FreeRADIUS 3.0.25 with a singe backslash in user's password
Alan DeKok
aland at deployingradius.com
Fri Dec 3 14:01:49 CET 2021
On Dec 3, 2021, at 2:42 AM, Burn Zero <burnzerog at gmail.com> wrote:
> I noticed some authentication issues recently and saw that it is due to
> people using backslash \ in their passwords. If there is a single backslash
> in the password, then FreeRADIUS adds another backslash to it and hence the
> authentication is rejected.
That's not quite what happens.
> I have:
>
> In LDAP module,
>
> update {
> control:My-Raw-Password += 'User-Password'
> }
I suspect this isn't what's actually there. Instead of pasting the exact string, you've re-typed it.
These are computers. Details matter.
> Then in authorize,
>
> ntlm_auth.authorize {
> if (!control:Auth-Type && User-Password) {
> update control {
> User-Password := "%{string:control:My-Raw-Password}"
> Auth-Type := ntlm_auth
> }
I have no idea why you're doing this. It's not necessary.
If the password is in LDAP, it can be checked via LDAP. You don't need ntlm_auth.
> I searched several posts in this mailing list but I couldn't get it. Could
> you please let me know how to parse the backslash as backslash and not to
> add any extra backslash?
Don't use ntlm_auth. Use ldap as it was intended. It works.
Alan DeKok.
More information about the Freeradius-Users
mailing list