[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: Additional backslash being added in password
From:       Alan DeKok <aland () deployingradius ! com>
Date:       2022-04-08 13:07:26
Message-ID: 15CF4E18-1C95-4848-BCD4-95A8C3181262 () deployingradius ! com
[Download RAW message or body]

On Apr 8, 2022, at 6:02 AM, Burn Zero <burnzerog@gmail.com> wrote:
> I am using FreeRADIUS version - 3.0.17

  I suggest upgrading, but OK/

> While investigating some login authentication failures, I found that if the
> user has a backslash \ in their password, then another backslash is being
> added and the login fails.

  Added... where?  Which module are you using?  If you read the docs, you'll see that \
you should be using / posting the debug output.  That will help us help you.

  The issue is that there's a lot of string expansion going on in various places.  \
For example, when attributes are used in SQL queries.

  But... you should never use passwords in SQL queries.  That doesn't make sense.

> For example: if a user has a password R@ndom\String, then in FreeRADIUS it
> is being taken as R@ndom\\String. ( one more backslash is added ).
> 
> Could you please let me know how to make FreeRADIUS accept the single
> backslash character as it is and not to add extra backslash?

  The default configuration works.  The default queries / password checks work, even \
when passwords have backslashes.

  What did you change?  Can you post the debug output, as suggested in ALL of the \
documentation?

  Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]