Possible bug

Hello Cornelius

Me again :wink:

I think I found a small bug with authentication module.

One of my ldap user has this password : o*vCYaN

I manage to login through the WebUI interface with this user and password.

But, with pi-manage (or radius) it failed.
Into debug file I can see :

2016-08-11
11:11:30,093][8243][139692791498560][DEBUG][privacyidea.lib.token:172]
Entering check_user_pass with arguments (User(login=u’USER’,
realm=u’REALM’, resolver=u’RESOLVER’), u’o*vCYaN’, {}) and keywords {}

It seems the \ of the password is missing.

I tried with :
pi-manage validate USER “o*vCYaN” ->KO
pi-manage validate USER o*vCYaN ->KO
pi-manage validate USER o\*vCYaN ->KO but the password in the log file
is o\*vCYaN

Thanks
Regards

With pi-manage you should try

pi-manage validate ‘o*vCYaN’

(single quotes- not double quotes)

But lets rather focus on the radius question.

Please run feeradius in debug mode with the -X option and see the
output.

Kind regards
CorneliusAm Donnerstag, den 11.08.2016, 02:17 -0700 schrieb BrianP:

Hello Cornelius

Me again :wink:

I think I found a small bug with authentication module.

One of my ldap user has this password : o*vCYaN

I manage to login through the WebUI interface with this user and
password.

But, with pi-manage (or radius) it failed.
Into debug file I can see :

2016-08-11
11:11:30,093][8243][139692791498560][DEBUG][privacyidea.lib.token:172]
Entering check_user_pass with arguments (User(login=u’USER’,
realm=u’REALM’, resolver=u’RESOLVER’), u’o*vCYaN’, {}) and keywords {}

It seems the \ of the password is missing.

I tried with :
pi-manage validate USER “o*vCYaN” ->KO

pi-manage validate USER o*vCYaN ->KO

pi-manage validate USER o\*vCYaN ->KO but the password in the log
file is o\*vCYaN

Thanks
Regards

Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/bb15a5ca-8fac-4e82-8bf5-d1839ffa7063%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (836 Bytes)

Hello Cornelius,

It is the same.
In fact, the error message is :

RESULT=False
DETAILS={‘message’: ‘The user has no tokens assigned’}
And the log file show this password ‘o*vCYaN’ is sent to the LDAP resolver
; that is why it failed.

I tried to assign a SPass token to this user with the same password.
Everything is OK.

pi-manage validate :OK
webUI login : OK

Radius auth is not OK but It is a radius bug.
The \ is escaped, so the password send to PrivacyIdea is o*vCYaN

Don’t waste your time with that, it is easy to find a workaround ; but it
is probably a small bug.

Thanks
BrianLe jeudi 11 août 2016 11:17:04 UTC+2, BrianP a écrit :

Hello Cornelius

Me again :wink:

I think I found a small bug with authentication module.

One of my ldap user has this password : o*vCYaN

I manage to login through the WebUI interface with this user and password.

But, with pi-manage (or radius) it failed.
Into debug file I can see :

2016-08-11
11:11:30,093][8243][139692791498560][DEBUG][privacyidea.lib.token:172]
Entering check_user_pass with arguments (User(login=u’USER’,
realm=u’REALM’, resolver=u’RESOLVER’), u’o*vCYaN’, {}) and keywords {}

It seems the \ of the password is missing.

I tried with :
pi-manage validate USER “o*vCYaN” ->KO
pi-manage validate USER o*vCYaN ->KO
pi-manage validate USER o\*vCYaN ->KO but the password in the log file
is o\*vCYaN

Thanks
Regards