On 05/21/2012 10:47 AM, Patrik Forsberg wrote: > I have a minor issue with our current setup where it seems like local > characters aren't working for some reason ? > If a person have a password like "hello" it works but "hallå" won't work .. > from debugging it looks like the character get stripped from the password > request.. but I'm NOT sure if it is equipment related or Radiator that strips > it ? > > My question is if there are anything in Radiator that could strips the local > characters from the password field prior to adding it up for authentication ? > My guess is no and that this is actually an equipment issue :)
Radiator does not strip anything, but with non-ascii characters there's the question of which locale (UTF8, ISO-8859-1, ISO-8859-15, etc.) is in use and, as a result, how the non-ascii characters get encoded. I tried hallå (hall + http://en.wikipedia.org/wiki/%C3%85) as password with both TACACS+ and plain RADIUS. The test was done with radpwtst and goodies/tacacsplustest. The system uses UTF8 locale, so my å gets sent as hex characters c3 a5 (decimal 195 and 165). This was on Radiator 4.9 and Ubuntu 12.04. Trace 4 from radiusd, after modifying it to show the received password, gives this for TACACS+ (hallå in UTF8 as the User-Password in the users file): Mon May 21 12:10:24 2012: DEBUG: New TacacsplusConnection created for 127.0.0.1:52192 Mon May 21 12:10:24 2012: DEBUG: TacacsplusConnection request 193, 1, 1, 0, 1234, 30 Mon May 21 12:10:24 2012: DEBUG: TacacsplusConnection Authentication START 1, 2, 0 for hvn, 123, testclient Mon May 21 12:10:24 2012: DEBUG: TACACSPLUS derived Radius request packet dump: Code: Access-Request Identifier: UNDEF Authentic: <234>(<217><159>0&<146>d{<6><221>{<182><29>'<185> Attributes: NAS-IP-Address = 127.0.0.1 NAS-Port-Id = "123" Calling-Station-Id = "testclient" NAS-Identifier = "TACACS" cisco-avpair = "action=1" cisco-avpair = "authen_type=2" cisco-avpair = "priv-lvl=0" cisco-avpair = "service=0" User-Name = "hvn" User-Password = **obscured** User-Password = hall<195><165> OSC-Version-Identifier = "193" Mon May 21 12:10:24 2012: DEBUG: Handling request with Handler 'Realm=DEFAULT', Identifier '' Mon May 21 12:10:24 2012: DEBUG: Deleting session for hvn, 127.0.0.1, Mon May 21 12:10:24 2012: DEBUG: Handling with Radius::AuthFILE: Mon May 21 12:10:24 2012: DEBUG: Reading users file ./users Mon May 21 12:10:24 2012: DEBUG: Radius::AuthFILE looks for match with hvn [hvn] Mon May 21 12:10:24 2012: DEBUG: Radius::AuthFILE ACCEPT: : hvn [hvn] Mon May 21 12:10:24 2012: DEBUG: AuthBy FILE result: ACCEPT, Mon May 21 12:10:24 2012: DEBUG: Access accepted for hvn Mon May 21 12:10:24 2012: DEBUG: Packet dump: *** Reply to TACACSPLUS request: Code: Access-Accept Identifier: UNDEF Authentic: <234>(<217><159>0&<146>d{<6><221>{<182><29>'<185> Attributes: -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
