Project

General

Profile

Bug #10385

Pb with Username authorized characters when OTP is disabled

Added by Olivier GUENET 2 months ago. Updated about 1 month ago.

Status:
Resolved
Priority:
Very High
Assignee:
Renato Botelho
Category:
FreeRADIUS
Target version:
-
Start date:
03/28/2020
Due date:
% Done:

100%

Estimated time:
Affected Version:
2.4.5
Affected Architecture:
All

Description

Hi,

I have done the update to the 2.4.5 version of pfsense, with the update of the last package of freeradius3.

I don't use OTP at all, but a username create or modified with a @ is impossible : The 'Username' field may only contain a-z, A-Z, 0-9, underscore, period and hyphen (regex /^[a-zA-Z0-9_.-]*$/).

It is notified bellow : Note: May only contain a-z, A-Z, 0-9, underscore, period and hyphen when using OTP.

So, OTP is disabled, I think it is a bug.

Thanks,

Olivier GUENET

History

#2 Updated by Olivier GUENET 2 months ago

Hi, thanks for your fast answer.

So I have modifief the file /usr/local/pkg/freeradius.inc, line 3668 and 3669 with adding the @ character in authorized REGEX.

Could you correct this in the next release?

Thanks,

Olivier GUENET

#3 Updated by MILO MEDIN 2 months ago

There is also an issue with being able to user MAC addresses in the FreeRadius username in the XX:XX:XX:XX:XX:XX because colon's are not allowed. I use colons instead of -'s because that's how pfsense displays MAC addresses in DHCP lease reports. I want to be able to do cut and paste for those into the freeradius user database for MAC based VLAN assignment.

#4 Updated by Viktor Gurov about 2 months ago

MILO MEDIN wrote:

There is also an issue with being able to user MAC addresses in the FreeRadius username in the XX:XX:XX:XX:XX:XX because colon's are not allowed. I use colons instead of -'s because that's how pfsense displays MAC addresses in DHCP lease reports. I want to be able to do cut and paste for those into the freeradius user database for MAC based VLAN assignment.

Fix:
https://github.com/pfsense/FreeBSD-ports/pull/828

#5 Updated by Jim Pingle about 2 months ago

  • Status changed from New to Pull Request Review

#6 Updated by Renato Botelho about 2 months ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Renato Botelho
  • % Done changed from 0 to 100

PR has been merged. Thanks!

#7 Updated by Viktor Gurov about 1 month ago

  • Status changed from Feedback to Resolved

tested on 2.4.5/2.5 with freeradius3 0.15.7_13

works as expected - allows you to use special characters in the username field and allows you to use a MAC address with a colon delimiter

Also available in: Atom PDF