Re: special characters in passwords + FR + ldap
Hi, Thank you for the support, we will try it out in that way. Natalia On 3/30/06, Alan DeKok [EMAIL PROTECTED] wrote: Natalia Escalera [EMAIL PROTECTED] wrote: Command: /usr/local/bin/radtest username test$2006 x.x.x.x 1 test123 Output: Sending Access-Request of id 215 to x.x.x.x port 1812 User-Name = username User-Password = test006#- No dollar sign, no number 2 $2 is a Unix shell variable.This has nothing to do with FreeRADIUS./usr/local/bin/radtest username 'test$2006' x.x.x.x 1 test123will work.Note SINGLE quotes, not DOUBLE quotes.Alan DeKok. -List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: special characters in passwords + FR + ldap
Turtiainen, Tero [EMAIL PROTECTED] wrote: From: Natalia Escalera [EMAIL PROTECTED] We tried FR 1.1.1 and we are still having problems with passwords containing special characters like '$' for the LDAP authentication. In FR 1.1.0 the '$' was replaced by a character such as '%24'. That is supposed to happen. For the new version, the symbol '$' is deleted as well as the character that is next to it. That's not LDAP or FreeRADIUS. That's the shell you're using. Command: /usr/local/bin/radtest username test$2006 x.x.x.x 1 test123 Try: /usr/local/bin/radtest username 'test$2006' ... Read the shell documentation to see why it expands shell variables like $2. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: special characters in passwords + FR + ldap
Natalia Escalera [EMAIL PROTECTED] wrote: Command: /usr/local/bin/radtest username test$2006 x.x.x.x 1 test123 Output: Sending Access-Request of id 215 to x.x.x.x port 1812 User-Name = username User-Password = test006#- No dollar sign, no number 2 $2 is a Unix shell variable. This has nothing to do with FreeRADIUS. /usr/local/bin/radtest username 'test$2006' x.x.x.x 1 test123 will work. Note SINGLE quotes, not DOUBLE quotes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: special characters in passwords + FR + ldap
Hello,We tried FR 1.1.1 and we are still having problems with passwords containing special characters like '$' for the LDAP authentication. In FR 1.1.0 the '$' was replaced by a character such as '%24'. For the new version, the symbol '$' is deleted as well as the character that is next to it. Here is an example ofthe executedcommand and its output: Command:/usr/local/bin/radtest username test$2006 x.x.x.x 1 test123 Output:Sending Access-Request of id 215 to x.x.x.x port 1812User-Name = usernameUser-Password = test006 #- No dollar sign, no number 2NAS-IP-Address = 255.255.255.255NAS-Port = 1rad_recv: Access-Reject packet from host x.x.x.x:1812, id=215, length=20Can this situation be considered please? Thank you in advance, Natalia.On 3/27/06, Natalia Escalera [EMAIL PROTECTED] wrote: Hi, We will try the new version and see if the problem was fixed. Thanks a lot. Natalia. On 3/27/06, Turtiainen, Tero [EMAIL PROTECTED] wrote: Hi, From: Natalia Escalera [EMAIL PROTECTED] I was wondering if someone has any idea of how to solve the problem of special characters(e.g. $) in FreeRadius 1.1.0. Have you tried FreeRADIUS 1.1. which was released last week? According to the ChangeLog the bug #261 has been fixed and it was the attributes retreived from ldap are truncated at first space bug, which sounded very similar to our problem: http://bugs.freeradius.org/show_bug.cgi?id=261 -- Tero Turtiainen Technology Services Capgemini [EMAIL PROTECTED] This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient,you are not authorized to read, print, retain, copy, disseminate,distribute, or use this message or any part thereof. If you receive thismessage in error, please notify the sender immediately and delete allcopies of this message. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: special characters in passwords + FR + ldap
Hi, From: Natalia Escalera [EMAIL PROTECTED] I was wondering if someone has any idea of how to solve the problem of special characters(e.g. $) in FreeRadius 1.1.0. Have you tried FreeRADIUS 1.1. which was released last week? According to the ChangeLog the bug #261 has been fixed and it was the attributes retreived from ldap are truncated at first space bug, which sounded very similar to our problem: http://bugs.freeradius.org/show_bug.cgi?id=261 -- Tero Turtiainen Technology Services Capgemini [EMAIL PROTECTED] This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: special characters in passwords + FR + ldap
