Thanks in advance,
and sorry but I haven’t found similar post with my issue. The fact is that we got a mikrotik router config with VPN an a Radius server (LDAP) that works correctly. But some users (we are spanish) has special character with tilde in username like ñ or ü and those users cannot authenticate against Radius from router, but has no problem on the LAN.
Is there some way to bypass this issue without changing special character on the username?
thanks a lot
It could be in any number of places - the VPN client, the Mikrotik or the RADIUS server. Most likely a character set mapping issue, enabling debugging/logging on the Mikrotik and/or RADIUS server should display the usernames and hopefully show where it is being misinterpreted.
When you say you have no problem on the LAN, is that authentication client-to-LDAP or client-to-RADIUS-to-LDAP?
LDAP isn’t a RADIUS server, do you mean you have a RADIUS server using LDAP as a data source (either as a directory to look up a password, or as an authentication oracle)?
I don’t know specifically about Radius, but RouterOS has zero support for anything above basic 7-bit ASCII in other places (e.g. comments). It just stores and reads those bytes as they are, but has no understanding of any character sets. So e.g. comment “ěščřžýáíé” saved in WinBox will be ok in same WinBox, but even WebFig will mess it up. My guess is that this is similar issue, you’d probably need some conversion on Radius server if it’s possible.
Thank you so much for your help!
Finally we made it work using Unicode to “translate” characters. Curiously using Iphone to connect VPN sends the correct unicode, but Windows 10 PC doesn’t send correctly them and the message “radius timeout” was shown on router log.
Regards,
Daniel
Hello, I am also Spanish and I use FREERDIUS with mikrotik, I had the version of freeradius 2.0 and it worked well I have updated to version 3.0 and I have realized that I cannot use any special character in the username, such as "@ "
I don’t know if you have been able to solve this in any way?
I have edited the file queries.conf that is in /etc/freeradius/3.0/mods-config/sql/main/mysql and I have enabled the line of safe_characters, but I have not been lucky …
Please do not hijack old threads if they are not related - the original question was about support of extended ASCII characters.
“@” is the network access identifier separator symbol and may be handled differently in FreeRADIUS 3.x, see https://networkradius.com/doc/current/raddb/mods-available/realm.html. I vaguely recall FreeRADIUS 2.x did not to process realms by default, you would be better asking for support in the FreeRADIUS forums.