Bug #10352
open
RADIUS authentication fails with MSCHAPv1 or MSCHAPv2 when passwords contain international characters
0%
Description
RADIUS authentication fails with the authentication server entry set to use MSCHAPv1 or MSCHAPv2 when passwords contain international characters. Authentication with the same password succeeds when set to PAP or MD5-CHAP.
I've tried running through a few different encodings (UTF-8, UTF-16, and the chap module's own unicode conversion function) without success.
It works when using radtest at the CLI regardless of type passed to that program. Packet captures of similar requests don't show significant differences between PHP and radtest.
Could be a limitation of Crypt_CHAP_MSv1 / Crypt_CHAP_MSv2 / Auth_RADIUS_*, but we should at least eliminate possible local code causes first.
Low priority since there are ways to make it work (PAP, MD5-CHAP), and users could choose to use other compatible passwords.
Updated by Oscar Mrbt about 4 years ago
I tried with PAP and MD5-CHAP on
2.4.3-RELEASE (amd64) memstick serial and
FreeBSD 11.1-RELEASE-p7
but the result once decoded in Wireshark looks like the same UNICODE Byte !
Updated by Jim Pingle about 4 years ago
Use the current release 2.4.5-p1 or a development snapshot (2.5.0). Testing with older/unsupported versions is irrelevant.
Updated by Kris Phillips about 3 years ago
Similar issue with LDAP authentication #12519
Updated by Patrick Vander Linden over 2 years ago
The issue is still present on 22.01-RELEASE
Any foreseen planning to fix this issue ?
Is someone working on it ? maybe me then ;)