[RADIATOR] Password Length Limits

Sat Jun 2 17:16:23 CDT 2012

What do the log files say? Is an accept/reject packet being sent, or is the request just terminating part way through (or even not reaching the radiusd)?

If you can't pull the logs for any reason, a packet capture will do the same job.

Only thing I can think of that directly relates to any sort of length, is that if you were running close to a fragment size limit, a longer password could trigger an issue.

Start with the log files before tweaking your config though.

Adam Bishop
Access & Identity Management 
Janet, the UK’s education and research network

On 2 Jun 2012, at 20:59, Johnson, Neil M wrote:

> Hmm, I've checked with our AD folks and they claim that they can handle 254 characters (127 unicode) as welll.
> 
> The odd thing is we have 2 Wireless SSID's using the same RADIUS server (a local one, and eduroam). A user is having issues with a 28 character password on eduroam, but not on the local one. I don't see a difference in the Handlers for the different SSID's that would result in this issue.
> 
> Any ideas would be appreciated.
> 
> Thanks.
> -Neil
> 
> ________________________________________
> From: Hugh Irvine [hugh at open.com.au]
> Sent: Saturday, June 02, 2012 3:28 AM
> To: Johnson, Neil M
> Cc: Radiator Mailing List ‎[radiator at open.com.au]‎
> Subject: Re: [RADIATOR] Password Length Limits
> 
> Hello Neil -
> 
> The User-Password attribute can contain 254 characters, but the password length is usually limited by whatever user credential database you are using.
> 
> In your case I would imagine that AD is the limiting factor.
> 
> regards
> 
> Hugh
> 
> 
> On 2 Jun 2012, at 05:00, Johnson, Neil M wrote:
> 
>> Anyone,
>> 
>> Is there a limit to the size of password that can be used with RADIUS and/or RADIATOR?  We have users trying to use passwords > 25 characters long and they are unable to authenticate.
>> 
>> Specifically, we are using PEAP/MS-CHAP-V2 with AuthByLSA to our AD Domain.
>> 
>> 
>> Thanks!
>> -Neil
>> 
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
> 
> 
> --
> 
> Hugh Irvine
> hugh at open.com.au
> 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER etc.
> Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator

Janet is a trading name of The JNT Association, a company limited
by guarantee which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG