Project

General

Profile

Actions
Copy link

Bug #10385

closed

Pb with Username authorized characters when OTP is disabled

Added by Olivier GUENET over 4 years ago. Updated over 4 years ago.

Status:
Resolved
Priority:
Very High
Assignee:
Renato Botelho
Category:
FreeRADIUS
Target version:
-
Start date:
03/28/2020
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Affected Version:
2.4.5
Affected Plus Version:
Affected Architecture:
All

Description

Hi,

I have done the update to the 2.4.5 version of pfsense, with the update of the last package of freeradius3.

I don't use OTP at all, but a username create or modified with a @ is impossible : The 'Username' field may only contain a-z, A-Z, 0-9, underscore, period and hyphen (regex /^[a-zA-Z0-9_.-]*$/).

It is notified bellow : Note: May only contain a-z, A-Z, 0-9, underscore, period and hyphen when using OTP.

So, OTP is disabled, I think it is a bug.

Thanks,

Olivier GUENET

Actions
Copy link
 #2

Updated by Olivier GUENET over 4 years ago

Hi, thanks for your fast answer.

So I have modifief the file /usr/local/pkg/freeradius.inc, line 3668 and 3669 with adding the @ character in authorized REGEX.

Could you correct this in the next release?

Thanks,

Olivier GUENET

Actions
Copy link
 #3

Updated by MILO MEDIN over 4 years ago

There is also an issue with being able to user MAC addresses in the FreeRadius username in the XX:XX:XX:XX:XX:XX because colon's are not allowed. I use colons instead of -'s because that's how pfsense displays MAC addresses in DHCP lease reports. I want to be able to do cut and paste for those into the freeradius user database for MAC based VLAN assignment.

Actions
Copy link
 #4

Updated by Viktor Gurov over 4 years ago

MILO MEDIN wrote:

There is also an issue with being able to user MAC addresses in the FreeRadius username in the XX:XX:XX:XX:XX:XX because colon's are not allowed. I use colons instead of -'s because that's how pfsense displays MAC addresses in DHCP lease reports. I want to be able to do cut and paste for those into the freeradius user database for MAC based VLAN assignment.

Fix:
https://github.com/pfsense/FreeBSD-ports/pull/828

Actions
Copy link
 #5

Updated by Jim Pingle over 4 years ago

  • Status changed from New to Pull Request Review
Actions
Copy link
 #6

Updated by Renato Botelho over 4 years ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Renato Botelho
  • % Done changed from 0 to 100

PR has been merged. Thanks!

Actions
Copy link
 #7

Updated by Viktor Gurov over 4 years ago

  • Status changed from Feedback to Resolved

tested on 2.4.5/2.5 with freeradius3 0.15.7_13

works as expected - allows you to use special characters in the username field and allows you to use a MAC address with a colon delimiter

Actions
Copy link

Also available in: Atom PDF