Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Unusable characters

This thread has been viewed 1 times

  • 1.  Unusable characters

    Posted Sep 25, 2013 07:04 AM

    Hello,

     

    Has anybody come across issues related to 'special' characters used in either the username or the password of a ClearPass Guest user? One of my customers is experiencing is the following two issues:

     

    1. User successfully self registered with the username “xxxxxxxx.o'boyle@xxxxxxxx.xxx” (Note: the "x"s replace the actual name and domain for privacy reason), however when she came to authenticate using WPA2-Enterprise she was unable to access the wifi and the clearpass message read:
    “[Guest User Repository] - localhost: 42601 [unixODBC]ERROR: syntax error at or near 'boyle'; Error while executing the query”. Usernames without the apostrophy (') do not show the issue.
     
    2. User successfully registered with a password ending with a “£”, however the user was unable to login with that password. Alert on clearpass is:
    “MSCHAP: Authentication failed”.

    At first this looks like she has entered her password incorrectly, we tested logging in with her credentials and we were unable – we removed the “£” from the users password and we authenticated successfully.

     

    I haven't found anything relevant in the documentation and have already suggested to enable the "Disallowed characters" flag for the password, but since users are allowed to register with those characters on either the username or the password and then their authentication fails, I think there could be an issue here.

     

    Thoughts?

     

    Best regards,

     

    Giuseppe Damiano/



  • 2.  RE: Unusable characters

    EMPLOYEE
    Posted Sep 25, 2013 08:34 AM

    This was a known issue but was fixed.  What version are you running?  Once I have that, I can tell you definitively.  



  • 3.  RE: Unusable characters

    Posted Sep 25, 2013 08:41 AM

    Seth,

     

    Thanks for your reply. The customer is running ClearPass ver. 6.2

     

    Best regards,

     

    Giuseppe Damiano



  • 4.  RE: Unusable characters

    EMPLOYEE
    Posted Sep 25, 2013 08:53 AM

    We are at 6.2.1 as of today.  Would you please attempt that version if you're not running it already?  According to the 6.2 release notes:

     

    Domain join operations will fail if the domain password contains special characters such as a space, quotation marks, or a “$” symbol.

     

    This was fixed however so if there is something else going on, you would need to open a support case.  



  • 5.  RE: Unusable characters

    Posted Sep 25, 2013 11:20 AM

    Hi Seth,

     

    Thanks for the info. The release notes talk about an error generated when adding CP to a domain when the password contained strange characters.

    Here the issue is slightly different: guest users are allowed to create their account when either (or both) Username and Password contain said special characters. The account creation is always successful, however when they try to authenticate, the process fails because of those characters.

     

    I will get in touch with Support to open a case.

     

    Best regards,

     

    Giuseppe Damiano/