[RADIATOR] Password with local characters fails

Patrik Forsberg patrik.forsberg at ip-only.se
Tue May 22 04:05:15 CDT 2012


Thanks,

This kind of confirms what I initially thought.
>From what I can see in the PasswordLog thingie doesn't log the local character at all in the column that specifies what radiator received.. so I'd say this is an equipment issue.

Regards,
Patrik Forsberg


> -----Original Message-----
> From: radiator-bounces at open.com.au [mailto:radiator-
> bounces at open.com.au] On Behalf Of Heikki Vatiainen
> Sent: Monday, May 21, 2012 11:17 AM
> To: radiator at open.com.au
> Subject: Re: [RADIATOR] Password with local characters fails
> 
> On 05/21/2012 10:47 AM, Patrik Forsberg wrote:
> 
> > I have a minor issue with our current setup where it seems like local
> characters aren't working for some reason ?
> > If a person have a password like "hello" it works but "hallå" won't work ..
> from debugging it looks like the character get stripped from the password
> request.. but I'm NOT sure if it is equipment related or Radiator that strips it ?
> >
> > My question is if there are anything in Radiator that could strips the local
> characters from the password field prior to adding it up for authentication ?
> My guess is no and that this is actually an equipment issue :)
> 
> Radiator does not strip anything, but with non-ascii characters there's
> the question of which locale (UTF8, ISO-8859-1, ISO-8859-15, etc.) is in
> use and, as a result, how the non-ascii characters get encoded.
> 
> I tried hallå (hall + http://en.wikipedia.org/wiki/%C3%85) as password
> with both TACACS+ and plain RADIUS. The test was done with radpwtst and
> goodies/tacacsplustest. The system uses UTF8 locale, so my å gets sent
> as hex characters c3 a5 (decimal 195 and 165). This was on Radiator 4.9
> and Ubuntu 12.04.
> 
> Trace 4 from radiusd, after modifying it to show the received password,
> gives this for TACACS+ (hallå in UTF8 as the User-Password in the users
> file):
> 
> Mon May 21 12:10:24 2012: DEBUG: New TacacsplusConnection created for
> 127.0.0.1:52192
> Mon May 21 12:10:24 2012: DEBUG: TacacsplusConnection request 193, 1, 1,
> 0, 1234, 30
> Mon May 21 12:10:24 2012: DEBUG: TacacsplusConnection Authentication
> START 1, 2, 0 for hvn, 123, testclient
> Mon May 21 12:10:24 2012: DEBUG: TACACSPLUS derived Radius request
> packet dump:
> Code:       Access-Request
> Identifier: UNDEF
> Authentic:  <234>(<217><159>0&<146>d{<6><221>{<182><29>'<185>
> Attributes:
> 	NAS-IP-Address = 127.0.0.1
> 	NAS-Port-Id = "123"
> 	Calling-Station-Id = "testclient"
> 	NAS-Identifier = "TACACS"
> 	cisco-avpair = "action=1"
> 	cisco-avpair = "authen_type=2"
> 	cisco-avpair = "priv-lvl=0"
> 	cisco-avpair = "service=0"
> 	User-Name = "hvn"
> 	User-Password = **obscured**
> 	User-Password = hall<195><165>
> 	OSC-Version-Identifier = "193"
> 
> 
> Mon May 21 12:10:24 2012: DEBUG: Handling request with Handler
> 'Realm=DEFAULT', Identifier ''
> Mon May 21 12:10:24 2012: DEBUG:  Deleting session for hvn, 127.0.0.1,
> Mon May 21 12:10:24 2012: DEBUG: Handling with Radius::AuthFILE:
> Mon May 21 12:10:24 2012: DEBUG: Reading users file ./users
> Mon May 21 12:10:24 2012: DEBUG: Radius::AuthFILE looks for match with
> hvn [hvn]
> Mon May 21 12:10:24 2012: DEBUG: Radius::AuthFILE ACCEPT: : hvn [hvn]
> Mon May 21 12:10:24 2012: DEBUG: AuthBy FILE result: ACCEPT,
> Mon May 21 12:10:24 2012: DEBUG: Access accepted for hvn
> Mon May 21 12:10:24 2012: DEBUG: Packet dump:
> *** Reply to TACACSPLUS request:
> Code:       Access-Accept
> Identifier: UNDEF
> Authentic:  <234>(<217><159>0&<146>d{<6><221>{<182><29>'<185>
> Attributes:
> 
> 
> --
> Heikki Vatiainen <hvn at open.com.au>
> 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
> NetWare etc.
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator


More information about the radiator mailing list