Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Radius authentication passphrase length

    Scheduled Pinned Locked Moved Captive Portal
    45 Posts 4 Posters 22.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      billm
      last edited by

      @buraglio:

      It authenticates with the new code with a RADIUS box with >=16 passwords but the redirection after fails with some php errors.  I assume that is a cosmetic fix and not critical.  I can work on getting a radius box up probably tomorrow if that'd be helpful.

      So it now authenticates accounts with > 16 char passwords?  And authenticates accounts with < 16 char passwords?  Only a PHP error to cleanup?  Good news.  Maybe the PHP error is coming from the $debug define.

      –Bill

      pfSense core developer
      blog - http://www.ucsecurity.com/
      twitter - billmarquette

      1 Reply Last reply Reply Quote 0
      • B
        buraglio
        last edited by

        @billm:

        @buraglio:

        It authenticates with the new code with a RADIUS box with >=16 passwords but the redirection after fails with some php errors.  I assume that is a cosmetic fix and not critical.  I can work on getting a radius box up probably tomorrow if that'd be helpful.

        So it now authenticates accounts with > 16 char passwords?  And authenticates accounts with < 16 char passwords?  Only a PHP error to cleanup?  Good news.  Maybe the PHP error is coming from the $debug define.

        –Bill

        Actually it only authenticates 16 char or below passwords.  I mistyped.  Sorry.

        https://www.forwardingplane.net/

        1 Reply Last reply Reply Quote 0
        • B
          buraglio
          last edited by

          Has anyone else noticed this behavior?  Would it be beneficial for me to set up a RADIUS box and give you access to test against?

          https://www.forwardingplane.net/

          1 Reply Last reply Reply Quote 0
          • S
            sullrich
            last edited by

            @buraglio:

            Has anyone else noticed this behavior?  Would it be beneficial for me to set up a RADIUS box and give you access to test against?

            Yes, please do.  Bill does not have access to a tesitng environment for this.

            1 Reply Last reply Reply Quote 0
            • B
              billm
              last edited by

              @buraglio:

              Has anyone else noticed this behavior?  Would it be beneficial for me to set up a RADIUS box and give you access to test against?

              If you can provide me a radius target I can test this myself.

              –Bill

              pfSense core developer
              blog - http://www.ucsecurity.com/
              twitter - billmarquette

              1 Reply Last reply Reply Quote 0
              • B
                buraglio
                last edited by

                I'll work on this this afternoon and post when it's done.

                https://www.forwardingplane.net/

                1 Reply Last reply Reply Quote 0
                • B
                  buraglio
                  last edited by

                  @buraglio:

                  I'll work on this this afternoon and post when it's done.

                  I have this up, I'm still verifying correct functionality.  How would you like to go about testing?

                  https://www.forwardingplane.net/

                  1 Reply Last reply Reply Quote 0
                  • B
                    buraglio
                    last edited by

                    ok, I have this working whenever you'd like to start working on it.

                    https://www.forwardingplane.net/

                    1 Reply Last reply Reply Quote 0
                    • B
                      billm
                      last edited by

                      @buraglio:

                      ok, I have this working whenever you'd like to start working on it.

                      Can you PM me an IP to test against along with two usernames, one with a 15 char password, one with a 20 char password.  I can provide a static IP if needed that I'll be testing from.

                      –Bill

                      pfSense core developer
                      blog - http://www.ucsecurity.com/
                      twitter - billmarquette

                      1 Reply Last reply Reply Quote 0
                      • B
                        buraglio
                        last edited by

                        Sent.

                        https://www.forwardingplane.net/

                        1 Reply Last reply Reply Quote 0
                        • B
                          billm
                          last edited by

                          OK, fixed.  Thanks!

                          Grab http://www.pfsense.org/~billm/radius_authentication.inc.txt until this is commited.

                          –Bill

                          pfSense core developer
                          blog - http://www.ucsecurity.com/
                          twitter - billmarquette

                          1 Reply Last reply Reply Quote 0
                          • B
                            billm
                            last edited by

                            @billm:

                            OK, fixed.  Thanks!

                            Grab http://www.pfsense.org/~billm/radius_authentication.inc.txt until this is commited.

                            –Bill

                            I also verified that the code in HEAD works, it's only RELENG_1 that's affected by this.

                            –Bill

                            pfSense core developer
                            blog - http://www.ucsecurity.com/
                            twitter - billmarquette

                            1 Reply Last reply Reply Quote 0
                            • B
                              buraglio
                              last edited by

                              This works like a dream now, even in my wacky kerberos backended setup. 
                              Thanks for all the hard work, it is appreciated.

                              nb

                              https://www.forwardingplane.net/

                              1 Reply Last reply Reply Quote 0
                              • S
                                sullrich
                                last edited by

                                So what exactly should I MFC?

                                1 Reply Last reply Reply Quote 0
                                • B
                                  billm
                                  last edited by

                                  @sullrich:

                                  So what exactly should I MFC?

                                  This:
                                  http://www.pfsense.org/~billm/radius_authentication.inc.diff.txt

                                  –Bill

                                  pfSense core developer
                                  blog - http://www.ucsecurity.com/
                                  twitter - billmarquette

                                  1 Reply Last reply Reply Quote 0
                                  • S
                                    sullrich
                                    last edited by

                                    Commited!

                                    1 Reply Last reply Reply Quote 0
                                    • H
                                      hoba
                                      last edited by

                                      Send it over to the m0ther too  ;D

                                      1 Reply Last reply Reply Quote 0
                                      • First post
                                        Last post
                                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.