Hi Alan,
Ok maybe it wasn't clear enough. We have a web-application running on
Apache/tomcat and the client used for authentication is the mod_auth_radius
module. We want to test that there are no problems with users having special
characters, hence the garbage like username/password. We have a valid unix user
éâäåçêëèïîìÄæôòû with password éâäåçêëèïîìÄæôòû in the Ubuntu Dapper Linux
system on which the radius server 1.1.0 has been installed. So when I browse to
the web-app, I get uid/pwd challenge, and when I provide the
éâäåçêëèïîìÄæôòû/éâäåçêëèïîìÄæôòû as the uid/pwd, I see the following on the
radius server which is running in debug mode:
rad_recv: Access-Request packet from host 127.0.0.1:33292, id=245, length=98
User-Name =
"\303\251\303\242\303\244\303\245\303\247\303\252\303\250\303\257\303\256\303\254\303\204\303\246\303\264\303\262\303\273"
User-Password =
"\222\023S~\345v\322\250\207\216\261\206\242J\301\301\251\006\233\026N\374\014\213\036c\022'\220\r\370\210"
NAS-IP-Address = 255.255.255.255
NAS-Port = 1812
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No '@' in User-Name = "[EMAIL PROTECTED]", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 1
users: Matched entry DEFAULT at line 152
modcall[authorize]: module "files" returns ok for request 1
modcall: leaving group authorize (returns ok) for request 1
rad_check_password: Found Auth-Type System
auth: type "System"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_unix: [EMAIL PROTECTED]: invalid password
modcall[authenticate]: module "unix" returns reject for request 1
modcall: leaving group authenticate (returns reject) for request 1
auth: Failed to validate the user.
WARNING: Unprintable characters in the password. ? Double-check the shared
secret on the server and the NAS!
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
--- Walking the entire request list ---
I have another unix user Vinodh/vinodh in the system, so when I try that, I get
this:
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 7 ID 99 with timestamp 44e57654 Nothing to do. Sleeping
until we see a request.
rad_recv: Access-Request packet from host 10.0.203.118:1026, id=97, length=72
User-Name = "Vinodh"
User-Password = "vinodh"
Service-Type = Authenticate-Only
NAS-Identifier = "10.0.203.118"
NAS-IP-Address = 10.0.203.118
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
modcall[authorize]: module "preprocess" returns ok for request 8
modcall[authorize]: module "mschap" returns noop for request 8
rlm_realm: No '@' in User-Name = "Vinodh", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 8
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 8
users: Matched entry DEFAULT at line 152
modcall[authorize]: module "files" returns ok for request 8
modcall: leaving group authorize (returns ok) for request 8
rad_check_password: Found Auth-Type System
auth: type "System"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
modcall[authenticate]: module "unix" returns ok for request 8
modcall: leaving group authenticate (returns ok) for request 8 Sending
Access-Accept of id 97 to 10.0.203.118 port 1026 Finished request 8 Going to
the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 8 ID 97 with timestamp 44e57662 Nothing to do. Sleeping
until we see a request.
So the unix authentication works fine for ordinary characters. Is there some
configuration issue somewhere? Hope this is more clearer.
V~
---
Vinodh Velusamy
Software Engineer
Ubizen - a Cybertrust company
Ubicenter, Philipssite 5, 3001 Leuven, Belgium
T: +32 16 28 73 14
F: +32 16 28 71 00
E-mail: [EMAIL PROTECTED]
www.ubizen.com - www.cybertrust.com
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok
Sent: Wednesday, August 23, 2006 7:27 PM
To: FreeRadius users mailing list
Subject: Re: RE: RE: Problem with character Ä in username/password
"Velusamy, Vinodh" <[EMAIL PROTECTED]> wrote:
> Sorry for troubling you, but could you please help me out with this?
> We are using the mod_auth_radius, the RADIUS authentication module for
> the Apache webserver version 1.5.2 for apache 1.3 that you have
> developed. If you need any other info I will try my best to provide
> it.
I have no idea what the problem is. I've asked for information, and you
haven't provided it. I've asked questions that you haven't answered.
If the username is garbage, then the ONLY reason that happens is that's what
the user typed in.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
