 3
> (9)   NAS-Port-Type = Async
> (9)   User-Name = "username"
> (9)   Called-Station-Id = "240"
> (9)   Calling-Station-Id = "71"
> (9)   User-Password = "alerteo268\000N: In"
> (9)   Service-Type = Framed-User
> (9)   Framed-Protocol = PPP
> 
> 
> Any ideas from where the \000N:In comes from ?

  It comes from the NAS, like every other RADIUS attribute.

  Some NASes implement RADIUS incorrectly.

  If you read the config in a recent version of v3, there are policies to catch & fix this exact issue.

  Alan DeKok.


This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list