Thanks, This kind of confirms what I initially thought. >From what I can see in the PasswordLog thingie doesn't log the local character >at all in the column that specifies what radiator received.. so I'd say this >is an equipment issue.
Regards, Patrik Forsberg > -----Original Message----- > From: [email protected] [mailto:radiator- > [email protected]] On Behalf Of Heikki Vatiainen > Sent: Monday, May 21, 2012 11:17 AM > To: [email protected] > Subject: Re: [RADIATOR] Password with local characters fails > > On 05/21/2012 10:47 AM, Patrik Forsberg wrote: > > > I have a minor issue with our current setup where it seems like local > characters aren't working for some reason ? > > If a person have a password like "hello" it works but "hallå" won't work .. > from debugging it looks like the character get stripped from the password > request.. but I'm NOT sure if it is equipment related or Radiator that strips > it ? > > > > My question is if there are anything in Radiator that could strips the local > characters from the password field prior to adding it up for authentication ? > My guess is no and that this is actually an equipment issue :) > > Radiator does not strip anything, but with non-ascii characters there's > the question of which locale (UTF8, ISO-8859-1, ISO-8859-15, etc.) is in > use and, as a result, how the non-ascii characters get encoded. > > I tried hallå (hall + http://en.wikipedia.org/wiki/%C3%85) as password > with both TACACS+ and plain RADIUS. The test was done with radpwtst and > goodies/tacacsplustest. The system uses UTF8 locale, so my å gets sent > as hex characters c3 a5 (decimal 195 and 165). This was on Radiator 4.9 > and Ubuntu 12.04. > > Trace 4 from radiusd, after modifying it to show the received password, > gives this for TACACS+ (hallå in UTF8 as the User-Password in the users > file): > > Mon May 21 12:10:24 2012: DEBUG: New TacacsplusConnection created for > 127.0.0.1:52192 > Mon May 21 12:10:24 2012: DEBUG: TacacsplusConnection request 193, 1, 1, > 0, 1234, 30 > Mon May 21 12:10:24 2012: DEBUG: TacacsplusConnection Authentication > START 1, 2, 0 for hvn, 123, testclient > Mon May 21 12:10:24 2012: DEBUG: TACACSPLUS derived Radius request > packet dump: > Code: Access-Request > Identifier: UNDEF > Authentic: <234>(<217><159>0&<146>d{<6><221>{<182><29>'<185> > Attributes: > NAS-IP-Address = 127.0.0.1 > NAS-Port-Id = "123" > Calling-Station-Id = "testclient" > NAS-Identifier = "TACACS" > cisco-avpair = "action=1" > cisco-avpair = "authen_type=2" > cisco-avpair = "priv-lvl=0" > cisco-avpair = "service=0" > User-Name = "hvn" > User-Password = **obscured** > User-Password = hall<195><165> > OSC-Version-Identifier = "193" > > > Mon May 21 12:10:24 2012: DEBUG: Handling request with Handler > 'Realm=DEFAULT', Identifier '' > Mon May 21 12:10:24 2012: DEBUG: Deleting session for hvn, 127.0.0.1, > Mon May 21 12:10:24 2012: DEBUG: Handling with Radius::AuthFILE: > Mon May 21 12:10:24 2012: DEBUG: Reading users file ./users > Mon May 21 12:10:24 2012: DEBUG: Radius::AuthFILE looks for match with > hvn [hvn] > Mon May 21 12:10:24 2012: DEBUG: Radius::AuthFILE ACCEPT: : hvn [hvn] > Mon May 21 12:10:24 2012: DEBUG: AuthBy FILE result: ACCEPT, > Mon May 21 12:10:24 2012: DEBUG: Access accepted for hvn > Mon May 21 12:10:24 2012: DEBUG: Packet dump: > *** Reply to TACACSPLUS request: > Code: Access-Accept > Identifier: UNDEF > Authentic: <234>(<217><159>0&<146>d{<6><221>{<182><29>'<185> > Attributes: > > > -- > Heikki Vatiainen <[email protected]> > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, > TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, > DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, > NetWare etc. > _______________________________________________ > radiator mailing list > [email protected] > http://www.open.com.au/mailman/listinfo/radiator _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
