[7.270] AD LDAP Authentication fails w/ special chars in password [PENDING]

if you set authentication over Active Directory and you have special characters in the password, the authentication failed. The Password from user2 has a # in his password. the user1 has only normal characters and numbers in this password and works.

2008:08:08-11:02:44 (none) aua[7975]: id="3004" severity="info" sys="System" sub="auth" name="Authentication successful" srcip="132.148.8.160" user="user1" caller="portal" engine="local" 
2008:08:08-11:03:48 (none) aua[8237]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="132.148.8.160" user="user2" caller="portal" reason="DENIED" 
2008:08:08-11:04:06 (none) aua[8356]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="132.148.8.160" user="user2" caller="portal" reason="DENIED"

if i test this settings in the Test Field on the Active Directory Tab, the user1 workds and user2 not.

user1:


[FONT=monospace]2008:08:08-11:13:15 (none) aua[22293]: id="3006" severity="info" sys="System" sub="auth" name="Authentication test request: m:adirectory, f:none, u:user1, ip:0.0.0.0" [/FONT]
[FONT=monospace]2008:08:08-11:13:15 (none) aua[22293]: id="3006" severity="info" sys="System" sub="auth" name="Testing method adirectory" [/FONT]
[FONT=monospace]2008:08:08-11:13:15 (none) aua[22293]: id="3006" severity="info" sys="System" sub="auth" name="Authentication test successfull" [/FONT]

user2:


[FONT=monospace]2008:08:08-11:08:24 (none) aua[22293]: id="3006" severity="info" sys="System" sub="auth" name="Authentication test request: m:adirectory, f:none, u:user2, ip:0.0.0.0" [/FONT]
[FONT=monospace]2008:08:08-11:08:24 (none) aua[22293]: id="3006" severity="info" sys="System" sub="auth" name="Testing method adirectory" [/FONT]
[FONT=monospace]2008:08:08-11:08:24 (none) aua[22293]: id="3006" severity="info" sys="System" sub="auth" name="Authentication test failed: User could not be authenticated" [/FONT]

user1: Password: abc123
user2: Password: abc123#

Bug2:
If you use the Testfield, the ip will be shown in the log as 0.0.0.0

Parents

0 tom_01 over 16 years ago

Confirmed, thanks!
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 rleibl over 16 years ago in reply to tom_01

If you use the Testfield, the ip will be shown in the log as 0.0.0.0

This is actually not a bug. The Ip address is not shown on regular authentication.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Alex76 over 16 years ago in reply to rleibl

This is actually not a bug. The Ip address is not shown on regular authentication.

ok, its not a bug, its a feature like M$ *g*
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 tom_01 over 16 years ago in reply to Alex76

I have to "unconfirm" this one - we actually created a false positive when reproducing this.

Can you please try to reproduce this with a newly created user?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Alex76 over 16 years ago in reply to tom_01

i checked this with a new user and it doesn't work. our password complexity requitements are: minimum 8 characters plus one or more digit and one or more special characters. with this complexity requirements no user will be Authenticated over astaro. with a simple password like abs123 it works.
- astaro.jpg
- View
- Hide
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Alex76 over 16 years ago in reply to tom_01

i checked this with a new user and it doesn't work. our password complexity requitements are: minimum 8 characters plus one or more digit and one or more special characters. with this complexity requirements no user will be Authenticated over astaro. with a simple password like abs123 it works.

i think its anything with this complex password . . .
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 rleibl over 16 years ago in reply to Alex76

Special characters in general are no problem. Just the opposite, good passwords rely on non alphanumeric characters.

I just checked with my ASG and tested a user with the following password:

abc`~!@#$%^&*()_+-=123{}|:"<>?[]\;',./

This works here. Do you have a way to check what exact password is passed to your ActiveDirectory? (Probably not, as the admin is usually not allowed to see client passwords at all)

I will contact you privately so we (Astaro) can probably take a look at your machine.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Alex76 over 16 years ago in reply to rleibl

I will contact you privately so we (Astaro) can probably take a look at your machine.

i think thats the easyest way, so i hope we can see more.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Alex76 over 16 years ago in reply to Alex76

so, here the state of 2.900:

the enduserlogin didn't success. You can find 3 Screenshots, but the special characters in the test field work well.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 rleibl over 16 years ago in reply to Alex76

but the special characters in the test field work well.

If special characters work in the test settings, they also work in the EUP. Both authentications use the same code.

Please make sure that

1. The EndUserPortal is enabled

2. Access is set to

- 'allow all users' OR

- 'allow only specific users'

AND your user is either directly entered in the box OR is member of a group which is directly entered in the box

3. The user connects from a network which is allowed to contact the Portal. (If in doubt, try 'Any' first)

4. The entered password is correct (Be aware of the differences in DE and US keyboard
layout. Mixups happen more often than one would think.)
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 rleibl over 16 years ago in reply to Alex76

but the special characters in the test field work well.

If special characters work in the test settings, they also work in the EUP. Both authentications use the same code.

Please make sure that

1. The EndUserPortal is enabled

2. Access is set to

- 'allow all users' OR

- 'allow only specific users'

AND your user is either directly entered in the box OR is member of a group which is directly entered in the box

3. The user connects from a network which is allowed to contact the Portal. (If in doubt, try 'Any' first)

4. The entered password is correct (Be aware of the differences in DE and US keyboard
layout. Mixups happen more often than one would think.)
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 Alex76 over 16 years ago in reply to rleibl

Dear Robert,

the settings are correct, i think so, you can see i allow any networks, but it doesn't work. on a virtual ip-adress you can not see any interface, there is no page (virtual ip - external) and internal there is no login posible, only from local user, not from AD users.

please see screenshot in the attachment.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Alex76 over 16 years ago in reply to Alex76

problem sill exist on 7.300 final
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel