On 10/21/2010 10:27 PM, Phil Mayers wrote:
On 10/21/2010 08:52 PM, [email protected] wrote:
I don't know whether the problem lies with me (for allowing a backslash
in the password in the first place) the NAS for appearing to 'escape'
the backslash (with a backslash)
rlm_ldap accesses the raw string value of the request->password AVP, so
it shouldn't be anything inside FreeRadius.
What is the NAS?
Hmm. I've just tried this locally and I don't seem to get the same
results as you; I see the backslash doubled in the initial FreeRadius
dump (as expected - FreeRadius writes the debug output as you would
write config files):
rad_recv: Access-Request packet from host 127.0.0.1 port 53973, id=123,
length=44
User-Name = "pjm3"
User-Password = "foo\\bar"
...and I then see:
[ldap] login attempt by "pjm3" with password "foo\bar"
[ldap] user DN: CN=pjm3,...
[ldap] (re)connect to icads1.ic.ac.uk:389, authentication 1
[ldap] bind as CN=pjm3,.../foo\bar to icads1.ic.ac.uk:389
[ldap] waiting for bind result ...
...note the backslash just appears singly here; the rlm_ldap debugging
output code writes the raw value out. You however have two backslashes
by this point, so it must be your rlm_perl module. Can you prevent the
perl module touching the User-Password attribute, and see if that helps?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
