Hey there!
I’ve got a annoying problem here with FreeRadius and PrivacyIDEA:
Local AD has usernames with umlauts. FreeRadius will send them encoded to PI. PI is unable to find the corresponding user in any realm
radius.log
Wed Jul 27 08:31:14 2022 : Info: rlm_perl: Config File /etc/privacyidea/rlm_perl.ini found!
Wed Jul 27 08:31:14 2022 : Info: rlm_perl: Debugging config:
Wed Jul 27 08:31:14 2022 : Info: rlm_perl: Default URL https://localhost/validate/check
Wed Jul 27 08:31:14 2022 : Info: rlm_perl: Looking for config for auth-type Perl
Wed Jul 27 08:31:14 2022 : Info: rlm_perl: Password encoding guessed: ascii
Wed Jul 27 08:31:14 2022 : Info: rlm_perl: Setting client IP to 192.168.0.12.
Wed Jul 27 08:31:14 2022 : Info: rlm_perl: Auth-Type: Perl
Wed Jul 27 08:31:14 2022 : Info: rlm_perl: url: https://localhost/validate/check
Wed Jul 27 08:31:14 2022 : Info: rlm_perl: user sent to privacyidea: G%C3%83%C2%B6the
Wed Jul 27 08:31:14 2022 : Info: rlm_perl: realm sent to privacyidea:
Wed Jul 27 08:31:14 2022 : Info: rlm_perl: resolver sent to privacyidea:
Wed Jul 27 08:31:14 2022 : Info: rlm_perl: client sent to privacyidea: 192.168.0.12
Wed Jul 27 08:31:14 2022 : Info: rlm_perl: state sent to privacyidea:
Wed Jul 27 08:31:14 2022 : Info: rlm_perl: urlparam client
Wed Jul 27 08:31:14 2022 : Info: rlm_perl: urlparam pass
Wed Jul 27 08:31:14 2022 : Info: rlm_perl: urlparam user
Wed Jul 27 08:31:14 2022 : Info: rlm_perl: Request timeout: 10
Wed Jul 27 08:31:14 2022 : Info: rlm_perl: Not verifying SSL certificate!
Wed Jul 27 08:31:15 2022 : Info: rlm_perl: elapsed time for privacyidea call: 0.549382
Wed Jul 27 08:31:15 2022 : Info: rlm_perl: privacyIDEA request failed: 400 BAD REQUEST
Wed Jul 27 08:31:15 2022 : Info: rlm_perl: privacyIDEA Result status is false!
Wed Jul 27 08:31:15 2022 : Info: rlm_perl: ERR904: The user can not be found in any resolver in this realm!
Wed Jul 27 08:31:15 2022 : Info: rlm_perl: privacyIDEA failed to handle the request
Wed Jul 27 08:31:15 2022 : Info: rlm_perl: return RLM_MODULE_NOTFOUND
But according to PI.log, the user was found indeed:
privacyidea.log
!!!Log Entry Secured by SecureFormatter!!! [2022-07-27 08:27:22,539][693832][140139410347904][INFO][privacyidea.lib.user:252] user 'G.the' found in resolver 'testdc01'
[2022-07-27 08:27:22,539][693832][140139410347904][INFO][privacyidea.lib.user:254] userid resolved to '243de5b4-42de-4838-be2c-30a28cccad49'
Removing umlauts is not an option.
I don’t know, in which part the things gets messed up - maybe someone already had the same issue here and found a solution?
Edit:
locales seems to be correct:
> locale
LANG=de_DE.UTF-8
LANGUAGE=
LC_CTYPE="de_DE.UTF-8"
LC_NUMERIC="de_DE.UTF-8"
LC_TIME="de_DE.UTF-8"
LC_COLLATE="de_DE.UTF-8"
LC_MONETARY="de_DE.UTF-8"
LC_MESSAGES="de_DE.UTF-8"
LC_PAPER="de_DE.UTF-8"
LC_NAME="de_DE.UTF-8"
LC_ADDRESS="de_DE.UTF-8"
LC_TELEPHONE="de_DE.UTF-8"
LC_MEASUREMENT="de_DE.UTF-8"
LC_IDENTIFICATION="de_DE.UTF-8"
LC_ALL=
Edit2:
G%C3%83%C2%B6the
looks like a Windows-1252 / UTF-8 (double)-misconversion. Is this a bug?
UTF-8 bytes should be “%C3%B6” → “ö”