Hi, We will try the new version and see if the problem was fixed. Thanks a lot. Natalia. On 3/27/06, Turtiainen, Tero [EMAIL PROTECTED] wrote: Hi, From: Natalia Escalera [EMAIL PROTECTED] I was wondering if someone has any idea of how to solve the problem of special characters(e.g. $) in FreeRadius 1.1.0. Have you tried FreeRADIUS 1.1. which was released last week? According to the ChangeLog the bug #261 has been fixed and it was the attributes retreived from ldap are truncated at first space bug, which sounded very similar to our problem: http://bugs.freeradius.org/show_bug.cgi?id=261 -- Tero Turtiainen Technology Services Capgemini [EMAIL PROTECTED] This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: special characters in passwords + FR + ldap
Hi, I was wondering if someone has any idea of how to solve the problem of special characters(e.g. $) in FreeRadius 1.1.0. Help is very appreciated. Thank you, Natalia. On 3/10/06, Natalia Escalera [EMAIL PROTECTED] wrote: Hello, Do you have any suggestion of how to fix the problem? Thanks, Natalia. On 3/9/06, Natalia Escalera [EMAIL PROTECTED] wrote: Hello, how did you patch? What I did is that I took the rlm_ldap.c from FR 1.1.0 and replaced the content of the function ldap_pairget with the code shown on http://bugs.freeradius.org/showattachment.cgi?attach_id=112. Then I execute the './configure' and 'make' commands Natalia. On 3/9/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi, I attached a copy of the file rlm_ldap.c of radius 1.1.0 yes, your patched version is clearly borked - as you can see from this snippet. int vals_count; int vals_idx; char *ptr; char *value; TLDAP_RADIUS *element; LRAD_TOKEN token; LRAD_TOKEN token, operator; int is_generic_attribute; charvalue[256]; charbuf[MAX_STRING_LEN]; VALUE_PAIR *pairlist = NULL; VALUE_PAIR *newpair = NULL; chardo_xlat = FALSE; LRAD_TOKEN has dual definitions. it should look similar to: char **vals; int vals_count; int vals_idx; char *ptr; char *value; TLDAP_RADIUS *element; LRAD_TOKEN token, operator; int is_generic_attribute; charbuf[MAX_STRING_LEN]; VALUE_PAIR *pairlist = NULL; VALUE_PAIR *newpair = NULL; chardo_xlat = FALSE; how did you patch? I notice that the patch is no longer clean against the 1.1.x CVS code...which means that more headaches will occur. someone with the drive/desire needs to modify the patch for the more recent source alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: special characters in passwords + FR + ldap
Hello, Do you have any suggestion of how to fix the problem? Thanks, Natalia. On 3/9/06, Natalia Escalera [EMAIL PROTECTED] wrote: Hello, how did you patch? What I did is that I took the rlm_ldap.c from FR 1.1.0 and replaced the content of the function ldap_pairget with the code shown on http://bugs.freeradius.org/showattachment.cgi?attach_id=112. Then I execute the './configure' and 'make' commands Natalia. On 3/9/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi, I attached a copy of the file rlm_ldap.c of radius 1.1.0 yes, your patched version is clearly borked - as you can see from this snippet. int vals_count; int vals_idx; char *ptr; char *value; TLDAP_RADIUS *element; LRAD_TOKEN token; LRAD_TOKEN token, operator; int is_generic_attribute; charvalue[256]; charbuf[MAX_STRING_LEN]; VALUE_PAIR *pairlist = NULL; VALUE_PAIR *newpair = NULL; chardo_xlat = FALSE; LRAD_TOKEN has dual definitions. it should look similar to: char **vals; int vals_count; int vals_idx; char *ptr; char *value; TLDAP_RADIUS *element; LRAD_TOKEN token, operator; int is_generic_attribute; charbuf[MAX_STRING_LEN]; VALUE_PAIR *pairlist = NULL; VALUE_PAIR *newpair = NULL; chardo_xlat = FALSE; how did you patch? I notice that the patch is no longer clean against the 1.1.x CVS code...which means that more headaches will occur. someone with the drive/desire needs to modify the patch for the more recent source alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: special characters in passwords + FR + ldap
Hi, I attached a copy of the file rlm_ldap.c of radius 1.1.0 yes, your patched version is clearly borked - as you can see from this snippet. int vals_count; int vals_idx; char *ptr; char *value; TLDAP_RADIUS *element; LRAD_TOKEN token; LRAD_TOKEN token, operator; int is_generic_attribute; charvalue[256]; charbuf[MAX_STRING_LEN]; VALUE_PAIR *pairlist = NULL; VALUE_PAIR *newpair = NULL; chardo_xlat = FALSE; LRAD_TOKEN has dual definitions. it should look similar to: char **vals; int vals_count; int vals_idx; char *ptr; char *value; TLDAP_RADIUS *element; LRAD_TOKEN token, operator; int is_generic_attribute; charbuf[MAX_STRING_LEN]; VALUE_PAIR *pairlist = NULL; VALUE_PAIR *newpair = NULL; chardo_xlat = FALSE; how did you patch? I notice that the patch is no longer clean against the 1.1.x CVS code...which means that more headaches will occur. someone with the drive/desire needs to modify the patch for the more recent source alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: special characters in passwords + FR + ldap
