Why user password look different in debug mode and insert to sql

64 Views Asked by James Chang At 19 October 2024 at 21:42

How can I change the %USER-Password value like when I look in the debug mode Access-Request?

debug mode like this: "User-Password = "2ixxigux+""

when insert to the sql like this:

"[sql] expand: %{User-Password} -> 2ixxigux=2B"

Thanks

Original Q&A

There are 1 best solutions below

Arran Cudbard-Bell On 13 September 2017 at 16:18

The SQL module only allows a limited character set for value substitutions in SQL queries. FreeRADIUS v4.0.x (unreleased as of 13/09/17) is slightly better in this regard, in that if the SQL library provides an escape function, then that function is called instead.

The reason why the values are different in this case, is because '+' is not in the default safe characters list as so is escaped (with the format =<hex><hex>).

You can change the allowable characters with the safe_characters config item in raddb/mods-available/sql see here. Be careful not to allow characters which could be used in SQL injection attacks.

Why user password look different in debug mode and insert to sql

There are 1 best solutions below

Related Questions in FREERADIUS

Trending Questions

Popular # Hahtags

Popular Questions