Possible bug

Question
1

Hello Cornelius

Me again :wink:

I think I found a small bug with authentication module.

One of my ldap user has this password : o*vCYaN

I manage to login through the WebUI interface with this user and password.

But, with pi-manage (or radius) it failed.
Into debug file I can see :

2016-08-11
11:11:30,093][8243][139692791498560][DEBUG][privacyidea.lib.token:172]
Entering check_user_pass with arguments (User(login=u’USER’,
realm=u’REALM’, resolver=u’RESOLVER’), u’o*vCYaN’, {}) and keywords {}

It seems the \ of the password is missing.

I tried with :
pi-manage validate USER “o*vCYaN” ->KO
pi-manage validate USER o*vCYaN ->KO
pi-manage validate USER o\*vCYaN ->KO but the password in the log file
is o\*vCYaN

Thanks
Regards

2

With pi-manage you should try

pi-manage validate ‘o*vCYaN’

(single quotes- not double quotes)

But lets rather focus on the radius question.

Please run feeradius in debug mode with the -X option and see the
output.

Kind regards
CorneliusAm Donnerstag, den 11.08.2016, 02:17 -0700 schrieb BrianP:

Hello Cornelius

Me again :wink:

I think I found a small bug with authentication module.

One of my ldap user has this password : o*vCYaN

I manage to login through the WebUI interface with this user and
password.

But, with pi-manage (or radius) it failed.
Into debug file I can see :

2016-08-11
11:11:30,093][8243][139692791498560][DEBUG][privacyidea.lib.token:172]
Entering check_user_pass with arguments (User(login=u’USER’,
realm=u’REALM’, resolver=u’RESOLVER’), u’o*vCYaN’, {}) and keywords {}

It seems the \ of the password is missing.

I tried with :
pi-manage validate USER “o*vCYaN” ->KO

pi-manage validate USER o*vCYaN ->KO

pi-manage validate USER o\*vCYaN ->KO but the password in the log
file is o\*vCYaN

Thanks
Regards

Please read the blog post about getting help
Getting help – privacyID3A.

For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - VerschlĂŒsselung

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support Level

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/bb15a5ca-8fac-4e82-8bf5-d1839ffa7063%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
GeschĂ€ftsfĂŒhrer: Cornelius Kölbel

signature.asc (836 Bytes)

3

Hello Cornelius,

It is the same.
In fact, the error message is :

RESULT=False
DETAILS={‘message’: ‘The user has no tokens assigned’}
And the log file show this password ‘o*vCYaN’ is sent to the LDAP resolver
; that is why it failed.

I tried to assign a SPass token to this user with the same password.
Everything is OK.

pi-manage validate :OK
webUI login : OK

Radius auth is not OK but It is a radius bug.
The \ is escaped, so the password send to PrivacyIdea is o*vCYaN

Don’t waste your time with that, it is easy to find a workaround ; but it
is probably a small bug.

Thanks
BrianLe jeudi 11 août 2016 11:17:04 UTC+2, BrianP a écrit :

Hello Cornelius

Me again :wink:

I think I found a small bug with authentication module.

One of my ldap user has this password : o*vCYaN

I manage to login through the WebUI interface with this user and password.

But, with pi-manage (or radius) it failed.
Into debug file I can see :

2016-08-11
11:11:30,093][8243][139692791498560][DEBUG][privacyidea.lib.token:172]
Entering check_user_pass with arguments (User(login=u’USER’,
realm=u’REALM’, resolver=u’RESOLVER’), u’o*vCYaN’, {}) and keywords {}

It seems the \ of the password is missing.

I tried with :
pi-manage validate USER “o*vCYaN” ->KO
pi-manage validate USER o*vCYaN ->KO
pi-manage validate USER o\*vCYaN ->KO but the password in the log file
is o\*vCYaN

Thanks
Regards