Actions
Bug #16491
closed
FreeRADIUS Accounts with "%" Character in the Password String Fail Authentication
Status:
Closed
Priority:
Normal
Assignee:
-
Category:
FreeRADIUS
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
25.07.1
Affected Architecture:
All
Description
- FreeRADIUS user accounts that have "%" included in their passwords won't pass authentication.
- Removing "%" from their password string, resolves the issue.
- Also tested with FreeRADIUS instance on Ubuntu (version 3.2.5), passwords with "%" work without any issues.
- freeradius3-3.2.7
- Process logs show: (2) Login incorrect (Failed retrieving values required to evaluate condition): [testuser] (from client test port 0)
Tested against:
2.8.1 CE
and
25.07.1-RELEASE (amd64)
built on Wed Aug 20 12:17:00 UTC 2025
FreeBSD 15.0-CURRENT
Updated by Christopher Cope about 2 months ago
- Status changed from New to Confirmed
- Target version set to 25.11
I can confirm this is an issue on
25.07.1-RELEASE (amd64) built on Wed Aug 13 1:59:00 EDT 2025 FreeBSD 15.0-CURRENT freeradius3 0.15.14
This version uses freeradius 3.2.7 and it seems to be related to an upstream bug: https://github.com/freeradius/freeradius-server/issues/5525
Testing on 24.11 which used freeradius 3.2.6 and there aren't any issues with '%'.
Also tested on
26.03-DEVELOPMENT (amd64) built on Thu Oct 16 19:24:00 UTC 2025 FreeBSD 16.0-CURRENT freeradius3 0.16.1
This version uses freeradius 3.2.8. I am getting a 503 error on any attempt to test authentication, so I'm unable to confirm the original issue no longer exists.
Updated by Jim Pingle 21 days ago
- Project changed from pfSense Plus to pfSense Packages
- Category changed from Authentication to FreeRADIUS
- Status changed from Confirmed to Closed
- Target version deleted (
25.11) - Release Notes deleted (
Default)
This was a bug in FreeRADIUS, not pfSense. The package repo contains FreeRADIUS 3.2.8 now which should include this fix.
Actions