Hello, how did you patch? What I did is that I took the rlm_ldap.c from FR 1.1.0 and replaced the content of the function ldap_pairget with the code shown on http://bugs.freeradius.org/showattachment.cgi?attach_id=112. Then I execute the './configure' and 'make' commands Natalia. On 3/9/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi, I attached a copy of the file rlm_ldap.c of radius 1.1.0 yes, your patched version is clearly borked - as you can see from this snippet. int vals_count; int vals_idx; char *ptr; char *value; TLDAP_RADIUS *element; LRAD_TOKEN token; LRAD_TOKEN token, operator; int is_generic_attribute; charvalue[256]; charbuf[MAX_STRING_LEN]; VALUE_PAIR *pairlist = NULL; VALUE_PAIR *newpair = NULL; chardo_xlat = FALSE; LRAD_TOKEN has dual definitions. it should look similar to: char **vals; int vals_count; int vals_idx; char *ptr; char *value; TLDAP_RADIUS *element; LRAD_TOKEN token, operator; int is_generic_attribute; charbuf[MAX_STRING_LEN]; VALUE_PAIR *pairlist = NULL; VALUE_PAIR *newpair = NULL; chardo_xlat = FALSE; how did you patch? I notice that the patch is no longer clean against the 1.1.x CVS code...which means that more headaches will occur. someone with the drive/desire needs to modify the patch for the more recent source alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: special characters in passwords + FR + ldap
Hi, From: Natalia Escalera [EMAIL PROTECTED] We have made a small fix to the ldap-module (as seen in the link to the mailing list archive). I don't know if this has been fixed in 1.1.0. I once had a quick look at the ldap-module of 1.1.0, it should be quite easy to test if it still fails. The password issue is also in FR 1.1.0. Thats weird. The bug is so easy to spot and should be trivial to fix. And I think it will affect many FR installations. -- Tero Turtiainen Technology Services Capgemini [EMAIL PROTECTED] This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: special characters in passwords + FR + ldap
Hello, I tried the patch on http://bugs.freeradius.org/showattachment.cgi?attach_id=112 for the function ldap_pairget in the file rlm_ldap.c but it gives me an error when executing the 'make' command saying that 'token' was already declared. This is where token is declared: --- LRAD_TOKEN token; + LRAD_TOKEN token, operator; --- May be the file in that page is corrupted. Can you please send me a copy of the file for the patch. Thank you in advance, Natalia. On 3/8/06, Turtiainen, Tero [EMAIL PROTECTED] wrote: Hi, From: Natalia Escalera [EMAIL PROTECTED] We have made a small fix to the ldap-module (as seen in the link to the mailing list archive). I don't know if this has been fixed in 1.1.0. I once had a quick look at the ldap-module of 1.1.0, it should be quite easy to test if it still fails. The password issue is also in FR 1.1.0. Thats weird. The bug is so easy to spot and should be trivial to fix. And I think it will affect many FR installations. -- Tero Turtiainen Technology Services Capgemini [EMAIL PROTECTED] This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: special characters in passwords + FR + ldap
Hi, I tried the patch on http://bugs.freeradius.org/showattachment.cgi?attach_id=112 for the function ldap_pairget in the file rlm_ldap.c but it gives me an error when executing the 'make' command saying that 'token' was already declared. This is where token is declared: --- LRAD_TOKEN token; + LRAD_TOKEN token, operator; --- May be the file in that page is corrupted. Can you please send me a copy of the file for the patch. could you send the rlm_ldap.c file that you now have - your patching may have got hosed alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: special characters in passwords + FR + ldap
Hi, -Original Message- Date: Sat, 4 Mar 2006 15:19:32 -0600 From: Natalia Escalera [EMAIL PROTECTED] Hello, What is needed is that Freeradius accepts passwors even if special charaters are part of them. This is what is happening: pass$word - FR - LDAP - FR (Answer: wrong password) Any ideas of how to solve it? This looks very much like the feature we have seen with FR 0.9.3. Passwords with a special character are truncated, resulting in password check failing. http://lists.freeradius.org/mailman/htdig/freeradius-users/2005-July/045 560.html This may be related to this bug, which is still open (I don't agree with the severity=minor :) http://bugs.freeradius.org/show_bug.cgi?id=261 We have made a small fix to the ldap-module (as seen in the link to the mailing list archive). I don't know if this has been fixed in 1.1.0. I once had a quick look at the ldap-module of 1.1.0, it should be quite easy to test if it still fails. -- Tero Turtiainen Technology Services Capgemini [EMAIL PROTECTED] This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: special characters in passwords + FR + ldap
