Issues with clients.conf shared secret
Clos, Chris
cclos at ussignal.com
Wed Jun 24 20:42:52 CEST 2020
For a quick history, I'm currently migrating an old server running Freeradius 1.0.5 on FreeBSD to a new server running Freeradius 3.0.16 on Ubuntu 18.04 (the one available via apt install).
We have thousands of clients configured in the clients.conf file with random passwords. But I have found that when I use a combination of a comma (,) and greater than (>) or less than signs (<) in a shared secret, I get an error. I have been able to at least narrow down this combination, but I'm suspecting there are more rules I should be aware of.
My question is what special characters are not able to be used with freeradius, or is there an escape method that will work in the shared secret field that will make them work? The less I have to change on end devices the better. I have tried scouring the documents and mailing list, but have not found anything showing special character rules.
For a sample of this, here's a clients.conf entry it errors on:
client 127.0.0.1 {
secret = abc,def<ghi123
shortname = test_sharedsecret
}
Running freeradius -CX, I get:
FreeRADIUS Version 3.0.16
Copyright (C) 1999-2017 The FreeRADIUS server project and contributors
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License
For more information about these matters, see the file named COPYRIGHT
Starting - reading configuration files ...
including dictionary file /usr/share/freeradius/dictionary
including dictionary file /usr/share/freeradius/dictionary.dhcp
including dictionary file /usr/share/freeradius/dictionary.vqp
including dictionary file /etc/freeradius/3.0/dictionary
including configuration file /etc/freeradius/3.0/radiusd.conf
including configuration file /etc/freeradius/3.0/proxy.conf
including configuration file /etc/freeradius/3.0/clients.conf
/etc/freeradius/3.0/clients.conf[2]: Parse error after "def": unexpected token "<"
Thank you!
Chris
More information about the Freeradius-Users
mailing list