Re: Freeradius as a proxy to Windows IAS - reserved characters in shared secret?
Hi I've just been doing some research on the net and found this link on the GNU radius client reference page: http://www.gnu.org/software/radius/manual/html_chapter/radius_13.html#SEC262 It looks as if the radtest client has reserved characters. Does anyone know if this applies to shared secrets with the Freeradius server as well??? Thanks Clive - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius as a proxy to Windows IAS - reserved characters in shared secret?
Hi Thanks once again for all the advice :-) Does anyone know if there some characters that are reserved i.e cannot be used in secret keys with a freeradius server. If so what are they? I've been experimenting with the radtest client and the freeradius server using local unix validation with interesting results. 1) If I use a secret key (16+ characters and the same key in both the radtest client and freeradius clients.conf) that contains pure alpha characters the key is accepted and authorisation is successful. 2) If I use a secret key (similar to the one set on the IAS server) containing characters such as $\[ then the key is rejected and authorisation is unsuccessful. I have tried enclosing the key in single and double quotes, but the key is still rejected. Hopefully getting nearer to a solution... Thanks very much Clive - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius as a proxy to Windows IAS - reserved characters in shared secret?
clive gould wrote: I've just been doing some research on the net and found this link on the GNU radius client reference page: http://www.gnu.org/software/radius/manual/html_chapter/radius_13.html#SEC262 It looks as if the radtest client has reserved characters. The characters are *escaped*, not *reserved*. Does anyone know if this applies to shared secrets with the Freeradius server as well??? The shared secrets in FreeRADIUS have *no* reserved characters. They *can* be double-quoted strings, with all of the usual conditions for escaping characters. This is less of a FreeRADIUS-specific issue than a standard Unix way of doing things. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html