Duane Cox wrote: > Appartenly somewhere (rlm_sql ?) the username is being changed > possible in an anti-injection function, I don't know. > Can someone shed some light on this? > > For instance, in the debug snip below, the username 'dcox&dcox' is > changed to 'dcox=26dcox' which of course fails the sql select > statement.
It's not a bug, it's a feature. It prevents SQL injection attacks on your backend database. http://www.google.com/search?q=sql+injection+attack As Alan said, you can change the "safe-characters" option in sql.conf, but only if you know exactly what you are doing. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