Hello Mr. Turtiainen: Thank you for your response. We have made a small fix to the ldap-module (as seen in the link to the mailing list archive). I don't know if this has been fixed in 1.1.0. I once had a quick look at the ldap-module of 1.1.0, it should be quite easy to test if it still fails. The password issue is also in FR 1.1.0. I will try the patch suggested on http://bugs.freeradius.org/show_bug.cgi?id=261 and see if it works for our implementation. Thank you, Natalia. On 3/7/06, Turtiainen, Tero [EMAIL PROTECTED] wrote: Hi, -Original Message- Date: Sat, 4 Mar 2006 15:19:32 -0600 From: Natalia Escalera [EMAIL PROTECTED] Hello, What is needed is that Freeradius accepts passwors even if special charaters are part of them. This is what is happening: pass$word - FR - LDAP - FR (Answer: wrong password) Any ideas of how to solve it? This looks very much like the feature we have seen with FR 0.9.3. Passwords with a special character are truncated, resulting in password check failing. http://lists.freeradius.org/mailman/htdig/freeradius-users/2005-July/045 560.html This may be related to this bug, which is still open (I don't agree with the severity=minor :) http://bugs.freeradius.org/show_bug.cgi?id=261 We have made a small fix to the ldap-module (as seen in the link to the mailing list archive). I don't know if this has been fixed in 1.1.0. I once had a quick look at the ldap-module of 1.1.0, it should be quite easy to test if it still fails. -- Tero Turtiainen Technology Services Capgemini [EMAIL PROTECTED] This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: special characters in passwords + FR + ldap
You can try to log passwords sending to FR by NAS and snoop passwords sending by FR to LDAP, + switch on logging on LDAP and check why BIND operation between RF and LDAP fails. The bottom line here is that the password with spec chars is the same all the way down to LDAP server. on 04/03/2006 22:19 Natalia Escalera wrote: Hello, What is needed is that Freeradius accepts passwors even if special charaters are part of them. This is what is happening: pass$word - FR - LDAP - FR (Answer: wrong password) Any ideas of how to solve it? Thank you, Natalia. On 3/3/06, Alexei Monastyrnyi [EMAIL PROTECTED] wrote: Hey. Does one need to handle it in any special way? I have deployment like this, where special chars work as good as normal ones. Cisco VPN clients - Cisco PIX - FreeRADIUS - OpenLDAP. A. on 03/03/2006 00:28 Natalia Escalera wrote: Hello all, Do somebody know how to handle passwords having special characters in between (e.g. $ ) when doing freeradius-ldap authentication? Thank you, Natalia. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: special characters in passwords + FR + ldap
Hello, What is needed is that Freeradius accepts passwors even if special charaters are part of them. This is what is happening: pass$word - FR - LDAP - FR (Answer: wrong password) Any ideas of how to solve it? Thank you, Natalia. On 3/3/06, Alexei Monastyrnyi [EMAIL PROTECTED] wrote: Hey. Does one need to handle it in any special way? I have deployment like this, where special chars work as good as normal ones. Cisco VPN clients - Cisco PIX - FreeRADIUS - OpenLDAP. A. on 03/03/2006 00:28 Natalia Escalera wrote: Hello all, Do somebody know how to handle passwords having special characters in between (e.g. $ ) when doing freeradius-ldap authentication? Thank you, Natalia. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: special characters in passwords + FR + ldap
Hey. Does one need to handle it in any special way? I have deployment like this, where special chars work as good as normal ones. Cisco VPN clients - Cisco PIX - FreeRADIUS - OpenLDAP. A. on 03/03/2006 00:28 Natalia Escalera wrote: Hello all, Do somebody know how to handle passwords having special characters in between (e.g. $ ) when doing freeradius-ldap authentication? Thank you, Natalia. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
special characters in passwords + FR + ldap
Hello all, Do somebody know how to handle passwords having special characters in between (e.g. $ ) when doing freeradius-ldap authentication? Thank you, Natalia. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
