Security

Reply
Occasional Contributor II

Unusable characters

Hello,

 

Has anybody come across issues related to 'special' characters used in either the username or the password of a ClearPass Guest user? One of my customers is experiencing is the following two issues:

 

1. User successfully self registered with the username “xxxxxxxx.o'boyle@xxxxxxxx.xxx” (Note: the "x"s replace the actual name and domain for privacy reason), however when she came to authenticate using WPA2-Enterprise she was unable to access the wifi and the clearpass message read:
“[Guest User Repository] - localhost: 42601 [unixODBC]ERROR: syntax error at or near 'boyle'; Error while executing the query”. Usernames without the apostrophy (') do not show the issue.
 
2. User successfully registered with a password ending with a “£”, however the user was unable to login with that password. Alert on clearpass is:
“MSCHAP: Authentication failed”.

At first this looks like she has entered her password incorrectly, we tested logging in with her credentials and we were unable – we removed the “£” from the users password and we authenticated successfully.

 

I haven't found anything relevant in the documentation and have already suggested to enable the "Disallowed characters" flag for the password, but since users are allowed to register with those characters on either the username or the password and then their authentication fails, I think there could be an issue here.

 

Thoughts?

 

Best regards,

 

Giuseppe Damiano/

Re: Unusable characters

This was a known issue but was fixed.  What version are you running?  Once I have that, I can tell you definitively.  

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Occasional Contributor II

Re: Unusable characters

Seth,

 

Thanks for your reply. The customer is running ClearPass ver. 6.2

 

Best regards,

 

Giuseppe Damiano

Re: Unusable characters

We are at 6.2.1 as of today.  Would you please attempt that version if you're not running it already?  According to the 6.2 release notes:

 

Domain join operations will fail if the domain password contains special characters such as a space, quotation marks, or a “$” symbol.

 

This was fixed however so if there is something else going on, you would need to open a support case.  

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Occasional Contributor II

Re: Unusable characters

Hi Seth,

 

Thanks for the info. The release notes talk about an error generated when adding CP to a domain when the password contained strange characters.

Here the issue is slightly different: guest users are allowed to create their account when either (or both) Username and Password contain said special characters. The account creation is always successful, however when they try to authenticate, the process fails because of those characters.

 

I will get in touch with Support to open a case.

 

Best regards,

 

Giuseppe Damiano/

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: